Sign-up

VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-200907-0096 CVE-2009-2049 Cisco IOS In RFC4893 BGP Service disruption related to routing processing (DoS) Vulnerabilities CVSS V2: 5.4
CVSS V3: -
Severity: MEDIUM
Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1 through 12.2(33)SXI2, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (device reload) by using an RFC4271 peer to send a malformed update, aka Bug ID CSCta33973. Cisco IOS is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCta33973. May trigger memory corruption and crash with \\%\\%Software-forced reload error. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An unspecified error exists in the processing of BGP update messages. constructed from more than 1000 autonomous systems. SOLUTION: Update to a fixed version (please see the vendor advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities Advisory ID: cisco-sa-20090729-bgp http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml Revision: 1.0 ========= For Public Release 2009 July 29 1600 UTC (GMT) Summary ======= Recent versions of Cisco IOS Software support RFC4893 ("BGP Support for Four-octet AS Number Space") and contain two remote denial of service (DoS) vulnerabilities when handling specific Border Gateway Protocol (BGP) updates. These vulnerabilities affect only devices running Cisco IOS Software with support for four-octet AS number space (here after referred to as 4-byte AS number) and BGP routing configured. The first vulnerability could cause an affected device to reload when processing a BGP update that contains autonomous system (AS) path segments made up of more than one thousand autonomous systems. Cisco has released free software updates to address these vulnerabilities. No workarounds are available for the first vulnerability. A workaround is available for the second vulnerability. This advisory is posted at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml Affected Products ================= Vulnerable Products +------------------ These vulnerabilities affect only devices running Cisco IOS and Cisco IOS XE Software (here after both referred to as simply Cisco IOS) with support for RFC4893 and that have been configured for BGP routing. The software table in the section "Software Versions and Fixes" of this advisory indicates all affected Cisco IOS Software versions that have support for RFC4893 and are affected by this vulnerability. A Cisco IOS software version that has support for RFC4893 will allow configuration of AS numbers using 4 Bytes. The following example identifies a Cisco device that has 4 byte AS number support: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router bgp ? <1-65535> Autonomous system number <1.0-XX.YY> 4 Octets Autonomous system number Or: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router bgp ? <1-4294967295> Autonomous system number <1.0-XX.YY> Autonomous system number The following example identifies a Cisco device that has 2 byte AS number support: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router bgp ? <1-65535> Autonomous system number A router that is running the BGP process will contain a line in the configuration that defines the autonomous system number (AS number), which can be seen by issuing the command line interface (CLI) command "show running-config". The canonical textual representation of four byte AS Numbers is standardized by the IETF through RFC5396 (Textual Representation of Autonomous System (AS) Numbers). Two major ways for textual representation have been defined as ASDOT and ASPLAIN. Cisco IOS routers support both textual representations of AS numbers. For further information about textual representation of four byte AS numbers in Cisco IOS Software consult the document "Explaining 4-Byte Autonomous System (AS) ASPLAIN and ASDOT Notation for Cisco IOS" at the following link: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/white_paper_c11_516829.html Cisco IOS Software with support for RFC4893 is affected by both vulnerabilities if BGP routing is configured using either ASPLAIN or ASDOT notation. The following example identifies a Cisco device that is configured for BGP using ASPLAIN notation: router bgp 65536 The following example identifies a Cisco device that is configured for BGP using ASDOT notation: router bgp 1.0 To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih !--- output truncated The following example identifies a Cisco product that is running Cisco IOS Software Release 12.4(20)T with an installed image name of C1841-ADVENTERPRISEK9-M: Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/warp/public/620/1.html Products Confirmed Not Vulnerable +-------------------------------- The following Cisco products are confirmed not vulnerable: * Cisco IOS Software not explicitly mentioned in this Advisory * Cisco IOS XR Software * Cisco IOS NX-OS No other Cisco products are currently known to be affected by this vulnerability. Details ======= RFC4271 has defined an AS number as a two-octet entity in BGP. RFC4893 has defined an AS number as a four-octet entity in BGP. The first vulnerability could cause an affected device to reload when processing a BGP update that contains AS path segments made up of more than one thousand autonomous systems. If an affected 4-byte AS number BGP speaker receives a BGP update from a 2-byte AS number BGP speaker that contains AS path segments made up of more than one thousand autonomous systems, the device may crash with memory corruption, and the error "%%Software-forced reload" will be displayed. The following three conditions are required for successful exploitation of this vulnerability: * Affected Cisco IOS Software device is a 4-byte AS number BGP speaker * BGP peering neighbor is a 2-byte AS number BGP speaker * BGP peering neighbor is capable of sending a BGP update with a series of greater than one thousand AS numbers Note: Note: Cisco IOS, Cisco IOS XE, Cisco NX-OS and Cisco IOS XR Software, as a 2 byte AS number BGP speaker send BGP updates with a maximum of 255 AS numbers. The following three conditions are required for successful exploitation of this vulnerability: * Affected Cisco IOS Software device is a 4-byte AS number BGP speaker * BGP peering neighbor is a 2-byte AS number BGP speaker * BGP peering neighbor is capable of sending a non-RFC compliant crafted BGP update message This vulnerability is documented in Cisco Bug ID CSCta33973 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2009-2049. Further information regarding Cisco support for 4-byte AS number is available in "Cisco IOS BGP 4-Byte ASN Support" at the following link: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/data_sheet_C78-521821.html Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCsy86021: Cisco IOS Software BGP Long AS-path Vulnerability CVSS Base Score - 7.1 Access Vector Network Access Complexity Medium Authentication None Confidentiality Impact None Availability Impact Complete CVSS Temporal Score - 6.7 Exploitability Functional Remediation Level Official-Fix Report Confidence Confirmed CSCta33973: Cisco IOS Software Crafted BGP Update Message Vulnerability CVSS Base Score - 5.4 Access Vector Network Access Complexity High Authentication None Confidentiality Impact None Availability Impact Complete CVSS Temporal Score - 4.5 Exploitability Functional Remediation Level Official-Fix Report Confidence Confirmed Impact ====== Successful exploitation of the vulnerabilities described in this document may result in a reload of the device. The issue could result in repeated exploitation to cause an extended DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Each row of the Cisco IOS software table (below) names a Cisco IOS release train. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |----------+--------------------------------------------------------| | Affected | |Recommended | |12.0-Based| First Fixed Release | Release | | Releases | | | |----------+-------------------------------------------+------------| |12.0 |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0DA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0DB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0DC |Not Vulnerable | | |----------+-------------------------------------------+------------| | |Releases up to and including 12.0(32)S11 | | | |are not vulnerable; first fixed in | | |12.0S |12.0(32)S14; | | | | | | | |Releases up to and including 12.0(33)S2 are| | | |not vulnerable; first fixed in 12.0(33)S5 | | |----------+-------------------------------------------+------------| |12.0SC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0ST |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SY |Releases up to and including 12.0(32)SY7 |12.0(32)SY10| | |are not vulnerable; first fixed in | | | |12.0(32)SY9a. | | |----------+-------------------------------------------+------------| |12.0SZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0T |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0W |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0WC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0WT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0WX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XI |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XS |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XW |Not Vulnerable | | |----------+-------------------------------------------+------------| | Affected | |Recommended | |12.1-Based| First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.1 based releases | |-------------------------------------------------------------------| | Affected | |Recommended | |12.2-Based| First Fixed Release | Release | | Releases | | | |----------+-------------------------------------------+------------| |12.2 |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2B |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2CX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2CY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2CZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2DA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2DD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2DX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EWA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2FX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2FY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2FZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IRA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IRB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IRC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2JA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2JK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2MB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2MC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2S |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SBC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SCA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SCB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SED |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SGA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SO |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2STE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXH |Not Vulnerable | | |----------+-------------------------------------------+------------| | |Releases up to and including 12.2(33)SXI | | |12.2SXI |are not vulnerable; CSCsy86021 first fixed | | | |in 12.2(33)SXI2; CSCta33973 first fixed in | | | |12.2(33)SXI3 | | |----------+-------------------------------------------+------------| |12.2SY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2T |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2TPC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XI |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XNA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XNB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XNC |12.2(33)XNC2 | | |----------+-------------------------------------------+------------| |12.2XND |12.2(33)XND1; available 25th August 2009 | | |----------+-------------------------------------------+------------| |12.2XO |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XS |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YO |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YS |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZYA |Not Vulnerable | | |----------+-------------------------------------------+------------| | Affected | |Recommended | |12.3-Based| First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.3 based releases | |-------------------------------------------------------------------| | Affected | |Recommended | |12.4-Based| First Fixed Release | Release | | Releases | | | |----------+-------------------------------------------+------------| |12.4 |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JDA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JDC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JDD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JMA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JMB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4MD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4MDA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4MR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4SW |Not Vulnerable | | |----------+-------------------------------------------+------------| | |Releases up to 12.4(24)T are not | | |12.4T |vulnerable; first fixed in 12.4(24)T2 | | | |available on 23-Oct-2009 | | |----------+-------------------------------------------+------------| |12.4XA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4YA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4YB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4YD |Not Vulnerable | | +-------------------------------------------------------------------+ Cisco IOS XE Release Table +------------------------- +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |----------+--------------------------------------------------------| | Affected | | | 2.1 | There are no affected 2.1 based releases | | Releases | | |----------+--------------------------------------------------------| | Affected | | | 2.2 | There are no affected 2.2 based releases | | Releases | | |----------+--------------------------------------------------------| | Affected | Releases up to and including 2.3.1t are vulnerable; | | 2.3 | First fixed in 2.3.2 | | Releases | | |----------+--------------------------------------------------------+ | Affected | Releases up to and including 2.4.0 are vulnerable; | | 2.4 | First fixed in 2.4.1, available 25th August 2009 | | Releases | | +----------+--------------------------------------------------------+ Workarounds =========== For the first vulnerability, there are no workarounds on the affected device. Neighbors could be configured to discard routes that have more than one thousand AS numbers in the AS-path segments. This configuration will help prevent the further propagation of BGP updates with the AS path segments made up of greater than one thousand AS numbers. Note: Configuring "bgp maxas-limit [value]" on the affected device does not mitigate this vulnerability. For the second vulnerability, configuring "bgp maxas-limit [value]" on the affected device does mitigate this vulnerability. Cisco is recommends using a conservative value of 100 to mitigate this vulnerability. Consult the document "Protecting Border Gateway Protocol for the Enterprise" at the following link for additional best practices on protecting BGP infrastructures: http://www.cisco.com/web/about/security/intelligence/protecting_bgp.html Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of malicious exploitation of either of these vulnerabilities, although we are aware of some customers who have seen the first vulnerability triggered within their infrastructures. Further investigation of those incidents seems to indicate that the vulnerability has been accidentally triggered. These vulnerabilities were discovered via internal product testing. Status of this Notice: FINAL ============================ This information is Cisco Highly Confidential - Do not redistribute. THIS IS A DRAFT VERSION OF A SECURITY NOTICE THAT CONTAINS UNRELEASED INFORMATION ABOUT CISCO PRODUCTS. DISTRIBUTION WITHIN CISCO IS LIMITED TO PERSONNEL WITH A NEED TO KNOW. THIS DRAFT MAY CONTAIN ERRORS OR OMIT IMPORTANT INFORMATION. THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +-------------------------------------------------------------------+ | Revision 1.0 | 2009-July-29 1600 | Initial public release | +-------------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFKcGNc86n/Gc8U/uARAks6AKCCWLTakna/WbNzMuIbeGPJGJHnbQCfbYEi I6XwyRZTnktw7RSnT6Y/N1E= =KmUm -----END PGP SIGNATURE-----
VAR-200907-0059 CVE-2009-1165 Cisco Wireless LAN Controller Memory leak vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Memory leak on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0, 5.1 before 5.1.163.0, and 5.0 and 5.2 before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (memory consumption and device reload) via SSH management connections, aka Bug ID CSCsw40789. plural Cisco Used in products Cisco Wireless LAN Controller Contains a memory leak vulnerability. The problem is Bug ID : CSCsw40789 It is a problem.By a third party SSH Service disruption via management connection (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to trigger an affected device to crash and reload, denying service to legitimate users. This issue is being tracked by Cisco BugID CSCsw40789. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers Advisory ID: cisco-sa-20090727-wlc http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml Revision 1.0 For Public Release 2009 July 27 1600 UTC (GMT) - --------------------------------------------------------------------- Summary Multiple vulnerabilities exist in the Cisco Wireless LAN Controller (WLC) platforms. This security advisory outlines the details of the following vulnerabilities: * Malformed HTTP or HTTPS authentication response denial of service vulnerability * SSH connections denial of service vulnerability * Crafted HTTP or HTTPS request denial of service vulnerability * Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability Cisco has released free software updates that address these vulnerabilities. * The SSH connections denial of service vulnerability affects software versions 4.1 and later. * The crafted HTTP or HTTPS request denial of service vulnerability affects software versions 4.1 and later. * The crafted HTTP or HTTPS request unauthorized configuration modification vulnerability affects software versions 4.1 and later. Determination of Software Versions +--------------------------------- To determine the WLC version that is running in a given environment, use one of the following methods: * In the web interface, choose the Monitor tab, click Summary in the left pane, and note the Software Version field. Note: Customers who use a WLC Module in an Integrated Services Router (ISR) will need to issue the service-module wlan-controller 1/0 session command prior to performing the next step on the command line. Customers who use a Cisco Catalyst 3750G Switch with an integrated WLC Module will need to issue the session <Stack-Member-Number> processor 1 session command prior to performing the next step on the command line. * From the command-line interface, type show sysinfo and note the Product Version field, as shown in the following example: (Cisco Controller) >show sysinfo Manufacturer's Name.. Cisco Systems Inc. Product Name......... Cisco Controller Product Version...... 5.1.151.0 RTOS Version......... Linux-2.6.10_mvl401 Bootloader Version... 4.0.207.0 Build Type........... DATA + WPS <output suppressed> Use the show wism module <module number> controller 1 status command on a Cisco Catalyst 6500 Series/7600 Series Switch if you are using a WiSM. Note the software version as demonstrated in the following example, which shows version 5.1.151.0. Router#show wism module 3 controller 1 status WiSM Controller 1 in Slot 3 Operational Status of the Controller : Oper-Up Service VLAN : 192 Service Port : 10 Service Port Mac Address : 0011.92ff.8742 Service IP Address : 192.168.10.1 Management IP Address : 192.168.1.123 Software Version : 5.1.151.0 Port Channel Number : 288 Allowed vlan list : 30,40 Native VLAN ID : 40 WCP Keep Alive Missed : 0 Products Confirmed Not Vulnerable +-------------------------------- The Cisco Wireless Controller 5500 Series is not affected by these vulnerabilities. Details ======= Cisco Wireless LAN Controllers (WLCs) are responsible for system-wide wireless LAN functions, such as security policies, intrusion prevention, RF management, quality of service (QoS), and mobility. These devices communicate with controller-based access points over any Layer 2 (Ethernet) or Layer 3 (IP) infrastructure using the Lightweight Access Point Protocol (LWAPP). This security advisory describes multiple distinct vulnerabilities in the WLC family of devices. * Malformed HTTP or HTTPS authentication response denial of service vulnerability An attacker with access to the administrative web interface via HTTP or HTTPS may cause the device to reload by providing a malformed response to an authentication request. Note: The vulnerability can be exploited only via the administrative web-based interface; Web Authentication features are not affected. This vulnerability is documented in Cisco Bug ID CSCsx03715 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2009-1164. * SSH connections denial of service vulnerability Affected devices may be susceptible to a memory leak when they handle SSH management connections. Note: A three-way handshake is not required to exploit this vulnerability. This vulnerability is documented in Cisco Bug ID CSCsw40789 and has been assigned CVE ID CVE-2009-1165. Note: The vulnerability can be exploited only via the administrative web-based interface; Web Authentication features are not affected. This vulnerability is documented in Cisco Bug ID CSCsy27708 and has been assigned CVE ID CVE-2009-1166. * Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability An unauthorized configuration modification vulnerability exists in all software versions prior to the first fixed release. A remote, unauthenticated attacker who can submit HTTP or HTTPS requests to the WLC directly could gain full control of the affected device. Note: The vulnerability can be exploited only by submitting such a request to an IP address that is bound to an administrative interface or VLAN. The vulnerability is documented by Cisco Bug ID CSCsy44672 and has been assigned CVE ID CVE-2009-1167. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCsx03715 - Malformed HTTP or HTTPS authentication response denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsw40789 - SSH connections denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsy27708 - Crafted HTTP or HTTPS request denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsy44672 - Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability +----------------------------------------------------- CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ===== Successful exploitation of the denial of service (DoS) vulnerabilities may cause the affected device to reload. Repeated exploitation could result in a sustained DoS condition. An unauthenticated, remote attacker may be able to use the unauthorized configuration modification vulnerability to gain full control over the Wireless LAN Controller if the attacker is able to submit a crafted request directly to an administrative interface of the affected device. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.comw/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. +------------------------------------------------------+ | Vulnerability/ | Affected | First | Recommended | | Bug ID | Release | Fixed | Release | | | | Version | | |----------------+----------+------------+-------------| | | 4.1 | Not | Not | | | | Vulnerable | Vulnerable | | |----------+------------+-------------| | | 4.1M | Not | Not | | | | Vulnerable | Vulnerable | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | Malformed HTTP | 4.2M | Not | Not | | or HTTPS | | Vulnerable | Vulnerable | |authentication |----------+------------+-------------| | response | | Migrate to | 5.2.193.0 | | denial of | 5.0 | 5.2 or 6.0 | or | | service | | | 6.0.182.0 | |vulnerability |----------+------------+-------------| | (CSCsx03715) | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.178.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | SSH | 4.2M | Not | Not | | connections | | Vulnerable | Vulnerable | |denial of |----------+------------+-------------| | service | | Migrate to | 5.2.193.0 | | vulnerability | 5.0 | 5.2 or 6.0 | or | | (CSCsw40789) | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.1 | 5.1.163.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.178.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1 M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | Crafted HTTP | 4.2M | Not | Not | | request may | | Vulnerable | Vulnerable | |cause the WLC |----------+------------+-------------| | to crash | | Migrate to | 5.2.193.0 | | (CSCsy27708) | 5.0 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.191.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | Crafted HTTP | 4.2 | 4.2.205.0 | 4.2.207.0 | |or HTTPS |----------+------------+-------------| | request | 4.2M | Not | Not | | unauthorized | | Vulnerable | Vulnerable | |configuration |----------+------------+-------------| | modification | 5.0 | Migrate to | 5.2.193.0, | | vulnerability | | 5.2 or 6.0 | 6.0.182.0 | |(CSCsy44672) |----------+------------+-------------| | | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.191.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | +------------------------------------------------------+ Workarounds =========== The SSH connections denial of service vulnerability identified by Cisco Bug ID CSCsw40789 may be remediated by disabling SSH on the affected device. This workaround requires subsequent management of the device to be performed using the HTTP/HTTPS web management interface or the serial console of the device. Additional mitigations that can be deployed on Cisco devices in the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20090727-wlc.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts ================================ Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory at the time of release. The DoS vulnerability documented by CSCsw40789 was discovered during the resolution of customer support cases. The unauthorized configuration modification vulnerability documented by CSCsy44672 was found during internal testing. The DoS vulnerability documented by CSCsx03715 was discovered by Christoph Bott of SySS GmbH. The DoS vulnerability documented by CSCsy27708 was discovered by IBM Research. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-July-27 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFKbdU786n/Gc8U/uARAkG6AKCKI8yrbakylICPezA8Up2E1t372QCePJmj RTTknUlr0VuKxVZLT0f8+gQ= =x8Ly -----END PGP SIGNATURE-----
VAR-200907-0061 CVE-2009-1167 Cisco Wireless LAN Controller Vulnerabilities whose settings are changed CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Unspecified vulnerability on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to modify the configuration via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCsy44672. plural Cisco Used in products Cisco Wireless LAN Controller (WLC) Contains a vulnerability that can be changed. The problem is Bug ID : CSCsy44672 It is a problem.Skillfully crafted by a third party HTTP Or HTTPS Settings may be changed via request. Successful exploits may allow attackers to modify configuration settings, which may compromise the affected device or aid in further attacks. This issue is being tracked by Cisco Bug ID CSCsy44672. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers Advisory ID: cisco-sa-20090727-wlc http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml Revision 1.0 For Public Release 2009 July 27 1600 UTC (GMT) - --------------------------------------------------------------------- Summary Multiple vulnerabilities exist in the Cisco Wireless LAN Controller (WLC) platforms. This security advisory outlines the details of the following vulnerabilities: * Malformed HTTP or HTTPS authentication response denial of service vulnerability * SSH connections denial of service vulnerability * Crafted HTTP or HTTPS request denial of service vulnerability * Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability Cisco has released free software updates that address these vulnerabilities. * The SSH connections denial of service vulnerability affects software versions 4.1 and later. Determination of Software Versions +--------------------------------- To determine the WLC version that is running in a given environment, use one of the following methods: * In the web interface, choose the Monitor tab, click Summary in the left pane, and note the Software Version field. Note: Customers who use a WLC Module in an Integrated Services Router (ISR) will need to issue the service-module wlan-controller 1/0 session command prior to performing the next step on the command line. Customers who use a Cisco Catalyst 3750G Switch with an integrated WLC Module will need to issue the session <Stack-Member-Number> processor 1 session command prior to performing the next step on the command line. * From the command-line interface, type show sysinfo and note the Product Version field, as shown in the following example: (Cisco Controller) >show sysinfo Manufacturer's Name.. Cisco Systems Inc. Product Name......... 5.1.151.0 RTOS Version......... Linux-2.6.10_mvl401 Bootloader Version... 4.0.207.0 Build Type........... DATA + WPS <output suppressed> Use the show wism module <module number> controller 1 status command on a Cisco Catalyst 6500 Series/7600 Series Switch if you are using a WiSM. Note the software version as demonstrated in the following example, which shows version 5.1.151.0. Router#show wism module 3 controller 1 status WiSM Controller 1 in Slot 3 Operational Status of the Controller : Oper-Up Service VLAN : 192 Service Port : 10 Service Port Mac Address : 0011.92ff.8742 Service IP Address : 192.168.10.1 Management IP Address : 192.168.1.123 Software Version : 5.1.151.0 Port Channel Number : 288 Allowed vlan list : 30,40 Native VLAN ID : 40 WCP Keep Alive Missed : 0 Products Confirmed Not Vulnerable +-------------------------------- The Cisco Wireless Controller 5500 Series is not affected by these vulnerabilities. Details ======= Cisco Wireless LAN Controllers (WLCs) are responsible for system-wide wireless LAN functions, such as security policies, intrusion prevention, RF management, quality of service (QoS), and mobility. These devices communicate with controller-based access points over any Layer 2 (Ethernet) or Layer 3 (IP) infrastructure using the Lightweight Access Point Protocol (LWAPP). This security advisory describes multiple distinct vulnerabilities in the WLC family of devices. * Malformed HTTP or HTTPS authentication response denial of service vulnerability An attacker with access to the administrative web interface via HTTP or HTTPS may cause the device to reload by providing a malformed response to an authentication request. Note: The vulnerability can be exploited only via the administrative web-based interface; Web Authentication features are not affected. * SSH connections denial of service vulnerability Affected devices may be susceptible to a memory leak when they handle SSH management connections. An attacker could use this behavior to cause an affected device to crash and reload. Note: A three-way handshake is not required to exploit this vulnerability. Note: The vulnerability can be exploited only via the administrative web-based interface; Web Authentication features are not affected. * Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability An unauthorized configuration modification vulnerability exists in all software versions prior to the first fixed release. A remote, unauthenticated attacker who can submit HTTP or HTTPS requests to the WLC directly could gain full control of the affected device. Note: The vulnerability can be exploited only by submitting such a request to an IP address that is bound to an administrative interface or VLAN. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCsx03715 - Malformed HTTP or HTTPS authentication response denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsw40789 - SSH connections denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsy27708 - Crafted HTTP or HTTPS request denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsy44672 - Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability +----------------------------------------------------- CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ===== Successful exploitation of the denial of service (DoS) vulnerabilities may cause the affected device to reload. Repeated exploitation could result in a sustained DoS condition. An unauthenticated, remote attacker may be able to use the unauthorized configuration modification vulnerability to gain full control over the Wireless LAN Controller if the attacker is able to submit a crafted request directly to an administrative interface of the affected device. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.comw/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. +------------------------------------------------------+ | Vulnerability/ | Affected | First | Recommended | | Bug ID | Release | Fixed | Release | | | | Version | | |----------------+----------+------------+-------------| | | 4.1 | Not | Not | | | | Vulnerable | Vulnerable | | |----------+------------+-------------| | | 4.1M | Not | Not | | | | Vulnerable | Vulnerable | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | Malformed HTTP | 4.2M | Not | Not | | or HTTPS | | Vulnerable | Vulnerable | |authentication |----------+------------+-------------| | response | | Migrate to | 5.2.193.0 | | denial of | 5.0 | 5.2 or 6.0 | or | | service | | | 6.0.182.0 | |vulnerability |----------+------------+-------------| | (CSCsx03715) | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.178.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | SSH | 4.2M | Not | Not | | connections | | Vulnerable | Vulnerable | |denial of |----------+------------+-------------| | service | | Migrate to | 5.2.193.0 | | vulnerability | 5.0 | 5.2 or 6.0 | or | | (CSCsw40789) | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.1 | 5.1.163.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.178.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1 M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | Crafted HTTP | 4.2M | Not | Not | | request may | | Vulnerable | Vulnerable | |cause the WLC |----------+------------+-------------| | to crash | | Migrate to | 5.2.193.0 | | (CSCsy27708) | 5.0 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.191.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | Crafted HTTP | 4.2 | 4.2.205.0 | 4.2.207.0 | |or HTTPS |----------+------------+-------------| | request | 4.2M | Not | Not | | unauthorized | | Vulnerable | Vulnerable | |configuration |----------+------------+-------------| | modification | 5.0 | Migrate to | 5.2.193.0, | | vulnerability | | 5.2 or 6.0 | 6.0.182.0 | |(CSCsy44672) |----------+------------+-------------| | | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.191.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | +------------------------------------------------------+ Workarounds =========== The SSH connections denial of service vulnerability identified by Cisco Bug ID CSCsw40789 may be remediated by disabling SSH on the affected device. This workaround requires subsequent management of the device to be performed using the HTTP/HTTPS web management interface or the serial console of the device. Additional mitigations that can be deployed on Cisco devices in the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20090727-wlc.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts ================================ Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory at the time of release. The DoS vulnerability documented by CSCsw40789 was discovered during the resolution of customer support cases. The unauthorized configuration modification vulnerability documented by CSCsy44672 was found during internal testing. The DoS vulnerability documented by CSCsx03715 was discovered by Christoph Bott of SySS GmbH. The DoS vulnerability documented by CSCsy27708 was discovered by IBM Research. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-July-27 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt \xa9 2008 - 2009 Cisco Systems, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFKbdU786n/Gc8U/uARAkG6AKCKI8yrbakylICPezA8Up2E1t372QCePJmj RTTknUlr0VuKxVZLT0f8+gQ= =x8Ly -----END PGP SIGNATURE-----
VAR-200907-0060 CVE-2009-1166 Cisco Wireless LAN Controller For managing Web Service disruption at the interface (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (device reload) via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCsy27708. plural Cisco Used in products Cisco Wireless LAN Controller (WLC) For managing Web Interface has a service disruption (DoS) There is a vulnerability that becomes a condition. The problem is Bug ID : CSCsy27708 It is a problem.Skillfully crafted by a third party HTTP Or HTTPS Service disruption via request (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to trigger an affected device to crash and reload, causing denial-of-service conditions. This issue is documented by Cisco Bug ID CSCsy27708. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers Advisory ID: cisco-sa-20090727-wlc http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml Revision 1.0 For Public Release 2009 July 27 1600 UTC (GMT) - --------------------------------------------------------------------- Summary Multiple vulnerabilities exist in the Cisco Wireless LAN Controller (WLC) platforms. * The SSH connections denial of service vulnerability affects software versions 4.1 and later. Determination of Software Versions +--------------------------------- To determine the WLC version that is running in a given environment, use one of the following methods: * In the web interface, choose the Monitor tab, click Summary in the left pane, and note the Software Version field. Note: Customers who use a WLC Module in an Integrated Services Router (ISR) will need to issue the service-module wlan-controller 1/0 session command prior to performing the next step on the command line. Customers who use a Cisco Catalyst 3750G Switch with an integrated WLC Module will need to issue the session <Stack-Member-Number> processor 1 session command prior to performing the next step on the command line. * From the command-line interface, type show sysinfo and note the Product Version field, as shown in the following example: (Cisco Controller) >show sysinfo Manufacturer's Name.. Cisco Systems Inc. Product Name......... Cisco Controller Product Version...... 5.1.151.0 RTOS Version......... Linux-2.6.10_mvl401 Bootloader Version... 4.0.207.0 Build Type........... DATA + WPS <output suppressed> Use the show wism module <module number> controller 1 status command on a Cisco Catalyst 6500 Series/7600 Series Switch if you are using a WiSM. Note the software version as demonstrated in the following example, which shows version 5.1.151.0. Router#show wism module 3 controller 1 status WiSM Controller 1 in Slot 3 Operational Status of the Controller : Oper-Up Service VLAN : 192 Service Port : 10 Service Port Mac Address : 0011.92ff.8742 Service IP Address : 192.168.10.1 Management IP Address : 192.168.1.123 Software Version : 5.1.151.0 Port Channel Number : 288 Allowed vlan list : 30,40 Native VLAN ID : 40 WCP Keep Alive Missed : 0 Products Confirmed Not Vulnerable +-------------------------------- The Cisco Wireless Controller 5500 Series is not affected by these vulnerabilities. Details ======= Cisco Wireless LAN Controllers (WLCs) are responsible for system-wide wireless LAN functions, such as security policies, intrusion prevention, RF management, quality of service (QoS), and mobility. These devices communicate with controller-based access points over any Layer 2 (Ethernet) or Layer 3 (IP) infrastructure using the Lightweight Access Point Protocol (LWAPP). This security advisory describes multiple distinct vulnerabilities in the WLC family of devices. * Malformed HTTP or HTTPS authentication response denial of service vulnerability An attacker with access to the administrative web interface via HTTP or HTTPS may cause the device to reload by providing a malformed response to an authentication request. Note: The vulnerability can be exploited only via the administrative web-based interface; Web Authentication features are not affected. * SSH connections denial of service vulnerability Affected devices may be susceptible to a memory leak when they handle SSH management connections. Note: A three-way handshake is not required to exploit this vulnerability. Note: The vulnerability can be exploited only via the administrative web-based interface; Web Authentication features are not affected. * Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability An unauthorized configuration modification vulnerability exists in all software versions prior to the first fixed release. A remote, unauthenticated attacker who can submit HTTP or HTTPS requests to the WLC directly could gain full control of the affected device. Note: The vulnerability can be exploited only by submitting such a request to an IP address that is bound to an administrative interface or VLAN. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCsx03715 - Malformed HTTP or HTTPS authentication response denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsw40789 - SSH connections denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsy27708 - Crafted HTTP or HTTPS request denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsy44672 - Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability +----------------------------------------------------- CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ===== Successful exploitation of the denial of service (DoS) vulnerabilities may cause the affected device to reload. Repeated exploitation could result in a sustained DoS condition. An unauthenticated, remote attacker may be able to use the unauthorized configuration modification vulnerability to gain full control over the Wireless LAN Controller if the attacker is able to submit a crafted request directly to an administrative interface of the affected device. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.comw/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. +------------------------------------------------------+ | Vulnerability/ | Affected | First | Recommended | | Bug ID | Release | Fixed | Release | | | | Version | | |----------------+----------+------------+-------------| | | 4.1 | Not | Not | | | | Vulnerable | Vulnerable | | |----------+------------+-------------| | | 4.1M | Not | Not | | | | Vulnerable | Vulnerable | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | Malformed HTTP | 4.2M | Not | Not | | or HTTPS | | Vulnerable | Vulnerable | |authentication |----------+------------+-------------| | response | | Migrate to | 5.2.193.0 | | denial of | 5.0 | 5.2 or 6.0 | or | | service | | | 6.0.182.0 | |vulnerability |----------+------------+-------------| | (CSCsx03715) | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.178.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | SSH | 4.2M | Not | Not | | connections | | Vulnerable | Vulnerable | |denial of |----------+------------+-------------| | service | | Migrate to | 5.2.193.0 | | vulnerability | 5.0 | 5.2 or 6.0 | or | | (CSCsw40789) | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.1 | 5.1.163.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.178.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1 M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | Crafted HTTP | 4.2M | Not | Not | | request may | | Vulnerable | Vulnerable | |cause the WLC |----------+------------+-------------| | to crash | | Migrate to | 5.2.193.0 | | (CSCsy27708) | 5.0 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.191.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | Crafted HTTP | 4.2 | 4.2.205.0 | 4.2.207.0 | |or HTTPS |----------+------------+-------------| | request | 4.2M | Not | Not | | unauthorized | | Vulnerable | Vulnerable | |configuration |----------+------------+-------------| | modification | 5.0 | Migrate to | 5.2.193.0, | | vulnerability | | 5.2 or 6.0 | 6.0.182.0 | |(CSCsy44672) |----------+------------+-------------| | | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.191.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | +------------------------------------------------------+ Workarounds =========== The SSH connections denial of service vulnerability identified by Cisco Bug ID CSCsw40789 may be remediated by disabling SSH on the affected device. This workaround requires subsequent management of the device to be performed using the HTTP/HTTPS web management interface or the serial console of the device. Additional mitigations that can be deployed on Cisco devices in the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20090727-wlc.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts ================================ Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory at the time of release. The DoS vulnerability documented by CSCsw40789 was discovered during the resolution of customer support cases. The unauthorized configuration modification vulnerability documented by CSCsy44672 was found during internal testing. The DoS vulnerability documented by CSCsx03715 was discovered by Christoph Bott of SySS GmbH. The DoS vulnerability documented by CSCsy27708 was discovered by IBM Research. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-July-27 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt \xa9 2008 - 2009 Cisco Systems, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFKbdU786n/Gc8U/uARAkG6AKCKI8yrbakylICPezA8Up2E1t372QCePJmj RTTknUlr0VuKxVZLT0f8+gQ= =x8Ly -----END PGP SIGNATURE-----
VAR-200908-0426 CVE-2009-2093 IBM WPG Enterprise In the console SQL Injection vulnerability CVSS V2: 6.5
CVSS V3: -
Severity: MEDIUM
SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The issue affects the following: WebSphere Partner Gateway 6.0 Enterprise WebSphere Partner Gateway 6.1.0 Enterprise WebSphere Partner Gateway 6.1.1 Enterprise WebSphere Partner Gateway 6.2 Enterprise. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. WebSphere Partner Gateway 6.0: Apply the latest Fix Pack (WPG 6.0 FP8 or later) or APAR JR32608. WebSphere Partner Gateway 6.1: Apply the latest Fix Pack (WPG 6.1 FP3, WPG 6.1.1 FP2 or later), or APAR JR32609 or APAR JR32386. WebSphere Partner Gateway 6.2: Apply the latest Fix Pack (WPG 6.2 FP1 or later) or APAR JR32607 (JR33176). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM: http://www-01.ibm.com/support/docview.wss?uid=swg21382117 IBM ISS X-Force: http://xforce.iss.net/xforce/xfdb/52393 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200907-0058 CVE-2009-1164 Cisco Wireless LAN Controller For managing Web Service disruption at the interface (DoS) Vulnerabilities

Related entries in the VARIoT exploits database: VAR-E-200907-1149		 CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.2 before 4.2.205.0 and 5.x before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (device reload) via a malformed response to a (1) HTTP or (2) HTTPS authentication request, aka Bug ID CSCsx03715. plural Cisco Used in products Cisco Wireless LAN Controller (WLC) For managing Web Interface has a service disruption (DoS) There is a vulnerability that becomes a condition. The problem is Bug ID : CSCsx03715 It is a problem.By a third party HTTP Or HTTPS Service disruption through malformed responses to authentication requests (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to trigger an affected device to reboot, causing denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers Advisory ID: cisco-sa-20090727-wlc http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml Revision 1.0 For Public Release 2009 July 27 1600 UTC (GMT) - --------------------------------------------------------------------- Summary Multiple vulnerabilities exist in the Cisco Wireless LAN Controller (WLC) platforms. This security advisory outlines the details of the following vulnerabilities: * Malformed HTTP or HTTPS authentication response denial of service vulnerability * SSH connections denial of service vulnerability * Crafted HTTP or HTTPS request denial of service vulnerability * Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability Cisco has released free software updates that address these vulnerabilities. * The SSH connections denial of service vulnerability affects software versions 4.1 and later. * The crafted HTTP or HTTPS request denial of service vulnerability affects software versions 4.1 and later. * The crafted HTTP or HTTPS request unauthorized configuration modification vulnerability affects software versions 4.1 and later. Determination of Software Versions +--------------------------------- To determine the WLC version that is running in a given environment, use one of the following methods: * In the web interface, choose the Monitor tab, click Summary in the left pane, and note the Software Version field. Note: Customers who use a WLC Module in an Integrated Services Router (ISR) will need to issue the service-module wlan-controller 1/0 session command prior to performing the next step on the command line. Customers who use a Cisco Catalyst 3750G Switch with an integrated WLC Module will need to issue the session <Stack-Member-Number> processor 1 session command prior to performing the next step on the command line. * From the command-line interface, type show sysinfo and note the Product Version field, as shown in the following example: (Cisco Controller) >show sysinfo Manufacturer's Name.. Cisco Systems Inc. Product Name......... Cisco Controller Product Version...... 5.1.151.0 RTOS Version......... Linux-2.6.10_mvl401 Bootloader Version... 4.0.207.0 Build Type........... DATA + WPS <output suppressed> Use the show wism module <module number> controller 1 status command on a Cisco Catalyst 6500 Series/7600 Series Switch if you are using a WiSM. Note the software version as demonstrated in the following example, which shows version 5.1.151.0. Router#show wism module 3 controller 1 status WiSM Controller 1 in Slot 3 Operational Status of the Controller : Oper-Up Service VLAN : 192 Service Port : 10 Service Port Mac Address : 0011.92ff.8742 Service IP Address : 192.168.10.1 Management IP Address : 192.168.1.123 Software Version : 5.1.151.0 Port Channel Number : 288 Allowed vlan list : 30,40 Native VLAN ID : 40 WCP Keep Alive Missed : 0 Products Confirmed Not Vulnerable +-------------------------------- The Cisco Wireless Controller 5500 Series is not affected by these vulnerabilities. Details ======= Cisco Wireless LAN Controllers (WLCs) are responsible for system-wide wireless LAN functions, such as security policies, intrusion prevention, RF management, quality of service (QoS), and mobility. These devices communicate with controller-based access points over any Layer 2 (Ethernet) or Layer 3 (IP) infrastructure using the Lightweight Access Point Protocol (LWAPP). This security advisory describes multiple distinct vulnerabilities in the WLC family of devices. Note: The vulnerability can be exploited only via the administrative web-based interface; Web Authentication features are not affected. This vulnerability is documented in Cisco Bug ID CSCsx03715 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2009-1164. * SSH connections denial of service vulnerability Affected devices may be susceptible to a memory leak when they handle SSH management connections. Note: A three-way handshake is not required to exploit this vulnerability. This vulnerability is documented in Cisco Bug ID CSCsw40789 and has been assigned CVE ID CVE-2009-1165. * Crafted HTTP or HTTPS request denial of service vulnerability An attacker with the ability to send a malicious HTTP request to an affected WLC could cause the device to crash and reload. Note: The vulnerability can be exploited only via the administrative web-based interface; Web Authentication features are not affected. This vulnerability is documented in Cisco Bug ID CSCsy27708 and has been assigned CVE ID CVE-2009-1166. * Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability An unauthorized configuration modification vulnerability exists in all software versions prior to the first fixed release. A remote, unauthenticated attacker who can submit HTTP or HTTPS requests to the WLC directly could gain full control of the affected device. Note: The vulnerability can be exploited only by submitting such a request to an IP address that is bound to an administrative interface or VLAN. The vulnerability is documented by Cisco Bug ID CSCsy44672 and has been assigned CVE ID CVE-2009-1167. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCsx03715 - Malformed HTTP or HTTPS authentication response denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsw40789 - SSH connections denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsy27708 - Crafted HTTP or HTTPS request denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsy44672 - Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability +----------------------------------------------------- CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ===== Successful exploitation of the denial of service (DoS) vulnerabilities may cause the affected device to reload. Repeated exploitation could result in a sustained DoS condition. An unauthenticated, remote attacker may be able to use the unauthorized configuration modification vulnerability to gain full control over the Wireless LAN Controller if the attacker is able to submit a crafted request directly to an administrative interface of the affected device. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.comw/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. +------------------------------------------------------+ | Vulnerability/ | Affected | First | Recommended | | Bug ID | Release | Fixed | Release | | | | Version | | |----------------+----------+------------+-------------| | | 4.1 | Not | Not | | | | Vulnerable | Vulnerable | | |----------+------------+-------------| | | 4.1M | Not | Not | | | | Vulnerable | Vulnerable | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | Malformed HTTP | 4.2M | Not | Not | | or HTTPS | | Vulnerable | Vulnerable | |authentication |----------+------------+-------------| | response | | Migrate to | 5.2.193.0 | | denial of | 5.0 | 5.2 or 6.0 | or | | service | | | 6.0.182.0 | |vulnerability |----------+------------+-------------| | (CSCsx03715) | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.178.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | SSH | 4.2M | Not | Not | | connections | | Vulnerable | Vulnerable | |denial of |----------+------------+-------------| | service | | Migrate to | 5.2.193.0 | | vulnerability | 5.0 | 5.2 or 6.0 | or | | (CSCsw40789) | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.1 | 5.1.163.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.178.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1 M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | Crafted HTTP | 4.2M | Not | Not | | request may | | Vulnerable | Vulnerable | |cause the WLC |----------+------------+-------------| | to crash | | Migrate to | 5.2.193.0 | | (CSCsy27708) | 5.0 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.191.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | Crafted HTTP | 4.2 | 4.2.205.0 | 4.2.207.0 | |or HTTPS |----------+------------+-------------| | request | 4.2M | Not | Not | | unauthorized | | Vulnerable | Vulnerable | |configuration |----------+------------+-------------| | modification | 5.0 | Migrate to | 5.2.193.0, | | vulnerability | | 5.2 or 6.0 | 6.0.182.0 | |(CSCsy44672) |----------+------------+-------------| | | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.191.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | +------------------------------------------------------+ Workarounds =========== The SSH connections denial of service vulnerability identified by Cisco Bug ID CSCsw40789 may be remediated by disabling SSH on the affected device. This workaround requires subsequent management of the device to be performed using the HTTP/HTTPS web management interface or the serial console of the device. Additional mitigations that can be deployed on Cisco devices in the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20090727-wlc.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts ================================ Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory at the time of release. The DoS vulnerability documented by CSCsw40789 was discovered during the resolution of customer support cases. The unauthorized configuration modification vulnerability documented by CSCsy44672 was found during internal testing. The DoS vulnerability documented by CSCsx03715 was discovered by Christoph Bott of SySS GmbH. The DoS vulnerability documented by CSCsy27708 was discovered by IBM Research. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-July-27 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt \xa9 2008 - 2009 Cisco Systems, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFKbdU786n/Gc8U/uARAkG6AKCKI8yrbakylICPezA8Up2E1t372QCePJmj RTTknUlr0VuKxVZLT0f8+gQ= =x8Ly -----END PGP SIGNATURE-----
VAR-201106-0004 CVE-2009-5078 GNU troff of contrib/pdfmark/pdfroff.sh Vulnerable to arbitrary file creation CVSS V2: 6.4
CVSS V3: 6.5
Severity: MEDIUM
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document. Successful exploits may allow attackers mount a symlink attack, which may allow the attacker to delete or corrupt sensitive files. Attackers can also rename arbitrary files and potentially cause a denial-of-service condition. Other attacks are also possible. Groff (GNU Troff) is the latest open source implementation of Troff, a document preparation system that generates print and screen documents for various devices from the same input source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006 OS X Yosemite v10.10.5 and Security Update 2015-006 is now available and addresses the following: apache Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in Apache 2.4.16, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.16. These were addressed by updating Apache to version 2.4.16. CVE-ID CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 CVE-2015-3185 apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in PHP 5.5.20, the most serious of which may lead to arbitrary code execution. Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.20. These were addressed by updating Apache to version 5.5.27. CVE-ID CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 Apple ID OD Plug-in Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able change the password of a local user Description: In some circumstances, a state management issue existed in password authentication. The issue was addressed through improved state management. CVE-ID CVE-2015-3799 : an anonymous researcher working with HP's Zero Day Initiative AppleGraphicsControl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in AppleGraphicsControl which could have led to the disclosure of kernel memory layout. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5768 : JieTao Yang of KeenTeam Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOBluetoothHCIController. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3779 : Teddy Reed of Facebook Security Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: A memory management issue could have led to the disclosure of kernel memory layout. This issue was addressed with improved memory management. CVE-ID CVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze Networks Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious app may be able to access notifications from other iCloud devices Description: An issue existed where a malicious app could access a Bluetooth-paired Mac or iOS device's Notification Center notifications via the Apple Notification Center Service. The issue affected devices using Handoff and logged into the same iCloud account. This issue was resolved by revoking access to the Apple Notification Center Service. CVE-ID CVE-2015-3786 : Xiaolong Bai (Tsinghua University), System Security Lab (Indiana University), Tongxin Li (Peking University), XiaoFeng Wang (Indiana University) Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: An attacker with privileged network position may be able to perform denial of service attack using malformed Bluetooth packets Description: An input validation issue existed in parsing of Bluetooth ACL packets. This issue was addressed through improved input validation. CVE-ID CVE-2015-3787 : Trend Micro Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple buffer overflow issues existed in blued's handling of XPC messages. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-3777 : mitp0sh of [PDX] bootp Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed Description: Upon connecting to a Wi-Fi network, iOS may have broadcast MAC addresses of previously accessed networks via the DNAv4 protocol. This issue was addressed through disabling DNAv4 on unencrypted Wi-Fi networks. CVE-ID CVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute, University of Oxford (on the EPSRC Being There project) CloudKit Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to access the iCloud user record of a previously signed in user Description: A state inconsistency existed in CloudKit when signing out users. This issue was addressed through improved state handling. CVE-ID CVE-2015-3782 : Deepkanwal Plaha of University of Toronto CoreMedia Playback Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in CoreMedia Playback. These were addressed through improved memory handling. CVE-ID CVE-2015-5777 : Apple CVE-2015-5778 : Apple CoreText Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team CoreText Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team curl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities in cURL and libcurl prior to 7.38.0, one of which may allow remote attackers to bypass the Same Origin Policy. Description: Multiple vulnerabilities existed in cURL and libcurl prior to 7.38.0. These issues were addressed by updating cURL to version 7.43.0. CVE-ID CVE-2014-3613 CVE-2014-3620 CVE-2014-3707 CVE-2014-8150 CVE-2014-8151 CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 CVE-2015-3153 Data Detectors Engine Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a sequence of unicode characters can lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in processing of Unicode characters. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org) Date & Time pref pane Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Applications that rely on system time may have unexpected behavior Description: An authorization issue existed when modifying the system date and time preferences. This issue was addressed with additional authorization checks. CVE-ID CVE-2015-3757 : Mark S C Smith Dictionary Application Available for: OS X Yosemite v10.10 to v10.10.4 Impact: An attacker with a privileged network position may be able to intercept users' Dictionary app queries Description: An issue existed in the Dictionary app, which did not properly secure user communications. This issue was addressed by moving Dictionary queries to HTTPS. CVE-ID CVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security Team DiskImages Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team dyld Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed in dyld. This was addressed through improved environment sanitization. CVE-ID CVE-2015-3760 : beist of grayhash, Stefan Esser FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3804 : Apple CVE-2015-5775 : Apple FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team groff Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple issues in pdfroff Description: Multiple issues existed in pdfroff, the most serious of which may allow arbitrary filesystem modification. These issues were addressed by removing pdfroff. CVE-ID CVE-2009-5044 CVE-2009-5078 ImageIO Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of TIFF images. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5758 : Apple ImageIO Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: An uninitialized memory access issue existed in ImageIO's handling of PNG and TIFF images. Visiting a malicious website may result in sending data from process memory to the website. This issue is addressed through improved memory initialization and additional validation of PNG and TIFF images. CVE-ID CVE-2015-5781 : Michal Zalewski CVE-2015-5782 : Michal Zalewski Install Framework Legacy Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with root privileges Description: An issue existed in how Install.framework's 'runner' binary dropped privileges. This issue was addressed through improved privilege management. CVE-ID CVE-2015-5784 : Ian Beer of Google Project Zero Install Framework Legacy Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A race condition existed in Install.framework's 'runner' binary that resulted in privileges being incorrectly dropped. This issue was addressed through improved object locking. CVE-ID CVE-2015-5754 : Ian Beer of Google Project Zero IOFireWireFamily Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: Memory corruption issues existed in IOFireWireFamily. These issues were addressed through additional type input validation. CVE-ID CVE-2015-3769 : Ilja van Sprundel CVE-2015-3771 : Ilja van Sprundel CVE-2015-3772 : Ilja van Sprundel IOGraphics Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOGraphics. This issue was addressed through additional type input validation. CVE-ID CVE-2015-3770 : Ilja van Sprundel CVE-2015-5783 : Ilja van Sprundel IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5774 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in the mach_port_space_info interface, which could have led to the disclosure of kernel memory layout. This was addressed by disabling the mach_port_space_info interface. CVE-ID CVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team, @PanguTeam Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2015-3768 : Ilja van Sprundel Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to cause a system denial of service Description: A resource exhaustion issue existed in the fasttrap driver. This was addressed through improved memory handling. CVE-ID CVE-2015-5747 : Maxime VILLARD of m00nbsd Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to cause a system denial of service Description: A validation issue existed in the mounting of HFS volumes. This was addressed by adding additional checks. CVE-ID CVE-2015-5748 : Maxime VILLARD of m00nbsd Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute unsigned code Description: An issue existed that allowed unsigned code to be appended to signed code in a specially crafted executable file. This issue was addressed through improved code signature validation. CVE-ID CVE-2015-3806 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A specially crafted executable file could allow unsigned, malicious code to execute Description: An issue existed in the way multi-architecture executable files were evaluated that could have allowed unsigned code to be executed. This issue was addressed through improved validation of executable files. CVE-ID CVE-2015-3803 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute unsigned code Description: A validation issue existed in the handling of Mach-O files. This was addressed by adding additional checks. CVE-ID CVE-2015-3802 : TaiG Jailbreak Team CVE-2015-3805 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted plist may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption existed in processing of malformed plists. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein (@jollyjinx) of Jinx Germany Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed. This was addressed through improved environment sanitization. CVE-ID CVE-2015-3761 : Apple Libc Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted regular expression may lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in the TRE library. These were addressed through improved memory handling. CVE-ID CVE-2015-3796 : Ian Beer of Google Project Zero CVE-2015-3797 : Ian Beer of Google Project Zero CVE-2015-3798 : Ian Beer of Google Project Zero Libinfo Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in handling AF_INET6 sockets. These were addressed by improved memory handling. CVE-ID CVE-2015-5776 : Apple libpthread Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in handling syscalls. This issue was addressed through improved lock state checking. CVE-ID CVE-2015-5757 : Lufeng Li of Qihoo 360 libxml2 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2, the most serious of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2. These were addressed by updating libxml2 to version 2.9.2. CVE-ID CVE-2012-6685 : Felix Groebert of Google CVE-2014-0191 : Felix Groebert of Google libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory access issue existed in libxml2. This was addressed by improved memory handling CVE-ID CVE-2014-3660 : Felix Groebert of Google libxml2 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory corruption issue existed in parsing of XML files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3807 : Apple libxpc Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in handling of malformed XPC messages. This issue was improved through improved bounds checking. CVE-ID CVE-2015-3795 : Mathew Rowley mail_cmds Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary shell commands Description: A validation issue existed in the mailx parsing of email addresses. This was addressed by improved sanitization. CVE-ID CVE-2014-7844 Notification Center OSX Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to access all notifications previously displayed to users Description: An issue existed in Notification Center, which did not properly delete user notifications. This issue was addressed by correctly deleting notifications dismissed by users. CVE-ID CVE-2015-3764 : Jonathan Zdziarski ntfs Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in NTFS. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze Networks OpenSSH Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Remote attackers may be able to circumvent a time delay for failed login attempts and conduct brute-force attacks Description: An issue existed when processing keyboard-interactive devices. This issue was addressed through improved authentication request validation. CVE-ID CVE-2015-5600 OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg. CVE-ID CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 perl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted regular expression may lead to disclosure of unexpected application termination or arbitrary code execution Description: An integer underflow issue existed in the way Perl parsed regular expressions. This issue was addressed through improved memory handling. CVE-ID CVE-2013-7422 PostgreSQL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: An attacker may be able to cause unexpected application termination or gain access to data without proper authentication Description: Multiple issues existed in PostgreSQL 9.2.4. These issues were addressed by updating PostgreSQL to 9.2.13. CVE-ID CVE-2014-0067 CVE-2014-8161 CVE-2015-0241 CVE-2015-0242 CVE-2015-0243 CVE-2015-0244 python Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in Python 2.7.6, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in Python versions prior to 2.7.6. These were addressed by updating Python to version 2.7.10. CVE-ID CVE-2013-7040 CVE-2013-7338 CVE-2014-1912 CVE-2014-7185 CVE-2014-9365 QL Office Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted Office document may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing of Office documents. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5773 : Apple QL Office Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information Description: An external entity reference issue existed in XML file parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. Quartz Composer Framework Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing of QuickTime files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5771 : Apple Quick Look Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Searching for a previously viewed website may launch the web browser and render that website Description: An issue existed where QuickLook had the capability to execute JavaScript. The issue was addressed by disallowing execution of JavaScript. CVE-ID CVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole QuickTime 7 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3772 CVE-2015-3779 CVE-2015-5753 : Apple CVE-2015-5779 : Apple QuickTime 7 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3765 : Joe Burnett of Audio Poison CVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-5751 : WalkerFuz SceneKit Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Viewing a maliciously crafted Collada file may lead to arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5772 : Apple SceneKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in SceneKit. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3783 : Haris Andrianakis of Google Security Team Security Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A standard user may be able to gain access to admin privileges without proper authentication Description: An issue existed in handling of user authentication. This issue was addressed through improved authentication checks. CVE-ID CVE-2015-3775 : [Eldon Ahrold] SMBClient Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the SMB client. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3773 : Ilja van Sprundel Speech UI Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted unicode string with speech alerts enabled may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in handling of Unicode strings. This issue was addressed by improved memory handling. CVE-ID CVE-2015-3794 : Adam Greenbaum of Refinitive sudo Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in sudo versions prior to 1.7.10p9, the most serious of which may allow an attacker access to arbitrary files Description: Multiple vulnerabilities existed in sudo versions prior to 1.7.10p9. These were addressed by updating sudo to version 1.7.10p9. CVE-ID CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-2777 CVE-2014-0106 CVE-2014-9680 tcpdump Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in tcpdump versions prior to 4.7.3. These were addressed by updating tcpdump to version 4.7.3. CVE-ID CVE-2014-8767 CVE-2014-8769 CVE-2014-9140 Text Formats Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted text file may lead to disclosure of user information Description: An XML external entity reference issue existed with TextEdit parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team udf Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3767 : beist of grayhash OS X Yosemite v10.10.5 includes the security content of Safari 8.0.8: https://support.apple.com/en-us/HT205033 OS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJVzM3+AAoJEBcWfLTuOo7tx/YP/RTsUUx0UTk7rXj6AEcHmiR4 Y2xTUOXqRmxhieSbsGK9laKL5++lIzkGh5RC7oYag0+OgWtZz+EU/EtdoEJmGNJ6 +PgoEnizYdKhO1kos1KCHOwG6UFCqoeEm6Icm33nVUqWp7uAmhVRMRxtMJEScLSR 2LpsK0grIhFXtJGqu053TSKSCa1UTab8XWteZTT84uFGMSKbAFONj5CPIrR6+uev QpVTwrnskPDBOXJwGhjypvIBTbt2aa1wjCukOAWFHwf7Pma/QUdhKRkUK4vAb9/k fu2t2fBOvSMguJHRO+340NsQR9LvmdruBeAyNUH64srF1jtbAg0QnvZsPyO5aIyR A8WrzHl3oIc0II0y7VpI+3o0J3Nn03EcBPtIKeoeyznnjNziDm72HPI2d2+5ZSRz xjAd4Nmw+dgGq+UMkusIXgtRK4HcEpwzfImf3zqnKHakSncnFPhGKyNEgn8bK9a7 AeAvSqMXXsJg8weHUF2NLnAn/42k2wIE8d5BOLaIy13xz6MJn7VUI21pK0zCaGBF sfkRFZP0eEVh8ZzU/nWp9E5KDpbsd72biJwvjWH4OrmkfzUWxStQiVwPTxtZD9LW c5ZWe+vqZJV9eYRH2hAOMPaYkOQ5Z4DySNVVOFAG0eq9til8+V0k3L7ipIVd2XUB msu6gVP8uZhFYNb8byVJ =+0e/ -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201310-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Groff: Multiple Vulnerabilities Date: October 25, 2013 Bugs: #386335 ID: 201310-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Groff, allowing context-dependent attackers to conduct symlink attacks. Background ========== GNU Troff (Groff) is a text formatter used for man pages. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Groff users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/groff-1.22.2" References ========== [ 1 ] CVE-2009-5044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5044 [ 2 ] CVE-2009-5078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5078 [ 3 ] CVE-2009-5079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5079 [ 4 ] CVE-2009-5080 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5080 [ 5 ] CVE-2009-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5081 [ 6 ] CVE-2009-5082 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5082 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201310-14.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201106-0002 CVE-2009-5044 GNU troff of contrib/pdfmark/pdfroff.sh Vulnerable to overwriting arbitrary files CVSS V2: 3.3
CVSS V3: -
Severity: LOW
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file. Successful exploits may allow attackers mount a symlink attack, which may allow the attacker to delete or corrupt sensitive files. Attackers can also rename arbitrary files and potentially cause a denial-of-service condition. Other attacks are also possible. Groff (GNU Troff) is the latest open source implementation of Troff, a document preparation system that generates print and screen documents for various devices from the same input source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006 OS X Yosemite v10.10.5 and Security Update 2015-006 is now available and addresses the following: apache Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in Apache 2.4.16, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.16. These were addressed by updating Apache to version 2.4.16. CVE-ID CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 CVE-2015-3185 apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in PHP 5.5.20, the most serious of which may lead to arbitrary code execution. Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.20. These were addressed by updating Apache to version 5.5.27. CVE-ID CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 Apple ID OD Plug-in Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able change the password of a local user Description: In some circumstances, a state management issue existed in password authentication. The issue was addressed through improved state management. CVE-ID CVE-2015-3799 : an anonymous researcher working with HP's Zero Day Initiative AppleGraphicsControl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in AppleGraphicsControl which could have led to the disclosure of kernel memory layout. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5768 : JieTao Yang of KeenTeam Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOBluetoothHCIController. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3779 : Teddy Reed of Facebook Security Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: A memory management issue could have led to the disclosure of kernel memory layout. This issue was addressed with improved memory management. CVE-ID CVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze Networks Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious app may be able to access notifications from other iCloud devices Description: An issue existed where a malicious app could access a Bluetooth-paired Mac or iOS device's Notification Center notifications via the Apple Notification Center Service. The issue affected devices using Handoff and logged into the same iCloud account. This issue was resolved by revoking access to the Apple Notification Center Service. CVE-ID CVE-2015-3786 : Xiaolong Bai (Tsinghua University), System Security Lab (Indiana University), Tongxin Li (Peking University), XiaoFeng Wang (Indiana University) Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: An attacker with privileged network position may be able to perform denial of service attack using malformed Bluetooth packets Description: An input validation issue existed in parsing of Bluetooth ACL packets. This issue was addressed through improved input validation. CVE-ID CVE-2015-3787 : Trend Micro Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple buffer overflow issues existed in blued's handling of XPC messages. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-3777 : mitp0sh of [PDX] bootp Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed Description: Upon connecting to a Wi-Fi network, iOS may have broadcast MAC addresses of previously accessed networks via the DNAv4 protocol. This issue was addressed through disabling DNAv4 on unencrypted Wi-Fi networks. CVE-ID CVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute, University of Oxford (on the EPSRC Being There project) CloudKit Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to access the iCloud user record of a previously signed in user Description: A state inconsistency existed in CloudKit when signing out users. This issue was addressed through improved state handling. CVE-ID CVE-2015-3782 : Deepkanwal Plaha of University of Toronto CoreMedia Playback Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in CoreMedia Playback. These were addressed through improved memory handling. CVE-ID CVE-2015-5777 : Apple CVE-2015-5778 : Apple CoreText Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team CoreText Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team curl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities in cURL and libcurl prior to 7.38.0, one of which may allow remote attackers to bypass the Same Origin Policy. Description: Multiple vulnerabilities existed in cURL and libcurl prior to 7.38.0. These issues were addressed by updating cURL to version 7.43.0. CVE-ID CVE-2014-3613 CVE-2014-3620 CVE-2014-3707 CVE-2014-8150 CVE-2014-8151 CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 CVE-2015-3153 Data Detectors Engine Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a sequence of unicode characters can lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in processing of Unicode characters. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org) Date & Time pref pane Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Applications that rely on system time may have unexpected behavior Description: An authorization issue existed when modifying the system date and time preferences. This issue was addressed with additional authorization checks. CVE-ID CVE-2015-3757 : Mark S C Smith Dictionary Application Available for: OS X Yosemite v10.10 to v10.10.4 Impact: An attacker with a privileged network position may be able to intercept users' Dictionary app queries Description: An issue existed in the Dictionary app, which did not properly secure user communications. This issue was addressed by moving Dictionary queries to HTTPS. CVE-ID CVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security Team DiskImages Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team dyld Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed in dyld. This was addressed through improved environment sanitization. CVE-ID CVE-2015-3760 : beist of grayhash, Stefan Esser FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3804 : Apple CVE-2015-5775 : Apple FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team groff Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple issues in pdfroff Description: Multiple issues existed in pdfroff, the most serious of which may allow arbitrary filesystem modification. These issues were addressed by removing pdfroff. CVE-ID CVE-2009-5044 CVE-2009-5078 ImageIO Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of TIFF images. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5758 : Apple ImageIO Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: An uninitialized memory access issue existed in ImageIO's handling of PNG and TIFF images. Visiting a malicious website may result in sending data from process memory to the website. This issue is addressed through improved memory initialization and additional validation of PNG and TIFF images. CVE-ID CVE-2015-5781 : Michal Zalewski CVE-2015-5782 : Michal Zalewski Install Framework Legacy Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with root privileges Description: An issue existed in how Install.framework's 'runner' binary dropped privileges. This issue was addressed through improved privilege management. CVE-ID CVE-2015-5784 : Ian Beer of Google Project Zero Install Framework Legacy Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A race condition existed in Install.framework's 'runner' binary that resulted in privileges being incorrectly dropped. This issue was addressed through improved object locking. CVE-ID CVE-2015-5754 : Ian Beer of Google Project Zero IOFireWireFamily Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: Memory corruption issues existed in IOFireWireFamily. These issues were addressed through additional type input validation. CVE-ID CVE-2015-3769 : Ilja van Sprundel CVE-2015-3771 : Ilja van Sprundel CVE-2015-3772 : Ilja van Sprundel IOGraphics Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOGraphics. This issue was addressed through additional type input validation. CVE-ID CVE-2015-3770 : Ilja van Sprundel CVE-2015-5783 : Ilja van Sprundel IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5774 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in the mach_port_space_info interface, which could have led to the disclosure of kernel memory layout. This was addressed by disabling the mach_port_space_info interface. CVE-ID CVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team, @PanguTeam Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2015-3768 : Ilja van Sprundel Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to cause a system denial of service Description: A resource exhaustion issue existed in the fasttrap driver. This was addressed through improved memory handling. CVE-ID CVE-2015-5747 : Maxime VILLARD of m00nbsd Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to cause a system denial of service Description: A validation issue existed in the mounting of HFS volumes. This was addressed by adding additional checks. CVE-ID CVE-2015-5748 : Maxime VILLARD of m00nbsd Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute unsigned code Description: An issue existed that allowed unsigned code to be appended to signed code in a specially crafted executable file. This issue was addressed through improved code signature validation. CVE-ID CVE-2015-3806 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A specially crafted executable file could allow unsigned, malicious code to execute Description: An issue existed in the way multi-architecture executable files were evaluated that could have allowed unsigned code to be executed. This issue was addressed through improved validation of executable files. CVE-ID CVE-2015-3803 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute unsigned code Description: A validation issue existed in the handling of Mach-O files. This was addressed by adding additional checks. CVE-ID CVE-2015-3802 : TaiG Jailbreak Team CVE-2015-3805 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted plist may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption existed in processing of malformed plists. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein (@jollyjinx) of Jinx Germany Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed. This was addressed through improved environment sanitization. CVE-ID CVE-2015-3761 : Apple Libc Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted regular expression may lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in the TRE library. These were addressed through improved memory handling. CVE-ID CVE-2015-3796 : Ian Beer of Google Project Zero CVE-2015-3797 : Ian Beer of Google Project Zero CVE-2015-3798 : Ian Beer of Google Project Zero Libinfo Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in handling AF_INET6 sockets. These were addressed by improved memory handling. CVE-ID CVE-2015-5776 : Apple libpthread Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in handling syscalls. This issue was addressed through improved lock state checking. CVE-ID CVE-2015-5757 : Lufeng Li of Qihoo 360 libxml2 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2, the most serious of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2. These were addressed by updating libxml2 to version 2.9.2. CVE-ID CVE-2012-6685 : Felix Groebert of Google CVE-2014-0191 : Felix Groebert of Google libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory access issue existed in libxml2. This was addressed by improved memory handling CVE-ID CVE-2014-3660 : Felix Groebert of Google libxml2 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory corruption issue existed in parsing of XML files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3807 : Apple libxpc Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in handling of malformed XPC messages. This issue was improved through improved bounds checking. CVE-ID CVE-2015-3795 : Mathew Rowley mail_cmds Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary shell commands Description: A validation issue existed in the mailx parsing of email addresses. This was addressed by improved sanitization. CVE-ID CVE-2014-7844 Notification Center OSX Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to access all notifications previously displayed to users Description: An issue existed in Notification Center, which did not properly delete user notifications. This issue was addressed by correctly deleting notifications dismissed by users. CVE-ID CVE-2015-3764 : Jonathan Zdziarski ntfs Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in NTFS. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze Networks OpenSSH Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Remote attackers may be able to circumvent a time delay for failed login attempts and conduct brute-force attacks Description: An issue existed when processing keyboard-interactive devices. This issue was addressed through improved authentication request validation. CVE-ID CVE-2015-5600 OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg. CVE-ID CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 perl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted regular expression may lead to disclosure of unexpected application termination or arbitrary code execution Description: An integer underflow issue existed in the way Perl parsed regular expressions. This issue was addressed through improved memory handling. CVE-ID CVE-2013-7422 PostgreSQL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: An attacker may be able to cause unexpected application termination or gain access to data without proper authentication Description: Multiple issues existed in PostgreSQL 9.2.4. These issues were addressed by updating PostgreSQL to 9.2.13. CVE-ID CVE-2014-0067 CVE-2014-8161 CVE-2015-0241 CVE-2015-0242 CVE-2015-0243 CVE-2015-0244 python Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in Python 2.7.6, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in Python versions prior to 2.7.6. These were addressed by updating Python to version 2.7.10. CVE-ID CVE-2013-7040 CVE-2013-7338 CVE-2014-1912 CVE-2014-7185 CVE-2014-9365 QL Office Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted Office document may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing of Office documents. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5773 : Apple QL Office Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information Description: An external entity reference issue existed in XML file parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. Quartz Composer Framework Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing of QuickTime files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5771 : Apple Quick Look Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Searching for a previously viewed website may launch the web browser and render that website Description: An issue existed where QuickLook had the capability to execute JavaScript. The issue was addressed by disallowing execution of JavaScript. CVE-ID CVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole QuickTime 7 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3772 CVE-2015-3779 CVE-2015-5753 : Apple CVE-2015-5779 : Apple QuickTime 7 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3765 : Joe Burnett of Audio Poison CVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-5751 : WalkerFuz SceneKit Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Viewing a maliciously crafted Collada file may lead to arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5772 : Apple SceneKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in SceneKit. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3783 : Haris Andrianakis of Google Security Team Security Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A standard user may be able to gain access to admin privileges without proper authentication Description: An issue existed in handling of user authentication. This issue was addressed through improved authentication checks. CVE-ID CVE-2015-3775 : [Eldon Ahrold] SMBClient Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the SMB client. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3773 : Ilja van Sprundel Speech UI Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted unicode string with speech alerts enabled may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in handling of Unicode strings. This issue was addressed by improved memory handling. CVE-ID CVE-2015-3794 : Adam Greenbaum of Refinitive sudo Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in sudo versions prior to 1.7.10p9, the most serious of which may allow an attacker access to arbitrary files Description: Multiple vulnerabilities existed in sudo versions prior to 1.7.10p9. These were addressed by updating sudo to version 1.7.10p9. CVE-ID CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-2777 CVE-2014-0106 CVE-2014-9680 tcpdump Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in tcpdump versions prior to 4.7.3. These were addressed by updating tcpdump to version 4.7.3. CVE-ID CVE-2014-8767 CVE-2014-8769 CVE-2014-9140 Text Formats Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted text file may lead to disclosure of user information Description: An XML external entity reference issue existed with TextEdit parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team udf Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3767 : beist of grayhash OS X Yosemite v10.10.5 includes the security content of Safari 8.0.8: https://support.apple.com/en-us/HT205033 OS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJVzM3+AAoJEBcWfLTuOo7tx/YP/RTsUUx0UTk7rXj6AEcHmiR4 Y2xTUOXqRmxhieSbsGK9laKL5++lIzkGh5RC7oYag0+OgWtZz+EU/EtdoEJmGNJ6 +PgoEnizYdKhO1kos1KCHOwG6UFCqoeEm6Icm33nVUqWp7uAmhVRMRxtMJEScLSR 2LpsK0grIhFXtJGqu053TSKSCa1UTab8XWteZTT84uFGMSKbAFONj5CPIrR6+uev QpVTwrnskPDBOXJwGhjypvIBTbt2aa1wjCukOAWFHwf7Pma/QUdhKRkUK4vAb9/k fu2t2fBOvSMguJHRO+340NsQR9LvmdruBeAyNUH64srF1jtbAg0QnvZsPyO5aIyR A8WrzHl3oIc0II0y7VpI+3o0J3Nn03EcBPtIKeoeyznnjNziDm72HPI2d2+5ZSRz xjAd4Nmw+dgGq+UMkusIXgtRK4HcEpwzfImf3zqnKHakSncnFPhGKyNEgn8bK9a7 AeAvSqMXXsJg8weHUF2NLnAn/42k2wIE8d5BOLaIy13xz6MJn7VUI21pK0zCaGBF sfkRFZP0eEVh8ZzU/nWp9E5KDpbsd72biJwvjWH4OrmkfzUWxStQiVwPTxtZD9LW c5ZWe+vqZJV9eYRH2hAOMPaYkOQ5Z4DySNVVOFAG0eq9til8+V0k3L7ipIVd2XUB msu6gVP8uZhFYNb8byVJ =+0e/ -----END PGP SIGNATURE----- . This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges. For more information: SA44999 SOLUTION: Apply updated packages via the zypper package manager. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. ---------------------------------------------------------------------- Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/ ---------------------------------------------------------------------- TITLE: GNU Troff "pdfroff" Script Insecure Temporary File Creation SECUNIA ADVISORY ID: SA44999 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44999/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44999 RELEASE DATE: 2011-06-18 DISCUSS ADVISORY: http://secunia.com/advisories/44999/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44999/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44999 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in GNU Troff, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The vulnerability is caused due to the "pdfroff" script creating temporary files insecurely. The vulnerability is reported in version 1.20. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Reported in a Debian bug report by Brian M. Carlson. ORIGINAL ADVISORY: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538330 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201310-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Groff: Multiple Vulnerabilities Date: October 25, 2013 Bugs: #386335 ID: 201310-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Groff, allowing context-dependent attackers to conduct symlink attacks. Background ========== GNU Troff (Groff) is a text formatter used for man pages. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Groff users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/groff-1.22.2" References ========== [ 1 ] CVE-2009-5044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5044 [ 2 ] CVE-2009-5078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5078 [ 3 ] CVE-2009-5079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5079 [ 4 ] CVE-2009-5080 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5080 [ 5 ] CVE-2009-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5081 [ 6 ] CVE-2009-5082 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5082 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201310-14.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201204-0111 CVE-2012-0777 Adobe Flash vulnerability affects Flash Player and other Adobe products CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Adobe Flash Player, Reader, Acrobat, and other products that include Flash support are affected. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: acroread security update Advisory ID: RHSA-2012:0469-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0469.html Issue date: 2012-04-10 CVE Names: CVE-2012-0774 CVE-2012-0775 CVE-2012-0777 ===================================================================== 1. Summary: Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). These flaws are detailed on the Adobe security page APSB12-08, listed in the References section. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 810397 - CVE-2012-0774 CVE-2012-0775 CVE-2012-0777 acroread: multiple unspecified flaws (APSB12-08) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: acroread-9.5.1-1.el5.i386.rpm acroread-plugin-9.5.1-1.el5.i386.rpm x86_64: acroread-9.5.1-1.el5.i386.rpm acroread-plugin-9.5.1-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: acroread-9.5.1-1.el5.i386.rpm acroread-plugin-9.5.1-1.el5.i386.rpm x86_64: acroread-9.5.1-1.el5.i386.rpm acroread-plugin-9.5.1-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm x86_64: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm x86_64: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm x86_64: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0774.html https://www.redhat.com/security/data/cve/CVE-2012-0775.html https://www.redhat.com/security/data/cve/CVE-2012-0777.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-08.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Red Hat update for acroread SECUNIA ADVISORY ID: SA48756 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48756/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48756 RELEASE DATE: 2012-04-11 DISCUSS ADVISORY: http://secunia.com/advisories/48756/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48756/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48756 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for acroread. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System Technical Cyber Security Alert TA12-101B Adobe Reader and Acrobat Security Updates and Architectural Improvements Original release date: April 10, 2012 Last revised: -- Source: US-CERT Systems Affected * Adobe Reader X (10.1.2) and earlier 10.x versions for Windows and Macintosh * Adobe Reader 9.5 and earlier 9.x versions for Windows, Macintosh, and UNIX * Adobe Acrobat X (10.1.2) and earlier 10.x versions for Windows and Macintosh * Adobe Acrobat 9.5 and earlier 9.x versions for Windows and Macintosh Overview Adobe has released Security Bulletin APSB12-08, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat. In addition, Reader and Acrobat now disable the rendering of 3D content by default. These vulnerabilities affect Adobe Reader and Acrobat versions 9.x through 9.5, and Reader X and Acrobat X versions prior to 10.1.3. The Adobe ASSET blog provides additional details on new security architecture changes to Adobe Reader and Acrobat. This change helps limit the number of out-of-date, vulnerable Flash runtimes available to an attacker. Adobe Reader and Acrobat 9.5.1 also now disable rendering of 3D content by default because the 3D rendering components have a history of vulnerabilities. An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. This can happen automatically as the result of viewing a webpage. Solution Update Reader Adobe has released updates to address this issue. Users are encouraged to read Adobe Security Bulletin APSB12-08 and update vulnerable versions of Adobe Reader and Acrobat. In addition to updating, please consider the following mitigations. Disable JavaScript in Adobe Reader and Acrobat Disabling JavaScript may prevent some exploits from resulting in code execution. You can disable Acrobat JavaScript using the Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable Acrobat JavaScript). Adobe provides a framework to blacklist specific JavaScipt APIs. If JavaScript must be enabled, this framework may be useful when specific APIs are known to be vulnerable or used in attacks. Prevent Internet Explorer from automatically opening PDF files The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to a safer option that prompts the user by importing the following as a .REG file: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\AcroExch.Document.7] "EditFlags"=hex:00,00,00,00 Disable the display of PDF files in the web browser Preventing PDF files from opening inside a web browser will partially mitigate this vulnerability. Applying this workaround may also mitigate future vulnerabilities. To prevent PDF files from automatically being opened in a web browser, do the following: 1. 2. Open the Edit menu. 3. Choose the Preferences option. 4. Choose the Internet section. 5. Uncheck the "Display PDF in browser" checkbox. Do not access PDF files from untrusted sources Do not open unfamiliar or unexpected PDF files, particularly those hosted on websites or delivered as email attachments. Please see Cyber Security Tip ST04-010. Please send email to <cert@cert.org> with "TA12-101B Feedback VU#124663" in the subject. ____________________________________________________________________ Produced by US-CERT, a government organization. ____________________________________________________________________ This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify This document can also be found at http://www.us-cert.gov/cas/techalerts/TA12-101B.html For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBT4St0z/GkGVXE7GMAQK56gf+N4gfsTH8ssv6GzNqliZtpkgx5MI/Vo71 bx/DERpK2AtQaNk3genyZ1vShMjfKUk7GmVQCeDvcTxhc+yNSSi3hSGyX7FQbl9E 6p9mMLRD9OwJ63xq3fGmydNsgQnUTsjjRxkxC1DdojtlJL3HRsYYBXxguKQaPI1p UiPoMDu5W7LJ/9f+zrMbc4Hf15366YY7XGMmFL68OpwbxOT3aRrfLC/v6FErqHli UUg79tEm8FpemBrIzusqePviNYkci2M3K5fByp9opGrttPhTZAL8ddYJKfCSm+Xg lFs5dAwD0SCI3SQxG5B8RhGgLLCz87O+ifE1Q2UjFAvB6XWQifYDwA== =5dGp -----END PGP SIGNATURE----- . The Adobe Flash browser plugin is available for multiple web browsers and operating systems, any of which could be affected. This vulnerability is being actively exploited. II. III. Solution These vulnerabilities can be mitigated by disabling the Flash plugin or by using the NoScript extension for Mozilla Firefox or SeaMonkey to whitelist websites that can access the Flash plugin. For more information about securely configuring web browsers, please see the Securing Your Web Browser document. US-CERT Vulnerability Note VU#259425 has additional details, as well as information about mitigating the PDF document attack vector. Thanks to Department of Defense Cyber Crime Center/DCISE for information used in this document. IV. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. SOLUTION: Do not browse untrusted websites or follow untrusted links. Updates will reportedly be available for Windows, Macintosh, and Linux versions by July 30. PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day. ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/advisories/apsa09-03.html OTHER REFERENCES: US-CERT VU#259425: http://www.kb.cert.org/vuls/id/259425 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Reader: Multiple vulnerabilities Date: June 22, 2012 Bugs: #405949, #411499 ID: 201206-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Adobe Reader might allow remote attackers to execute arbitrary code or conduct various other attacks. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/acroread < 9.5.1 >= 9.5.1 Description =========== Multiple vulnerabilities have been found in Adobe Reader, including an integer overflow in TrueType Font handling (CVE-2012-0774) and multiple unspecified errors which could cause memory corruption. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.1" References ========== [ 1 ] CVE-2011-4370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4370 [ 2 ] CVE-2011-4371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4371 [ 3 ] CVE-2011-4372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4372 [ 4 ] CVE-2011-4373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4373 [ 5 ] CVE-2012-0774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0774 [ 6 ] CVE-2012-0775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0775 [ 7 ] CVE-2012-0776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0776 [ 8 ] CVE-2012-0777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0777 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201206-14.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-200907-0583 No CVE SAP NetWeaver Password Information Disclosure Vulnerability CVSS V2: -
CVSS V3: -
Severity: -
SAP NetWeaver is prone to an information-disclosure vulnerability because it fails to properly secure communication channels between clients and servers. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.
VAR-200907-0094 CVE-2009-2047 Cisco Unified CCX Server CRS Directory traversal vulnerability in the internal management interface CVSS V2: 9.0
CVSS V3: -
Severity: HIGH
Directory traversal vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to read, modify, or delete arbitrary files via unspecified vectors. Cisco Unified Contact Center Express is prone to a directory-traversal vulnerability. An attacker can exploit this issue to view, modify, or delete any file on the server through the CRS Administration interface. Successful exploits may lead to other attacks. This issue is tracked by Cisco BugID CSCsw76644. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Cisco Unified Contact Center Express Two Vulnerabilities SECUNIA ADVISORY ID: SA35861 VERIFY ADVISORY: http://secunia.com/advisories/35861/ DESCRIPTION: Two vulnerabilities have been reported in Cisco Unified Contact Center Express, which can be exploited by malicious users to conduct script insertion attacks, manipulate certain data, disclose potentially sensitive information, and potentially compromise a vulnerable system. 2) Certain input to the Cisco Unified CCX database is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed. CRS 7x: Update to CRS version 7.0(1) SR2. CRS 5.x and 6.x: Apply hotfix crs5.0.2sr2es09 or crs6.0.1sr1es05. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090715-uccx.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Exploitation of these vulnerabilities could result in a denial of service condition, information disclosure, or a privilege escalation attack. Cisco has released free software updates that address these two vulnerabilities in the latest version of Cisco Unified CCX software. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090715-uccx.shtml. Vulnerable Products +------------------ All versions of Cisco Unified CCX server running the following software may be affected by these vulnerabilities, to include: * Cisco Customer Response Solution (CRS) versions 3.x, 4.x, 5.x, 6.x, and 7.x * Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) versions 3.x, 4.x, 5.x, 6.x, and 7.x * Cisco Unified CCX 4.x, 5.x, 6.x, and 7.x * Cisco Unified IP Contact Center Express versions 3.x, 5.x, 6.x, and 7.x * Cisco Customer Response Applications versions 3.x * Cisco IP Queue Manager (IP QM) versions 3.x Products Confirmed Not Vulnerable +-------------------------------- No other Cisco products are currently known to be affected by these vulnerabilities. This vulnerability is documented in Cisco Bug ID CSCsw76644 and has been assigned Common Vulnerability and Exposures (CVE) ID CVE-2009-2047. The script injection vulnerability may allow authenticated users to enter JavaScript into the Cisco Unified CCX database. The stored script could be executed in the browser of the next authenticated user. This vulnerability is documented in Cisco Bug ID CSCsw76649 and has been assigned CVE ID CVE-2009-2048. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss. * Incomplete input validation allows modification of OS files/directories (CSCsw76644) CVSS Base Score - 9.0 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 8.7 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * script injection vulnerability in admin interface pages (CSCsw76649) CVSS Base Score - 5.5 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - None Integrity Impact - Partial Availability Impact - Partial CVSS Temporal Score - 4.5 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the directory traversal vulnerability may result in read and write access to files on the underlying operating system. Successful exploitation of the script injection vulnerability may result in the execution of JavaScript of authenticated users and prevent server pages from displaying properly. Software Versions and Fixes =========================== The fixes for these vulnerabilities are included in CRS version 7.0(1)SR2 and are available as a hotfix for customers running versions 5.x and 6.x. The hotfixes are crs5.0.2sr2es09 and crs6.0.1sr1es05. Information about how to obtain the hotfixes can be found in the release notes enclosures of the bugs at: CSCsw76644 and CSCsw76649. When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Workarounds =========== There are no workarounds for these vulnerabilities. The script injection attacks that are described in this advisory are a specific classification of stored cross-site scripting attacks. A description and mitigation technique can be found in the applied mitigation bulletin available at the following link: http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a008073f7b3.html These vulnerabilities can be detected and mitigated with IDS signatures 3216-0 and 19001-0. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. These vulnerabilities were reported to Cisco by National Australia Bank's Security Assurance team. Cisco would like to thank the National Australia Bank's Security Assurance team for the discovery and reporting of these vulnerabilities. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090715-uccx.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +-----------------------------------------------------------+ | Revision 1.0 | 2009-July-15 | Initial public release | +-----------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. All rights reserved. +-------------------------------------------------------------------- Updated: Jul 15, 2009 Document ID: 110307 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpeCwIACgkQ86n/Gc8U/uCRVACfQ16BguNxTclUmslEdX/l/W8Y 6DcAoJ3WjD6cV2PJ5LPVei8F9mMDyXLj =wNQ1 -----END PGP SIGNATURE-----
VAR-200907-0095 CVE-2009-2048 Cisco Unified CCX Server CRS Internal management interface cross-site scripting vulnerability CVSS V2: 3.5
CVSS V3: -
Severity: LOW
Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified vectors. An attacker can exploit this issue to execute arbitrary script code in the context of the user running the application, which may aid in further attacks. This issue is documented by Cisco Bug ID CSCsw76649. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 2) Certain input to the Cisco Unified CCX database is not properly sanitised before being used. CRS 7x: Update to CRS version 7.0(1) SR2. CRS 5.x and 6.x: Apply hotfix crs5.0.2sr2es09 or crs6.0.1sr1es05. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090715-uccx.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Exploitation of these vulnerabilities could result in a denial of service condition, information disclosure, or a privilege escalation attack. Cisco has released free software updates that address these two vulnerabilities in the latest version of Cisco Unified CCX software. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090715-uccx.shtml. Vulnerable Products +------------------ All versions of Cisco Unified CCX server running the following software may be affected by these vulnerabilities, to include: * Cisco Customer Response Solution (CRS) versions 3.x, 4.x, 5.x, 6.x, and 7.x * Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) versions 3.x, 4.x, 5.x, 6.x, and 7.x * Cisco Unified CCX 4.x, 5.x, 6.x, and 7.x * Cisco Unified IP Contact Center Express versions 3.x, 5.x, 6.x, and 7.x * Cisco Customer Response Applications versions 3.x * Cisco IP Queue Manager (IP QM) versions 3.x Products Confirmed Not Vulnerable +-------------------------------- No other Cisco products are currently known to be affected by these vulnerabilities. The stored script could be executed in the browser of the next authenticated user. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss. * Incomplete input validation allows modification of OS files/directories (CSCsw76644) CVSS Base Score - 9.0 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 8.7 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * script injection vulnerability in admin interface pages (CSCsw76649) CVSS Base Score - 5.5 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - None Integrity Impact - Partial Availability Impact - Partial CVSS Temporal Score - 4.5 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the directory traversal vulnerability may result in read and write access to files on the underlying operating system. Successful exploitation of the script injection vulnerability may result in the execution of JavaScript of authenticated users and prevent server pages from displaying properly. Software Versions and Fixes =========================== The fixes for these vulnerabilities are included in CRS version 7.0(1)SR2 and are available as a hotfix for customers running versions 5.x and 6.x. The hotfixes are crs5.0.2sr2es09 and crs6.0.1sr1es05. The latest version of Cisco Unified Contact Center Express is available at the following link: http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=7.0%281%29_SR2&mdfid=270569179&sftType=Cisco+Customer+Response+Solution+Software+Releases&optPlat=&nodecount=11&edesignator=null&modelName=Cisco+Unified+Contact+Center+Express&treeMdfId=2788752. Information about how to obtain the hotfixes can be found in the release notes enclosures of the bugs at: CSCsw76644 and CSCsw76649. When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Workarounds =========== There are no workarounds for these vulnerabilities. The script injection attacks that are described in this advisory are a specific classification of stored cross-site scripting attacks. A description and mitigation technique can be found in the applied mitigation bulletin available at the following link: http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a008073f7b3.html These vulnerabilities can be detected and mitigated with IDS signatures 3216-0 and 19001-0. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. These vulnerabilities were reported to Cisco by National Australia Bank's Security Assurance team. Cisco would like to thank the National Australia Bank's Security Assurance team for the discovery and reporting of these vulnerabilities. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090715-uccx.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +-----------------------------------------------------------+ | Revision 1.0 | 2009-July-15 | Initial public release | +-----------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2008-2009 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- Updated: Jul 15, 2009 Document ID: 110307 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpeCwIACgkQ86n/Gc8U/uCRVACfQ16BguNxTclUmslEdX/l/W8Y 6DcAoJ3WjD6cV2PJ5LPVei8F9mMDyXLj =wNQ1 -----END PGP SIGNATURE-----
VAR-200907-0064 CVE-2009-1422 HP ProCurve Threat Management Services zl Module CRL Security Bypass Vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to gain privileges via unknown vectors, aka PR_41209. Successful exploits may allow attackers to bypass certain security restrictions, which may aid in launching further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01803910 Version: 1 HPSBGN02446 SSRT090111 rev.1 - HP ProCurve Threat Management Services zl Module (J9155A), Remote Unauthorized Access, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. These vulnerabilities could be exploited remotely to gain unauthorized access or to create a Denial of Service (DoS). References: CVE-2009-1422 (PR_41209), CVE-2009-1423 (PR_39898), CVE-2009-1424 (PR_39412), CVE-2009-1425 (PR_18770) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. PRODUCT SPECIFIC INFORMATION None HISTORY Version:1 (rev.1) - 13 July 2009 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (HP-UX) iEYEARECAAYFAkpbRhEACgkQ4B86/C0qfVl3xgCg7jEzheufkiLM8p1GIyuHszFs /8IAoL0opXD/2eUOpTzzyT7cZcfmkjhQ =pOEf -----END PGP SIGNATURE-----
VAR-200907-0065 CVE-2009-1423 HP ProCurve Threat Management Services zl Module VPN Remote Denial of Service Vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service via unknown vectors, aka PR_39898, a different vulnerability than CVE-2009-1424 and CVE-2009-1425. This vulnerability CVE-2009-1424 and CVE-2009-1425 Is a different vulnerability.Service disruption by a third party (DoS) There is a possibility of being put into a state. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01803910 Version: 1 HPSBGN02446 SSRT090111 rev.1 - HP ProCurve Threat Management Services zl Module (J9155A), Remote Unauthorized Access, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. These vulnerabilities could be exploited remotely to gain unauthorized access or to create a Denial of Service (DoS). References: CVE-2009-1422 (PR_41209), CVE-2009-1423 (PR_39898), CVE-2009-1424 (PR_39412), CVE-2009-1425 (PR_18770) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. PRODUCT SPECIFIC INFORMATION None HISTORY Version:1 (rev.1) - 13 July 2009 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (HP-UX) iEYEARECAAYFAkpbRhEACgkQ4B86/C0qfVl3xgCg7jEzheufkiLM8p1GIyuHszFs /8IAoL0opXD/2eUOpTzzyT7cZcfmkjhQ =pOEf -----END PGP SIGNATURE-----
VAR-200907-0066 CVE-2009-1424 HP ProCurve Threat Management Services zl Service disruption in modules (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service via unknown vectors, aka PR_39412, a different vulnerability than CVE-2009-1423 and CVE-2009-1425. This vulnerability CVE-2009-1423 and CVE-2009-1425 Is a different vulnerability.Service disruption by a third party (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01803910 Version: 1 HPSBGN02446 SSRT090111 rev.1 - HP ProCurve Threat Management Services zl Module (J9155A), Remote Unauthorized Access, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. These vulnerabilities could be exploited remotely to gain unauthorized access or to create a Denial of Service (DoS). References: CVE-2009-1422 (PR_41209), CVE-2009-1423 (PR_39898), CVE-2009-1424 (PR_39412), CVE-2009-1425 (PR_18770) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. PRODUCT SPECIFIC INFORMATION None HISTORY Version:1 (rev.1) - 13 July 2009 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (HP-UX) iEYEARECAAYFAkpbRhEACgkQ4B86/C0qfVl3xgCg7jEzheufkiLM8p1GIyuHszFs /8IAoL0opXD/2eUOpTzzyT7cZcfmkjhQ =pOEf -----END PGP SIGNATURE-----
VAR-200907-0067 CVE-2009-1425 HP ProCurve Threat Management Services zl Module 'httpd' Denial of Service Vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service by triggering a stop or crash in httpd, aka PR_18770, a different vulnerability than CVE-2009-1423 and CVE-2009-1424. An attacker may leverage this issue cause a denial of service to the device's management interface. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01803910 Version: 1 HPSBGN02446 SSRT090111 rev.1 - HP ProCurve Threat Management Services zl Module (J9155A), Remote Unauthorized Access, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. These vulnerabilities could be exploited remotely to gain unauthorized access or to create a Denial of Service (DoS). References: CVE-2009-1422 (PR_41209), CVE-2009-1423 (PR_39898), CVE-2009-1424 (PR_39412), CVE-2009-1425 (PR_18770) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP ProCurve Threat Management Services zl Module (J9155A) running vST.1.0.090213 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-1422 (AV:N/AC:H/Au:N/C:C/I:C/A:N) 7.1 CVE-2009-1423 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2009-1424 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2009-1425 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following software update available to resolve the vulnerabilities. PRODUCT SPECIFIC INFORMATION None HISTORY Version:1 (rev.1) - 13 July 2009 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (HP-UX) iEYEARECAAYFAkpbRhEACgkQ4B86/C0qfVl3xgCg7jEzheufkiLM8p1GIyuHszFs /8IAoL0opXD/2eUOpTzzyT7cZcfmkjhQ =pOEf -----END PGP SIGNATURE-----
VAR-201206-0002 CVE-2009-0695 Wyse Device Manager (WDM) HServer and HAgent contain multiple vulnerabilities CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action. Wyse Device Manager (WDM) Server and HAgent contain several vulnerabilities. An attacker with network access to WDM components could execute arbitrary code on vulnerable systems. Successful exploits will allow remote attackers to execute arbitrary commands within the context of the affected application. Successfully exploiting this issue may allow an attacker to bypass security restrictions and perform unauthorized actions
VAR-200907-0717 CVE-2009-1725 Apple Safari of WebKit Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. Apple Safari of WebKit Does not handle numeric references properly, so arbitrary code can be executed or service disruption (DoS) There is a vulnerability that becomes a condition.Arbitrary code is executed by a third party or service operation is interrupted (DoS) There is a possibility of being put into a state. WebKit is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Safari's WebKit has a cross-domain script execution vulnerability when dealing with parent/top objects. This update provides a solution to this vulnerability. (CVE-2009-1687). (CVE-2009-1690). (CVE-2009-0689). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1690 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2537 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.1: c08161eacba6cdb1b0ba26babe5f8cc5 2009.1/i586/kdelibs4-core-4.2.4-0.8mdv2009.1.i586.rpm 933468cf4109252dac5119edd958f73d 2009.1/i586/kdelibs4-devel-4.2.4-0.8mdv2009.1.i586.rpm 96703a0ef0baf299647ff27d64cb0680 2009.1/i586/libkde3support4-4.2.4-0.8mdv2009.1.i586.rpm e5f60ba41e5919fa77c313b204e1f712 2009.1/i586/libkdecore5-4.2.4-0.8mdv2009.1.i586.rpm cf8af6e467cd1585c44e1cce01362526 2009.1/i586/libkdefakes5-4.2.4-0.8mdv2009.1.i586.rpm 1c9c04b5f6c0c59d2e5860b077e0c6e3 2009.1/i586/libkdesu5-4.2.4-0.8mdv2009.1.i586.rpm 89fe7c33c7e5bcc23595560ae4664bf6 2009.1/i586/libkdeui5-4.2.4-0.8mdv2009.1.i586.rpm 30b73ef58ac3a45ff86756ad09d0d555 2009.1/i586/libkdnssd4-4.2.4-0.8mdv2009.1.i586.rpm a1f00af00ea7e52d9f187f1fe5ccdfe2 2009.1/i586/libkfile4-4.2.4-0.8mdv2009.1.i586.rpm 553486988b945307ee038cb41dcb76e6 2009.1/i586/libkhtml5-4.2.4-0.8mdv2009.1.i586.rpm 9d9501ff70e709c5ea32b35aa985688a 2009.1/i586/libkimproxy4-4.2.4-0.8mdv2009.1.i586.rpm a2ec3f440eb6cf545abbc63a3d34c1e5 2009.1/i586/libkio5-4.2.4-0.8mdv2009.1.i586.rpm 4168e955b60a5a69d8f1e085b30d0424 2009.1/i586/libkjs4-4.2.4-0.8mdv2009.1.i586.rpm bfcece9c73348c6415c48ec266877908 2009.1/i586/libkjsapi4-4.2.4-0.8mdv2009.1.i586.rpm 228ca7dc2a86fdc868a5937b16a7a08c 2009.1/i586/libkjsembed4-4.2.4-0.8mdv2009.1.i586.rpm f6297ae0630eb6207895df9f2f971eb6 2009.1/i586/libkmediaplayer4-4.2.4-0.8mdv2009.1.i586.rpm cf6113c17858d5e6e3c0e04622f8a66c 2009.1/i586/libknewstuff2_4-4.2.4-0.8mdv2009.1.i586.rpm da55a2f428ad020834f7b91c0023ecf6 2009.1/i586/libknotifyconfig4-4.2.4-0.8mdv2009.1.i586.rpm 9fef466138ff78a3d6d3244998a9ba30 2009.1/i586/libkntlm4-4.2.4-0.8mdv2009.1.i586.rpm 4f7c0ad254ec1990f5dab1c0b959629d 2009.1/i586/libkparts4-4.2.4-0.8mdv2009.1.i586.rpm 8c58d6a9a6ec7fc21f287b2f4c2e9858 2009.1/i586/libkpty4-4.2.4-0.8mdv2009.1.i586.rpm 8ed500d050b95560d7eff6db26fa05ee 2009.1/i586/libkrosscore4-4.2.4-0.8mdv2009.1.i586.rpm 2d8d12d8a7bbfe18f6b04b9807795077 2009.1/i586/libkrossui4-4.2.4-0.8mdv2009.1.i586.rpm 8cc5c226e381b122983440b3440c1476 2009.1/i586/libktexteditor4-4.2.4-0.8mdv2009.1.i586.rpm 3c53941130fb8cc6d12b8cdea488f536 2009.1/i586/libkunittest4-4.2.4-0.8mdv2009.1.i586.rpm 3996bfcff0b2465c39c6ccdb8367f401 2009.1/i586/libkutils4-4.2.4-0.8mdv2009.1.i586.rpm 129a26ab20c792994113b5db00b7f7c4 2009.1/i586/libnepomuk4-4.2.4-0.8mdv2009.1.i586.rpm 0b88090e1cba0db59a3fb85c34e6b726 2009.1/i586/libplasma3-4.2.4-0.8mdv2009.1.i586.rpm 79b484a6c8e20db156fbe130c81e2001 2009.1/i586/libsolid4-4.2.4-0.8mdv2009.1.i586.rpm ddd09e03af15f421b2e38b6f06c0247a 2009.1/i586/libthreadweaver4-4.2.4-0.8mdv2009.1.i586.rpm fe70dc01416cc986d1e19c15a0b5cfa7 2009.1/SRPMS/kdelibs4-4.2.4-0.8mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 89f77418ccda86b51c7d32d011e88e9b 2009.1/x86_64/kdelibs4-core-4.2.4-0.8mdv2009.1.x86_64.rpm d0b009e595350648b12cca1ee094802e 2009.1/x86_64/kdelibs4-devel-4.2.4-0.8mdv2009.1.x86_64.rpm 03db494c356e0b0823ddf697d42c0f50 2009.1/x86_64/lib64kde3support4-4.2.4-0.8mdv2009.1.x86_64.rpm 6d98531ba95a096fd49801f7df452776 2009.1/x86_64/lib64kdecore5-4.2.4-0.8mdv2009.1.x86_64.rpm bf3845f586eeeaafab5e25442f4d8950 2009.1/x86_64/lib64kdefakes5-4.2.4-0.8mdv2009.1.x86_64.rpm b9767fb69262886d60a7844ad6569e27 2009.1/x86_64/lib64kdesu5-4.2.4-0.8mdv2009.1.x86_64.rpm d709c9fb8874c432d1b4e415e9c06858 2009.1/x86_64/lib64kdeui5-4.2.4-0.8mdv2009.1.x86_64.rpm 6d062780a7629eed7e93ab9e66daf633 2009.1/x86_64/lib64kdnssd4-4.2.4-0.8mdv2009.1.x86_64.rpm f39c44bc7572d06921061c0ac5ef78c9 2009.1/x86_64/lib64kfile4-4.2.4-0.8mdv2009.1.x86_64.rpm 90f8ecd4967830ebff3b81732162fe33 2009.1/x86_64/lib64khtml5-4.2.4-0.8mdv2009.1.x86_64.rpm 005d7de69a0063a8dc396b9dffdf20ed 2009.1/x86_64/lib64kimproxy4-4.2.4-0.8mdv2009.1.x86_64.rpm 3924d83bf43990f7a7ba5d2eea29ef5d 2009.1/x86_64/lib64kio5-4.2.4-0.8mdv2009.1.x86_64.rpm 9124f0ce5f1643e4310ef0bfc5fda970 2009.1/x86_64/lib64kjs4-4.2.4-0.8mdv2009.1.x86_64.rpm 573504d0c305e757b3c163b9132264e4 2009.1/x86_64/lib64kjsapi4-4.2.4-0.8mdv2009.1.x86_64.rpm 917e5b175a3a5480e848dee6201e99d9 2009.1/x86_64/lib64kjsembed4-4.2.4-0.8mdv2009.1.x86_64.rpm 604cce29c11b2452b2744ff72e248b7c 2009.1/x86_64/lib64kmediaplayer4-4.2.4-0.8mdv2009.1.x86_64.rpm bd75d3e4feaa98a3659ae5d113fe45f6 2009.1/x86_64/lib64knewstuff2_4-4.2.4-0.8mdv2009.1.x86_64.rpm 0a7d48b91c673f5908ce2d47a77746e2 2009.1/x86_64/lib64knotifyconfig4-4.2.4-0.8mdv2009.1.x86_64.rpm a91967cfec8b470cc7520ac17590d41b 2009.1/x86_64/lib64kntlm4-4.2.4-0.8mdv2009.1.x86_64.rpm 0159bb033c507f20fb8bd77a7a8be43a 2009.1/x86_64/lib64kparts4-4.2.4-0.8mdv2009.1.x86_64.rpm a062d0124cdea9dfcafb82ed2c5dfd54 2009.1/x86_64/lib64kpty4-4.2.4-0.8mdv2009.1.x86_64.rpm 8c0950479a23531a03836f7744d6b90d 2009.1/x86_64/lib64krosscore4-4.2.4-0.8mdv2009.1.x86_64.rpm ca61efacf989bd4421d2c88abc440e3f 2009.1/x86_64/lib64krossui4-4.2.4-0.8mdv2009.1.x86_64.rpm bcd31e87995de0f86ad9c363e87ea0d4 2009.1/x86_64/lib64ktexteditor4-4.2.4-0.8mdv2009.1.x86_64.rpm 23a0f2c640a20dd1be2b4475a9102cd6 2009.1/x86_64/lib64kunittest4-4.2.4-0.8mdv2009.1.x86_64.rpm e49987a6d8016b6ac39011b6cac0b570 2009.1/x86_64/lib64kutils4-4.2.4-0.8mdv2009.1.x86_64.rpm 90d6806fa9dcd2ac1b71fc3b72dd4f81 2009.1/x86_64/lib64nepomuk4-4.2.4-0.8mdv2009.1.x86_64.rpm 4808080c578223d0bcb156e78f5d661f 2009.1/x86_64/lib64plasma3-4.2.4-0.8mdv2009.1.x86_64.rpm e8cecb137634dfc738617b67a6d34122 2009.1/x86_64/lib64solid4-4.2.4-0.8mdv2009.1.x86_64.rpm 35c8778eaaa5465a8f15c27a57d8ed60 2009.1/x86_64/lib64threadweaver4-4.2.4-0.8mdv2009.1.x86_64.rpm fe70dc01416cc986d1e19c15a0b5cfa7 2009.1/SRPMS/kdelibs4-4.2.4-0.8mdv2009.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. =========================================================== Ubuntu Security Notice USN-857-1 November 10, 2009 qt4-x11 vulnerabilities CVE-2009-0945, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1699, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1725 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: libqt4-webkit 4.4.3-0ubuntu1.4 Ubuntu 9.04: libqt4-webkit 4.5.0-0ubuntu4.3 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: It was discovered that QtWebKit did not properly handle certain SVGPathList data structures. (CVE-2009-0945) Several flaws were discovered in the QtWebKit browser and JavaScript engines. (CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1711, CVE-2009-1725) It was discovered that QtWebKit did not properly handle certain XSL stylesheets. (CVE-2009-1699, CVE-2009-1713) It was discovered that QtWebKit did not prevent the loading of local Java applets. (CVE-2009-1712) Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.4.3-0ubuntu1.4.diff.gz Size/MD5: 116770 f73a330179df7d453f50b286ea3a2c7a http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.4.3-0ubuntu1.4.dsc Size/MD5: 2506 711cb90dfd206bd6553dbe0fb8ecd1e2 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.4.3.orig.tar.gz Size/MD5: 112939803 376c003317c4417326ba2116370227d0 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-doc-html_4.4.3-0ubuntu1.4_all.deb Size/MD5: 25758932 0b783fa95d4d41487e58d43823806355 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-doc_4.4.3-0ubuntu1.4_all.deb Size/MD5: 52821772 7d1f3762baf09178176e99e41a502a2b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-assistant_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 19104 bdc4880e85e007e64d6c5fe8c7c1d81e http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-core_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 7560 b65d2d20cdac05a7e8a04c7b51bc6417 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dbg_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 87571534 73643e89deb481e7a42785d6c65b4594 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dbus_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 216798 85994fe5c3b286b137ec4f8f3ed9d55a http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-designer_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 2046478 9f4f973c93c20f88838b3b0e48548c75 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 5880176 87946243b9f91e6421a8275417bbecd5 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-gui_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 7548 df209948939090506a2f3315aa8bb63a http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-help_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 213524 556f130d7e1c1ec8f3c427888715807a http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-network_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 432962 a8f5b6db939fd74616b7e666d32dbcbb http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 42350 6281fc06f2395d8462c2fd30ea3f1883 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-opengl_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 162238 3379fc614bd58cc9647b8c40782a45f3 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-qt3support_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 1352676 528c9e209ba652d994292fbfb461cb60 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-script_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 435712 af2919097110286db882cba8c40958e1 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 34384 438d61efc4b1ec7af46ff7aaf15b9a8c http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 47234 692ccc3fdd023fa61b1646b3a1073e29 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-psql_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 39112 cf94d41a0a91e71d3e6a7905705020c8 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 22452 4a020d5b8e2ff02532af056a6765af52 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 26432 5492f45d25d4dfb271318f662db0e50c http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 109136 0bde853eb0fef921984e5b9b24695a65 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-svg_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 160746 b8a19545836d673dda2d1cad49901e5b http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-test_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 38064 61ee9cd2c51286c698ba738fbd8e4d13 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 53511494 25179f43545ee4f15fa70ff1c4211c66 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-webkit_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 3427782 f3c50589e42291ac643390b3b5056ad3 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xml_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 114482 7858ea28ed0ae9e48ebe2d5ebca219ab http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 13447008 3b146e17a13acfa50bfa6759232821e1 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 805718 d14b956e7b2c494ef5e359dff2bdb8fd http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqtcore4_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 2094928 fad1c4be4f9242977cbb6c191ec19f09 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqtgui4_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 4249322 cefb0f909b1913edd97aae55a4ef09c0 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-demos_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 10502594 4af5ca52a2316f9290d0a99bd1683127 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-designer_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 386118 35fd3567e5eaf2ecaefab37fe3f21701 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-dev-tools_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 1507998 8254b4ed13728d957ebf41f74d391c6b http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-qtconfig_4.4.3-0ubuntu1.4_amd64.deb Size/MD5: 110220 8e379f1af97edacc7f40037fa342af7b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-assistant_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 19202 2303fd6083a47fe5b85ee1e46ff1ff7c http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-core_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 7556 30aabb9f249114d86f823795f7e621ff http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dbg_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 86379828 eb07fdc2dcecb0f26707148362bb70ce http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dbus_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 216268 96e19c8dc017357682acac62896c5b40 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-designer_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 2072946 2fc1d9101e2132e43161e2fb600f886a http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 5705332 24d5a30fd21ecae4ca3d5bf570b8347d http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-gui_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 7548 527eb6b3bc6fc6fa3d7a4d26c967c919 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-help_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 212706 7bb944917c1fb9be6ce6b1cd056afca1 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-network_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 437368 f086dacfa27998d93fd8f093b0bacce3 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 42348 a2427fa3317fe01341ebe66ee3388c47 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-opengl_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 161130 2c4ebc05d22e3299359b9c64bcb8c3fd http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-qt3support_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 1366348 68fef30b16caa835cd6330eec7c5c346 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-script_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 420458 ac91fb37161830ba3e0fd4b884639afd http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 33724 868ace8cd8b514b367db48a95217035e http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 47056 c918217593ebc473fc3d050285bec49d http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-psql_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 38336 650d40a12071e2a04316edc5860788d1 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 22002 9087daddd7762b1df7a4b9df34166521 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 25898 06bcb1cfcb2df47e758bb89946f9aac6 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 108838 3f80ec6192ebdfd8807450a8aeac928a http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-svg_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 158310 24cf265a2f29818beb73709197bef2c3 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-test_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 37122 b536ef0ebc0dcfa6167cd4285e2ec19d http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 53126238 bc4c62409883fd6034f07baf1a765853 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-webkit_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 3241850 27d0122caabe919c984b0ff1f59334f9 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xml_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 112012 130f929f42286ce4927feb7f3dbd8d18 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 13302092 2deee7794c76d799c789a56c38147d8a http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 758112 980c7e2f807f29c95ef51feee1bd6f87 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqtcore4_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 2086300 e1d521ac4ef50e82235b61b0b0309c2a http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqtgui4_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 4285842 f79cbd461f5986a686e35b77e8838c7c http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-demos_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 10346058 cd6b5dd99cc2496e60f65303a4d861e7 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-designer_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 377632 0adfcc3c280368f734658d611c7f0c69 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-dev-tools_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 1487606 2f2e1e5f10fb8a9bbd94c647ae355135 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-qtconfig_4.4.3-0ubuntu1.4_i386.deb Size/MD5: 109322 661b18bee424dcc2a108e960dbe51188 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-assistant_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 19118 975962361f82c04fe938397d732d5679 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-core_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 7556 5e9705e3675d4882a9040da75d934db7 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbg_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 86616234 5f8f6362ef3e45674f8c1480933f4714 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbus_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 218292 d89f63624713a3e9f34a7622fd754830 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-designer_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 2075540 088236f1cb51516af7efb07eb9e859a5 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dev_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 5791558 693f36209c7728b4da4b3e2a310a2730 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-gui_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 7546 765882dd4710771b9f01801c34173f17 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-help_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 215380 3000fb6b96014944c85f69d9be1e9314 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-network_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 439662 ca410c727f89f68f88ed7c32f08c7496 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 42346 d8670500e205ba66ca588d2020eb6e9b http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 163154 044e27e36b057295b8312b3326bb6d70 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-qt3support_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 1369342 9945efb11009af3f7f875f4aa70c7fd1 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-script_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 429370 47ffb00ebb1918ae6b638872a76412b4 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 34006 b11c44e3a7e1d5ba2277e981de8928d5 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 47638 803c079d0a531b0a84043fc1f7c87d58 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-psql_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 38608 054c5fa2ddbd80efd168dc072e951e0e http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 21992 ca7ada6adc17a99b713920b6452b2f87 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 25962 547542c994e3777e900287da869be0e7 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 108930 48566fe567ab5e3ae14185608cc5bd3a http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-svg_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 159630 48eb3c78b4c28d745ef6862e9f5cac17 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-test_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 37444 695be042708d936061c289d78c86cd77 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 53250108 4e06206559a3470bad0730e8aec7e615 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 3227648 acbd67fa1648ca9ad1e10f021e66f8d2 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xml_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 110938 bae7d2f0c2c13b33123357102f19cba7 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 13316918 c5c409330384ba74489646dabbe9e1a8 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 749270 375901cd31337ffcce0677bef73b8e2b http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtcore4_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 2086296 46b733dc7e08126af4b343287396b051 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtgui4_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 4299788 efc7837ecb1aff0917414f020f4f7710 http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-demos_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 10380362 ee64ccc2462a1767363119ab130f86fb http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-designer_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 382986 c5c48c0dc497b68bd661eea92b5678b8 http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-dev-tools_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 1501518 06d78b9cb426e70bc1823f755b47cb16 http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-qtconfig_4.4.3-0ubuntu1.4_lpia.deb Size/MD5: 111312 2d5f5829685d661dc3b7408c99233f57 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-assistant_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 21316 45b1ea5b5050b2c0c876872af540089a http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-core_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 7562 4dea3a46b67dca117f5c8924389b90ef http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbg_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 90621650 d41925c8e7b667daed298626937652ab http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbus_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 226524 48a6eaf02c23089cdf5271b81386ac8c http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-designer_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 2127276 685f37c1fdc371cfac83711b1dcbe425 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dev_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 5876318 f9777dc66d06e8a241a1a08171eca1ce http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-gui_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 7546 446de6e1e94e17f515641bd91bc34e0f http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-help_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 221776 ed54fe99be13d94c994a8dc27a16d0e5 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-network_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 459056 586952d7ae2b7729d95db536f40b87b1 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 42336 2d51e9ef35064b75b94ff171ca51cbd0 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 173132 a8dce02d86a0341b4e73830baa2ff6ae http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-qt3support_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 1435512 9fe6abc1dbc92dba076b088154406ae2 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-script_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 438202 72b3f451ee05252b81ff73fa22071b71 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 36940 2ff0cfbae3265612c7bfe005333dee20 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 49810 f6ba70b43ec1b6e504b047dad346eb25 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-psql_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 41498 9d558baba4e4fbae203a9f72c1c8c150 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 24746 af57d713a5d1e216e350dc70ff7e76e0 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 28826 709982084d93ca6f9eca9e8554cac7ee http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 117160 56cb8f90e619174bde6f8da70d7deb21 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-svg_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 172392 9598ce1608394ee2888309a6d2c4c943 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-test_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 41680 5cd082858ca6bf4ed2c67556508ff8d5 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 55519220 92115cc894051fa7bdb29eb6a2f8f088 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 3486770 24e725bf0c47a1108692f4bdd46d23fd http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xml_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 121160 944ca0755f1b8057c286f6d3c2e1f8ec http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 14047876 e1523a10c866ca8dc124947a25aeb34c http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 835254 d7dda3b37da92ca6cba70f941964a371 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtcore4_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 2188324 66bd658c0d8f80205ce8aa741a5c25d6 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtgui4_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 4537294 211ff93e7c8e41ee2881baec57f87b32 http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-demos_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 10999204 84090af5c87a89d7d696d00baaf87493 http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-designer_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 391756 7ebc072d2a2750262bb6cb1587c5505d http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-dev-tools_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 1530908 3fe67007771638ba35c2935a3432d1e6 http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-qtconfig_4.4.3-0ubuntu1.4_powerpc.deb Size/MD5: 111696 1a4f101db96d252c9a93b23f9c20f1fe sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-assistant_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 19006 53bc0f17fdc2e7e10938a259b30710c3 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-core_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 7560 3b86547b62162ec391f7945b0a71bbea http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbg_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 86584472 1490ec1af2900f0515fadf3d10b1c8b1 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbus_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 214836 b52c445f198c5d4c2fef5d0110862ed3 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-designer_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 2082186 a59e474cf1aea5faa97d3c2f38b79768 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dev_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 5813064 0b29c127800c828ad782ea08f9869b95 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-gui_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 7548 9784e2fd6bad6b99dec68f28bf95c013 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-help_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 221416 98421a8a2735b28ec69a79dcb12bc36a http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-network_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 434660 08d518f50779ab7696a49d5789983d08 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 42328 c483fc06c701a311895a8f912594d0ce http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 162370 6a1a2f6940287071f83b69dd0a2074ff http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-qt3support_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 1351514 4971ee99b0763cdb1b95a350ca97b725 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-script_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 427020 65ee12f6a206cad658d7b4b51cac1c36 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 33654 125d67bc7a3343e16141209ae295f51b http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 46336 97bf93bcf238fb612b6db5254e72bf4e http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-psql_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 38482 3e45668f681c73fe5b2f487e76af92bd http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 21700 6ee8cccd7f120782d7ae07d799adea37 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 25726 14c6e1834745ecf8c24d215bacc7273b http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 109626 46c957419dcf1328dc6e625f5044e087 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-svg_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 157736 a15b042b86fd9af64e5818867a7bc971 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-test_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 36972 2e4f695e58caf79d93f7f929a3f5154a http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 54818118 ca0d50eb86ac4c4ed69bbfaac082b78d http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 3678126 639241e858bdf4bb280b8c9e24b945e8 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xml_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 114956 a7d5d4e9c6eb7a28d607a40b72563279 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 13545692 049544460c82e22450aee8e5d9db6110 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 1029752 3fefe6c4a287a6a59acf2494882e8757 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtcore4_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 2101436 2589e4a81b28459d1e1b9002b5402674 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtgui4_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 4283628 d2ed704202357f329e22cf5995f62651 http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-demos_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 10561886 6cb80130934f4dc83f3449c788251372 http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-designer_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 393816 50f8e31568a792c275dfb5dbbb75d2ab http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-dev-tools_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 1542060 e2e1180c629e4d08a56c506b482e2ca3 http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-qtconfig_4.4.3-0ubuntu1.4_sparc.deb Size/MD5: 113046 ca0bdbedc0b649fc9745a9c356c2f6e3 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.5.0-0ubuntu4.3.diff.gz Size/MD5: 113724 cf59da7b0c09550ff78b6164e87ee131 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.5.0-0ubuntu4.3.dsc Size/MD5: 2606 d75ba3f2a8b7a0fc5f17a6d013fd3466 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-x11_4.5.0.orig.tar.gz Size/MD5: 125349021 ffbb1aaea2d538df7ec7694cd68750df Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-doc-html_4.5.0-0ubuntu4.3_all.deb Size/MD5: 24035224 db61f130680cbfecaee7b2076d9b5b4b http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-doc_4.5.0-0ubuntu4.3_all.deb Size/MD5: 51777244 2c5967ae92de35d935f22bb8cefdb7fb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-assistant_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 11622 737452fbf1eb644732601da4afe86d56 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-core_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 2310 4ab7edba7c683c4cd436ca6f6e43cc07 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dbg_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 49977848 5a39a981a5a46f5b9833856aa8bd75ab http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dbus_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 175462 33f715129fcbb8fe17cbf233afdd2735 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-designer_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 1798666 b0abe77a5b60e101b8a4f796cee35b9d http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev-dbg_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 6442006 3ec2ed8e896375977496d8aaba00fc0f http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 2442216 55bcb4ba4d60f160adee52790f282bf5 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-gui_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 2300 b0ee4bbf483c8037799882f47a9ec95b http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-help_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 169046 f5cec0a5df796752c97289a7599a547f http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-network_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 379932 4a675e3de3c9ffeda60720b389dded9b http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-opengl-dev_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 31006 6e065ba12e303945dfd4969c7b0e6108 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-opengl_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 150338 1389003b28ca5f92e5bb8c9577a36fbb http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-qt3support_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 1033060 00e3845cefc2c24d676c64215cd3c1a4 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-script_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 349792 3a0b31c3ad9667c03ecd37efc863e27c http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-scripttools_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 216816 66d2b7a90f14393d259bf12068f44a0a http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-mysql_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 24020 787039fb8afe166961e56b21020c45c4 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-odbc_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 38326 8363daf729bf199a14566ed0054cb110 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-psql_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 27504 cb2ea2f84ea939edcf662024a81187bf http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-sqlite2_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 14198 087d5a3f0143d20d87b346e1ef04b2e6 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-sqlite_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 17152 4ec3302c7e7b40f41f276883eb1f9cf1 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 85832 94f0d14fcfc19c8dfd1a36a29a2d5825 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-svg_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 129138 a32e5231e108b2f1c869b3631fc98dfe http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-test_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 41274 4450aea1e1c1078de1d6d43a77d80ef4 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-webkit-dbg_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 58479264 76487ff20906b41662cacb4cd8c4eedc http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-webkit_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 3635668 5d869921403fc9d4e1994b81b92ef122 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xml_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 87132 e9da8588cdb3f8995cb440d172f39a56 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 5521678 207d3c7382e7f7dab949b4761c819b67 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xmlpatterns_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 653750 302a9fd3b69b1d41b8e65cd00a4a38b7 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqtcore4_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 1490876 a5d562105e8c1d6f14e6c9e38f2f7c1f http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqtgui4_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 3589934 59404b3094771d8d30fa4085456661b4 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-demos-dbg_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 24216220 10b8cd267a0d68a7a2a08327e1db059a http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-demos_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 5480184 36ccc9b88e638cf13f3cfce9610d778b http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-designer_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 247710 0021d694f10622ef0faac30d8f05ed6a http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-dev-tools-dbg_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 6913490 044d9347469b06b3b5c9a52708fb22d6 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-dev-tools_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 1826192 35ab7279b9e9fe1e93d8c754e0a53f73 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-qmake_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 1301118 10986e4c5ec819a976b7e49161939a16 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-qtconfig_4.5.0-0ubuntu4.3_amd64.deb Size/MD5: 81282 14ffbbbb5b74a10ff0337d6a08fac291 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-assistant_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 11598 8db87ef71449e31c1ab389e26e305793 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-core_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 2314 ed908ab64c8ddc432935230e227df32c http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dbg_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 48872540 78c072e9fc494fedd3e56ba2e6c5b14f http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dbus_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 175422 3d97854e70da9c80dd6187a43c273da2 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-designer_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 1821098 5c0b22bf30f5c0ad3e8e9c35fa29241d http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev-dbg_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 6222664 8dc2d38b512ae20cf6c0e48f35446e55 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-dev_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 2426558 bd753136ff81b7879b6d26bd5e6ccbeb http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-gui_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 2302 96334f4e93762dd1a28ce34f6b6855dd http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-help_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 170522 4f124c0feff569d3a7aaf7a537fa5ede http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-network_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 386636 39614ce0a48380ec9c9b82b52d46fc48 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-opengl-dev_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 31006 b8e6ffba684bb6aecfe7cf547d069591 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-opengl_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 150268 fd9fc1d937cc2186a241085727f69e45 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-qt3support_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 1047674 917768ee99ad30e46d8ea162ba2a55a0 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-script_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 345124 783e3146d1d15e7e4b56177c2551dc8c http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-scripttools_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 219532 dd4402ef905fe36edc219977b8b56522 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-mysql_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 23490 e3ae808d9546d39b318f2032a3efb2ed http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-odbc_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 38370 c3912b46f9819db92995814578905aaa http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-psql_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 26944 6942237ccbe925f91da83a58d80257dc http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-sqlite2_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 13910 24fd6fdd62a853df103ccc5eb23f3ae9 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql-sqlite_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 16950 224500aeec4ee6c0bda83f1979f556b7 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-sql_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 85482 35f8861a0f387877d757af2a4bcb74fb http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-svg_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 127134 74b396cfbdfd52fc01a5b44feafddf40 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-test_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 40384 850f651e7b3692dd8f0359e1f6fa9912 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-webkit-dbg_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 59567434 bbf0c15e2947f809171025aecd169bf2 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-webkit_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 3642492 ccd71c16c7d07bd4883700a95a7e310d http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xml_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 85662 fc005d23610c7815031ccf67e44d57c2 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 5446004 9ceeb69be14e99aa371c34c48e0dd8e1 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-xmlpatterns_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 631616 58a2c5664efbc4969e273be8d3e51cb2 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqtcore4_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 1495212 280e8771adeb6e48a31c1c00c65d097d http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqtgui4_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 3638476 617f09457809107814b139fdaa11b2cd http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-demos-dbg_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 23695874 19d12080a314954ef6184589c6e6ef64 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-demos_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 5411704 8ffd319dca0814ec7bf90e392c79d75c http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-designer_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 242498 cf300d706f60b14c9bdb26d38dfca4fc http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-dev-tools-dbg_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 6733760 802cb485899ba1684255b4189383e2a2 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-dev-tools_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 1801834 c95b326cd5047777a9b62cf96b842dfc http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-qmake_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 1275490 744e112dc6d57749d4e7c66043162d48 http://security.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-qtconfig_4.5.0-0ubuntu4.3_i386.deb Size/MD5: 80198 e4025eafa9ef6f848712cbb5d305da0b lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-assistant_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 11586 35392a8aec66b9f6a80a3f37989a3e84 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-core_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 2310 bba9237a24419b96e34626f301cb53a1 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbg_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 49102028 35a51944c0b80faa25212c2e5d42af3a http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbus_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 179254 4dad09ed33bbf71e210fe99628eb8e5d http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-designer_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 1845654 a3ccab02027a27ab368b4d76961f44d8 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dev-dbg_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 6301482 e970557325b93c7d3c82fc04e051ad5c http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dev_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 2460502 bd49c126c36b95c63b6356728557cdbb http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-gui_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 2300 24c70a2289d01c6f1a675f18bd83fb0d http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-help_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 174932 e0b29a559a038c9e52d450d3063ae1c3 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-network_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 392598 cd76e9d7fbb3946eed667e73ff44350d http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl-dev_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 31002 85d63a39a01b18e425b60aa7f70fce23 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 154532 5d40f8b45c5cc367eb56e35680b3f81d http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-qt3support_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 1063636 29e972e6c664c9d7f49f6ecb57b7249e http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-script_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 349202 6e483f50400f9bb3322d12d4cd2088a8 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-scripttools_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 221612 f5cf566f6fae3460c4ffe038a2ca45eb http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-mysql_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 23800 a5e1ba153e219d5de887ab2f4c331724 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-odbc_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 39248 e2a9bf4f5860c536b5f6bb2dd36080ff http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-psql_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 27270 6757ef004282dbcb41911519832e665c http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite2_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 13914 60e0b2ff89e2fcb170a9bad22fa5a426 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 17028 dc8248f423afcf49684aff36461b1928 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 86128 0013e3a3d503cd8930215ced2bb7e781 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-svg_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 129896 502e1b866f8b4c93557ccfe37cf84ffd http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-test_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 40860 42258f710eafde8ba98cf0d70ed62bbe http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit-dbg_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 59829124 f5e6ca21fab5632def632f1980d72968 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 3663718 3c60d09c9701b8583ee9b3ea63df1e09 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xml_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 85456 f4cd1db01939e7bea4cf1a14350318d0 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 5462674 73f928cbc1e2ab2a8b0cb35750e33363 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 635968 2ba32c9934c37fb858ef293861296660 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtcore4_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 1503558 71a10407ee8e2b0d8faca71803516543 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtgui4_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 3703968 70254633149e0177b8f40306e1c40119 http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-demos-dbg_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 23831210 a47cc662c799d56d39a098a55c7ff860 http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-demos_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 5460356 d0f2731a66583fca365275b4bf15bd43 http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-designer_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 247224 45221df9fac6b935e70f3d49f1641ec3 http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-dev-tools-dbg_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 6766074 699d8557725cbc1d98b3facf908aa1af http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-dev-tools_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 1843474 1c07f5258466db532f77d046fc0464b4 http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-qmake_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 1316972 524683da13e66e47fa34a6ddb7067473 http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-qtconfig_4.5.0-0ubuntu4.3_lpia.deb Size/MD5: 82774 b3f8e382739f03da9cb94626a2f5211f powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-assistant_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 12608 f70d7f88f98c710f00b8dec826a14945 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-core_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 2312 fc55af80a812eb5ffbf75ec3a7ee62aa http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbg_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 48136850 2863a8886de595c43068283ff45beb90 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbus_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 163234 3d9febce56214962ba436358228df2d4 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-designer_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 1623414 d8dcdedae518133907c850aa8230bf56 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dev-dbg_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 6172098 8d8f8518ff54c90933966fe61729c7dd http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dev_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 2264658 67bb52a5f6d6b60300adfb85423c76ac http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-gui_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 2304 30e86f2760dac7fd3f47c476447bd941 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-help_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 157492 6739e773252eb1cd70806bdb96665439 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-network_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 360428 215dd6ef03babb6a638c45781bb26af2 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl-dev_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 30994 4b457917bdeb91ba6cfcc02d9e0f1e77 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 148258 ebf113910c60bf1e199cd0e76f8b3115 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-qt3support_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 957976 4d49fb9926a4219667b31b76fb75f58e http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-script_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 313972 4def22b0b2bf687f3d2f6a2f669230d5 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-scripttools_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 203240 d56786ea920eb436f4ccbef49260eb4a http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-mysql_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 24312 b935bc753bd5ffdc7c97e542e55e0e6d http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-odbc_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 36972 a4079076c4edf8f0f2cd22be7866f2f6 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-psql_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 27426 b36d025e2cf5335c15f6ee7d2314cf9e http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite2_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 15134 3be81591afc0f3e5614d582a982e17e7 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 18100 dffa427f519211a592132e1d2a5a48e7 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 83246 0c963279944d17e32d467758e84728ec http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-svg_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 124342 f21e4e8d73ec525468ac0265c1c6ed3e http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-test_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 40800 721a48d0c19c7036ec6f7f3e8a1796e4 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit-dbg_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 56672370 a1b88f4ee8294b49ebaab9ddd5fcf2df http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 3283702 f46252f44921409a43fa89af3a5b7e6f http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xml_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 83654 02ea31ab550db40086f5419daeb8bc24 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 5444754 86c71dabb153ac371a3a878a5bfa017f http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 582304 4ef1ec5872ab6fb0cfc33aef011dd051 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtcore4_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 1431880 fd055110524b4102c88431c9a094b6d5 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtgui4_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 3356692 414febb0dcdc2224bbc4d322bf071471 http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-demos-dbg_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 23665304 69d7736174682533b91910e9e9c4e221 http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-demos_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 5394298 4f88263c866b42b011ac6f70b999aa63 http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-designer_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 234970 a30574534ddc200af008c4aef6f830c9 http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-dev-tools-dbg_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 6719304 be9f1a32584792b598c76560e7d4a75b http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-dev-tools_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 1681322 40d865a463a5d25a076bf6f55af65b90 http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-qmake_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 1135018 91e9ded3076f1f141d29895358b062fa http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-qtconfig_4.5.0-0ubuntu4.3_powerpc.deb Size/MD5: 76466 1c75a4de6f3f7a61c41dc97c1ed3bc56 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-assistant_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 10942 a7a4483b64af47318cdabbde9976a65b http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-core_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 2308 b0258f54da89aeda6b40cd6798e6f3ec http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbg_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 45231402 d00aea2071e583a895b6a89ff0234e12 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dbus_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 151694 be8ca9b3ee9a1d47a98867c0aba4160e http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-designer_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 1577576 93f34052ac88e45426f7e45a9c12d206 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dev-dbg_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 5656966 83e7d65e9aa03882c9a0e20605230a69 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-dev_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 2225980 eac4944686a27b18f3d0e3a0dbfacc17 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-gui_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 2302 c318da351836628e9c671eae39dafa9a http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-help_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 151930 3adca0e45ff6ad23b8258a6717e645cb http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-network_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 339444 4bf57591f2c0cc91b69ec0dd1ad0fd30 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl-dev_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 30998 80ecbcd1452055000371a473d8d5fcf5 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-opengl_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 132308 d31962f23a576d6ed29b81d92107d353 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-qt3support_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 895788 305fff66ad3943d35384fcb245391228 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-script_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 287534 0b5d15fd5302e8430dedad0a002a2503 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-scripttools_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 195514 8073d183a54598751563df5efe14f135 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-mysql_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 21426 a8e378abcf5f61aa9085346481b2c7e0 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-odbc_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 31290 d18c888585cfc914c046777d61de2189 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-psql_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 24464 1a69a86a46673d987ccd6d85f578ee0e http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite2_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 12748 5538aadc52d0481f0512e2d87289dc15 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql-sqlite_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 15496 27b6dde8f85dda5c9bdaa7c165b639b4 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-sql_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 75964 31c5dbb4d87a23faa146d7224df6fa02 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-svg_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 109566 79711b8ffb0fb8ea2afa7582375449d4 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-test_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 36522 c2f8d5c388c435d666a7339ecf4829df http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit-dbg_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 56966338 c120bb1bb4e2edde9bd6349db63bc76a http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-webkit_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 3409284 28669d24488ef04d5bca9220839f7767 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xml_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 76352 70dd584dc3c8c9964b427ce0ed3fe5a6 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 5165042 73f9ba9346195ffacf82f84d1ba44c03 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqt4-xmlpatterns_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 660376 90e3f41308b8bb4188314c4ec57069a0 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtcore4_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 1352448 0661edc6b955441c5feeb681fe740831 http://ports.ubuntu.com/pool/main/q/qt4-x11/libqtgui4_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 3175982 7a704629253865d41165a33e60a57763 http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-demos-dbg_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 22594146 b071a350741d3c8ee3094c887839108e http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-demos_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 5333208 d0538ce1add58ae9eb2709a28aace8bd http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-designer_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 233350 bc5b53dfcba69468f73eabd6988a3a62 http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-dev-tools-dbg_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 6177274 233d55a34a9c290561f714970196859a http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-dev-tools_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 1678528 27d97ffe2e9c93cf2412004d03a793fe http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-qmake_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 1093456 20100354350ea3a0150400a593fbb401 http://ports.ubuntu.com/pool/main/q/qt4-x11/qt4-qtconfig_4.5.0-0ubuntu4.3_sparc.deb Size/MD5: 76636 6aa6be976ebfa14c11ef8ae811cfb711 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1950 security@debian.org http://www.debian.org/security/ Giuseppe Iuculano December 12, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : webkit Vulnerability : several Problem type : remote (local) Debian-specific: no CVE Id : CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-1711 CVE-2009-1712 CVE-2009-1725 CVE-2009-1714 CVE-2009-1710 CVE-2009-1697 CVE-2009-1695 CVE-2009-1693 CVE-2009-1694 CVE-2009-1681 CVE-2009-1684 CVE-2009-1692 Debian Bug : 532724 532725 534946 535793 538346 Several vulnerabilities have been discovered in webkit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0945 Array index error in the insertItemBefore method in WebKit, allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object, which triggers memory corruption. CVE-2009-1712 WebKit does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. CVE-2009-1714 Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes. CVE-2009-1710 WebKit allows remote attackers to spoof the browser's display of the host name, security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property. CVE-2009-1697 CRLF injection vulnerability in WebKit allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header. CVE-2009-1695 Cross-site scripting (XSS) vulnerability in WebKit allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition. CVE-2009-1693 WebKit allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue." CVE-2009-1694 WebKit does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue." CVE-2009-1681 WebKit does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document. CVE-2009-1684 Cross-site scripting (XSS) vulnerability in WebKit allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document. CVE-2009-1692 WebKit allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object. For the stable distribution (lenny), these problems has been fixed in version 1.0.1-4+lenny2. For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 1.1.16-1. We recommend that you upgrade your webkit package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1.orig.tar.gz Size/MD5 checksum: 13418752 4de68a5773998bea14e8939aa341c466 http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.diff.gz Size/MD5 checksum: 35369 506c8f2fef73a9fc856264f11a3ad27e http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.dsc Size/MD5 checksum: 1447 b5f01d6428f01d79bfe18338064452ab Architecture independent packages: http://security.debian.org/pool/updates/main/w/webkit/libwebkit-dev_1.0.1-4+lenny2_all.deb Size/MD5 checksum: 35164 df682bbcd13389c2f50002c2aaf7347b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_alpha.deb Size/MD5 checksum: 65193740 fc8b613c9c41ef0f0d3856e7ee3deeae http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_alpha.deb Size/MD5 checksum: 4254938 252b95b962bda11c000f9c0543673c1b amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_amd64.deb Size/MD5 checksum: 3502994 4a96cad1e302e7303d41d6f866215da4 http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_amd64.deb Size/MD5 checksum: 62518476 d723a8c76b373026752b6f68e5fc4950 arm architecture (ARM) http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_arm.deb Size/MD5 checksum: 2721324 1fac2f59ffa9e3d7b8697aae262f09e4 http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_arm.deb Size/MD5 checksum: 61478724 260faea7d5ba766268faad888b3e61ff armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_armel.deb Size/MD5 checksum: 2770654 5b88754e9804d9290537afdf6127643a http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_armel.deb Size/MD5 checksum: 59892062 99c8f13257a054f42686ab9c6329d490 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_hppa.deb Size/MD5 checksum: 3869020 c61be734b6511788e8cc235a5d672eab http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_hppa.deb Size/MD5 checksum: 63935342 f1db2bd7b5c22e257c74100798017f30 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb Size/MD5 checksum: 62161744 f89fc6ac6d1110cabe47dd9184c9a9ca http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb Size/MD5 checksum: 3016584 b854f5294527adac80e9776efed37cd7 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_ia64.deb Size/MD5 checksum: 5547624 2bd2100a345089282117317a9ab2e7d1 http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_ia64.deb Size/MD5 checksum: 62685224 5eaff5d431cf4a85beeaa0b66c91958c mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mips.deb Size/MD5 checksum: 3109134 a680a8f105a19bf1b21a5034c14c4822 http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mips.deb Size/MD5 checksum: 64547832 dd440891a1861262bc92deb0a1ead013 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mipsel.deb Size/MD5 checksum: 2992848 952d643be475c35e253a8757075cd41b http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mipsel.deb Size/MD5 checksum: 62135970 7cd635047e3f9bd000ff4547a47eaaec s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_s390.deb Size/MD5 checksum: 3456914 6fc856a50b3f899c36381ed8d51af44e http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_s390.deb Size/MD5 checksum: 64385860 98ded86952a2c6714ceba76a4a98c35b sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_sparc.deb Size/MD5 checksum: 63621854 f0dd17453bc09fdc05c119faf2212d70 http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_sparc.deb Size/MD5 checksum: 3499170 3f2084d6416459ce1416bd6f6f2845e3 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAksjbAYACgkQNxpp46476aqm7wCaAk6WARfBzzrdYYoxAUKA5weL V5YAmwRkz4XNwdcqnPzdeDzoakljqf1s =DBEQ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . This update upgrades KDE in Mandriva Linux 2008.0 to version 3.5.10, which brings many bugfixes, overall improvements and many security fixes. kdegraphics contains security fixes for CVE-2009-3603,3604,3605,3606,3608,3609,0146,0147,0165,0166,0799,0800,1179,1180,1181,1182,1183 kdelibs contains security fixes for CVE-2009-0689,1687,1690,1698,2702,1725,2537 Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
VAR-200907-0693 CVE-2009-1891 Apache httpd of mod_deflate Service disruption in modules (DoS) Vulnerabilities CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption). (DoS) There is a vulnerability that becomes a condition.Service operation disruption to a third party (DoS) There is a possibility of being put into a state. The Apache 'mod_deflate' module is prone to a denial-of-service vulnerability. Successful exploits may allow remote attackers to cause denial-of-service conditions and prevent legitimate users from accessing the services. Note that this security issue does not really apply as zlib compression is not enabled in the openssl build provided by Mandriva, but apache is patched to address this issue anyway (conserns 2008.1 only). Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this security issue was initially addressed with MDVSA-2008:195 but the patch fixing the issue was added but not applied in 2009.0. The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file (CVE-2009-1195). The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes (CVE-2009-3095). Apache is affected by SSL injection or man-in-the-middle attacks due to a design flaw in the SSL and/or TLS protocols. A short term solution was released Sat Nov 07 2009 by the ASF team to mitigate these problems. Apache will now reject in-session renegotiation (CVE-2009-3555). Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: dd2bebdd6726d2d865331d37068a90b7 2008.0/i586/apache-base-2.2.6-8.3mdv2008.0.i586.rpm 6de9d36a91b125cc03bafe911b7a38a2 2008.0/i586/apache-devel-2.2.6-8.3mdv2008.0.i586.rpm ab7963efad1b7951c94a24075a2070e7 2008.0/i586/apache-htcacheclean-2.2.6-8.3mdv2008.0.i586.rpm 42a53b597d5547fb88b7427cacd617a1 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.i586.rpm 1dff9d313e93c94e907d8c72348ed2e0 2008.0/i586/apache-mod_cache-2.2.6-8.3mdv2008.0.i586.rpm b575ede2978ad47e41d355bd8b192725 2008.0/i586/apache-mod_dav-2.2.6-8.3mdv2008.0.i586.rpm 8ff3dee24d2d2d9a8d13e567cf1eaced 2008.0/i586/apache-mod_dbd-2.2.6-8.3mdv2008.0.i586.rpm 7bae541dfec14b21700878514750de83 2008.0/i586/apache-mod_deflate-2.2.6-8.3mdv2008.0.i586.rpm 19cab766a26ce53bd7e7973ed92f0db4 2008.0/i586/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.i586.rpm a1336e4ab4f282c388d7565bde4557fd 2008.0/i586/apache-mod_file_cache-2.2.6-8.3mdv2008.0.i586.rpm 6b2f2eb949977349390fa3b06cf257e7 2008.0/i586/apache-mod_ldap-2.2.6-8.3mdv2008.0.i586.rpm 3640bbef5262ec0407126e31dd5ddde3 2008.0/i586/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.i586.rpm 98793747365606baabc08f22e36a0a04 2008.0/i586/apache-mod_proxy-2.2.6-8.3mdv2008.0.i586.rpm d7fe4d88f25d2a01b0809ab5292b0999 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.i586.rpm 4c9f48adbd0b1d45a874f06b9275ebe3 2008.0/i586/apache-mod_ssl-2.2.6-8.3mdv2008.0.i586.rpm e5a1d9476316ccc9f183cb1ae5bbcf31 2008.0/i586/apache-modules-2.2.6-8.3mdv2008.0.i586.rpm 44f7810695a40519c68930695829f124 2008.0/i586/apache-mod_userdir-2.2.6-8.3mdv2008.0.i586.rpm d6f666e9954422664d1f029fc147b591 2008.0/i586/apache-mpm-event-2.2.6-8.3mdv2008.0.i586.rpm 75e205ddbc9313b8d02519e57919923a 2008.0/i586/apache-mpm-itk-2.2.6-8.3mdv2008.0.i586.rpm 6d68e8fa7baccc2ad090c703fb33458e 2008.0/i586/apache-mpm-prefork-2.2.6-8.3mdv2008.0.i586.rpm 331f18ce48403472fc7f8af6d5daee8e 2008.0/i586/apache-mpm-worker-2.2.6-8.3mdv2008.0.i586.rpm c75e69bcabc104938cb9033e591d1de8 2008.0/i586/apache-source-2.2.6-8.3mdv2008.0.i586.rpm 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 3d4afe3f8da8369d80b6c195e132c5c0 2008.0/x86_64/apache-base-2.2.6-8.3mdv2008.0.x86_64.rpm 37034ee7c7eb813de2a00a6945a10248 2008.0/x86_64/apache-devel-2.2.6-8.3mdv2008.0.x86_64.rpm ba296f9aa229a616a2c406d1a16912c3 2008.0/x86_64/apache-htcacheclean-2.2.6-8.3mdv2008.0.x86_64.rpm 77fa75d36e7a4bbe154c846e3271e7a3 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm ca29e2db08b29e319f2392b46ea4c3fe 2008.0/x86_64/apache-mod_cache-2.2.6-8.3mdv2008.0.x86_64.rpm 3fbf5a0276adaa2d887a92482d81313f 2008.0/x86_64/apache-mod_dav-2.2.6-8.3mdv2008.0.x86_64.rpm 9c66e471c2d2d3e43462302d0cc6f1c9 2008.0/x86_64/apache-mod_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm 05020102a26a28b96319b23e3b6e43d6 2008.0/x86_64/apache-mod_deflate-2.2.6-8.3mdv2008.0.x86_64.rpm 7191542417b30ed77334f1b8366628aa 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.x86_64.rpm f4177dbdcfd2e3dc8e66be731ad731c4 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.3mdv2008.0.x86_64.rpm fea417664f0a2689fa12308bd80c2fe4 2008.0/x86_64/apache-mod_ldap-2.2.6-8.3mdv2008.0.x86_64.rpm 9cf956fa426e6bdf6497337b6e26a2ab 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.x86_64.rpm 0d9d04ca878bb3f19f4764152da42d82 2008.0/x86_64/apache-mod_proxy-2.2.6-8.3mdv2008.0.x86_64.rpm dbbcd75dd83779f54f98fa3e16b59f13 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.x86_64.rpm dce8db6742ba28a71e18b86bb38688c8 2008.0/x86_64/apache-mod_ssl-2.2.6-8.3mdv2008.0.x86_64.rpm 2ff69d6e9c2cd3250f6746d4a7d921fd 2008.0/x86_64/apache-modules-2.2.6-8.3mdv2008.0.x86_64.rpm f298827d4dfa631a77907f7f5733fa29 2008.0/x86_64/apache-mod_userdir-2.2.6-8.3mdv2008.0.x86_64.rpm 6f02fb080e308ca0826fdb1ef00a1489 2008.0/x86_64/apache-mpm-event-2.2.6-8.3mdv2008.0.x86_64.rpm b886d30d73c60a515b3ed36d7f186378 2008.0/x86_64/apache-mpm-itk-2.2.6-8.3mdv2008.0.x86_64.rpm 62d7754a5aa7af596cc06cd540d4025f 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.3mdv2008.0.x86_64.rpm d3438e0967978e580be896bd85f1d953 2008.0/x86_64/apache-mpm-worker-2.2.6-8.3mdv2008.0.x86_64.rpm e72af335ec7c3c02b5a494fbd6e99e0e 2008.0/x86_64/apache-source-2.2.6-8.3mdv2008.0.x86_64.rpm 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLHQcamqjQ0CJFipgRAsJgAKDf5oc5UbEz3j+qsMn3tL6F8cujygCfY+cu MUj4lK2Wsb+qzbv2V+Ih30U= =VdZS -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-802-2 August 19, 2009 apache2 regression https://launchpad.net/bugs/409987 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.8 apache2-mpm-perchild 2.0.55-4ubuntu2.8 apache2-mpm-prefork 2.0.55-4ubuntu2.8 apache2-mpm-worker 2.0.55-4ubuntu2.8 libapr0 2.0.55-4ubuntu2.8 Ubuntu 8.04 LTS: apache2-mpm-event 2.2.8-1ubuntu0.11 apache2-mpm-perchild 2.2.8-1ubuntu0.11 apache2-mpm-prefork 2.2.8-1ubuntu0.11 apache2-mpm-worker 2.2.8-1ubuntu0.11 apache2.2-common 2.2.8-1ubuntu0.11 Ubuntu 8.10: apache2-mpm-event 2.2.9-7ubuntu3.3 apache2-mpm-prefork 2.2.9-7ubuntu3.3 apache2-mpm-worker 2.2.9-7ubuntu3.3 apache2.2-common 2.2.9-7ubuntu3.3 Ubuntu 9.04: apache2-mpm-event 2.2.11-2ubuntu2.3 apache2-mpm-prefork 2.2.11-2ubuntu2.3 apache2-mpm-worker 2.2.11-2ubuntu2.3 apache2.2-common 2.2.11-2ubuntu2.3 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-802-1 fixed vulnerabilities in Apache. The upstream fix for CVE-2009-1891 introduced a regression that would cause Apache children to occasionally segfault when mod_deflate is used. We apologize for the inconvenience. Original advisory details: It was discovered that mod_proxy_http did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. (CVE-2009-1891) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.8.diff.gz Size/MD5: 127052 e56691f9c6c1c770e892f86e33dede82 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.8.dsc Size/MD5: 1156 22a32026c506a605bb69d7ab28a26563 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.8_all.deb Size/MD5: 2125586 2233944bc00aa25dbd72bc93ef738183 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.8_amd64.deb Size/MD5: 833972 88bb905d9aa7851dae34448fd1b061b8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.8_amd64.deb Size/MD5: 229258 fa39c7ccd67e35dec03617f42c415e46 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.8_amd64.deb Size/MD5: 224274 7170ff6a66c24a11e0e61c097b4e22bd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.8_amd64.deb Size/MD5: 228808 1889ed8868081abad8315348081d240e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.8_amd64.deb Size/MD5: 172314 102a9cb08adcf694c48c5644f5dfa9bd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.8_amd64.deb Size/MD5: 173102 b1db3ce1c2b498e1385eff16991d76f2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.8_amd64.deb Size/MD5: 95136 ca8a9b4be95a708428e1357a76203121 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.8_amd64.deb Size/MD5: 37184 82f98ba24fa9743b67e769f543fbef38 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.8_amd64.deb Size/MD5: 286720 d0cd77cac4d75dbb3461e0a0417e2998 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.8_amd64.deb Size/MD5: 145314 1ccd490729746bd4128fb1cc448633cd i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.8_i386.deb Size/MD5: 787188 5cd5d00142cf232c546ab0631e58e9b6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.8_i386.deb Size/MD5: 203798 e539450afa6d4f0ec7a0479f291587fc http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.8_i386.deb Size/MD5: 199744 9a2545e279ead8f35534341a3316ba1c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.8_i386.deb Size/MD5: 203262 c9779d93d6a9f9f0ebe066818c42103f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.8_i386.deb Size/MD5: 172310 57ca3728f4f086e2e17e188f811c21f3 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.8_i386.deb Size/MD5: 173090 130f94933dab36132a1e8a3779fbb8ca http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.8_i386.deb Size/MD5: 93090 f54ae3b452f05b5205514c288c130fca http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.8_i386.deb Size/MD5: 37190 c08f0779cfda63669127961aa411e378 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.8_i386.deb Size/MD5: 262736 3640f5e0e30d41948e49b75370647b95 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.8_i386.deb Size/MD5: 133188 8685658926686317c31ac8130072fd25 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.8_powerpc.deb Size/MD5: 859942 4a84c939e59dcce0c9a36f6d5ddaa0e5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.8_powerpc.deb Size/MD5: 221154 76e50ce0a4dff357a4871281e7366877 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.8_powerpc.deb Size/MD5: 216796 2a41eeb79ad6d88c426a4c9175527703 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.8_powerpc.deb Size/MD5: 220652 4406f736a6d56d979946811f1b5b2c8b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.8_powerpc.deb Size/MD5: 172302 fe795a18bd8a1388c5eaf73ac826b941 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.8_powerpc.deb Size/MD5: 173104 2cfa876dc37c5aa37e740634fc0f7209 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.8_powerpc.deb Size/MD5: 104852 0e295939ff34869ad3ff1eb821a3cf3d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.8_powerpc.deb Size/MD5: 37186 eed7ac7da3683b37958b8d42a59118d7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.8_powerpc.deb Size/MD5: 282322 2b8f59ac1d63b421f66d6a3443be213a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.8_powerpc.deb Size/MD5: 142398 d4d0b6ae528de9acf9a19b4b19793577 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.8_sparc.deb Size/MD5: 804300 2cbcb92ab0a50a43d4bad4e3860a35d6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.8_sparc.deb Size/MD5: 211356 1dc0eb5e54c2e24c4b3099ad77072253 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.8_sparc.deb Size/MD5: 207028 bec5612407c30a06e83492c29ef48f2e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.8_sparc.deb Size/MD5: 210636 7ddc8896d90b60c0e3795023ac0d371b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.8_sparc.deb Size/MD5: 172316 c4f067c1ea9284f06b8e99dfa2305874 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.8_sparc.deb Size/MD5: 173106 bf63cd4ee98abcf433460675e3fbd36c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.8_sparc.deb Size/MD5: 94200 7814d4d5c84a5f24fd6c76749dbd77a0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.8_sparc.deb Size/MD5: 37190 9b2e12b238de34f7baae4ef19023bcd9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.8_sparc.deb Size/MD5: 268746 3b64450f30033927a272e06484eb9bb7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.8_sparc.deb Size/MD5: 131142 de275ee796e7443c5191ea788ce6e860 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.11.diff.gz Size/MD5: 136379 847950faa5d1468ef316b9fd2fac3e33 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.11.dsc Size/MD5: 1381 c37737414f0c28487b5dd20491e585c4 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.11_all.deb Size/MD5: 1929084 8323188687165df4ec2f01b543a50671 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.11_all.deb Size/MD5: 72628 af9a22aa5d697745aab01ad454798ca9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.11_all.deb Size/MD5: 6249748 6a94ee55ad750ee450a6dd2b831e1afc http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.11_all.deb Size/MD5: 45558 987ba9930246a975044ff9424381808b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.11_amd64.deb Size/MD5: 252802 37033c8149a91189b86c83712cc5b0e7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.11_amd64.deb Size/MD5: 248388 3c38c12f0637b9777a13c93d0423cf15 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.11_amd64.deb Size/MD5: 252218 3a233b2a6aa6a1beff2f6f8abbe2ea46 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.11_amd64.deb Size/MD5: 205298 b26ee7afa521be9282fde10c5697e4e1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.11_amd64.deb Size/MD5: 206066 f464586d6ea0c41f7856b16ae188a2d8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.11_amd64.deb Size/MD5: 141380 beb45b76a4d8dc4e3472fa65c5b1e476 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.11_amd64.deb Size/MD5: 803388 7ee56c5162d5c9a5c89c9747de61d8f4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.11_i386.deb Size/MD5: 235760 e71ff6a167b501782ba68abe6c000965 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.11_i386.deb Size/MD5: 231278 2aac0d6700970c5485f44fce2b18d52d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.11_i386.deb Size/MD5: 235008 a00153dce46cdb9a940186fb2a6a0e9c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.11_i386.deb Size/MD5: 205300 0f4fdcaab301340be7bad4117129807e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.11_i386.deb Size/MD5: 206064 66c372d50883e8c04cebba586ddd7fb1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.11_i386.deb Size/MD5: 140354 1fd17221003ed2dac219f36fd41373ee http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.11_i386.deb Size/MD5: 755000 abc72912d5d0e609277f1fc67c3e6cc0 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.11_lpia.deb Size/MD5: 235294 e4bef53ba1292d6641757e124912052d http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.11_lpia.deb Size/MD5: 230946 f2b009dab7af190f6561199cf2cf0f99 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.11_lpia.deb Size/MD5: 234500 c9700ca479f24c86cc446ef5fbf16988 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.11_lpia.deb Size/MD5: 205306 6e755ec6e4f1527d40da0633435d46e6 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.11_lpia.deb Size/MD5: 206080 41224a4aefbdf0349404886c340261f0 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.11_lpia.deb Size/MD5: 140938 1ea4291b555fb11310195bc76b7b1e1f http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.11_lpia.deb Size/MD5: 749218 e97070c4532a4a399af23f07fe948d15 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.11_powerpc.deb Size/MD5: 253854 bde0e44f0a4a2fc797ee46af1f14a53e http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.11_powerpc.deb Size/MD5: 249312 edd13c6b289626f92491763e92b6d02d http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.11_powerpc.deb Size/MD5: 253420 4d9bfeaad4e83a4f80745fcae5e592f9 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.11_powerpc.deb Size/MD5: 205314 e43dac8935e212948b2f1f76cea867fe http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.11_powerpc.deb Size/MD5: 206082 e81ac9128b7954d144991e0609ab11dd http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.11_powerpc.deb Size/MD5: 158116 a49b735f70c7aeceaac361f6c3c8b6db http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.11_powerpc.deb Size/MD5: 905578 38651d0d8a4bee9bc78515f3d96af153 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.11_sparc.deb Size/MD5: 237130 82c43d3c7ad1421a5062eaa662775488 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.11_sparc.deb Size/MD5: 232882 f5651ed61a09e79a1aed4e7d146ecfe5 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.11_sparc.deb Size/MD5: 236324 d9643fa3949ac99a40b93cc0c6ffce95 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.11_sparc.deb Size/MD5: 205302 9d31b8062fec8c6e9ea78cbfb0df391f http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.11_sparc.deb Size/MD5: 206074 1ea3e304af41fe17c035c511f00e1492 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.11_sparc.deb Size/MD5: 143566 2cb6ceb23735a89d638e58724d5a531b http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.11_sparc.deb Size/MD5: 764560 923747c4bbb132741dac7180868034f0 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.3.diff.gz Size/MD5: 132481 54a2ed1764060720eec22c1d077df26f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.3.dsc Size/MD5: 1788 a937d35bd2ca0ea17c81df728cbd5855 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz Size/MD5: 6396996 80d3754fc278338033296f0d41ef2c04 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.3_all.deb Size/MD5: 2041876 6d3c0a80c0d8575235903ac1c9ee4219 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.3_all.deb Size/MD5: 6537490 399992028668893381f33b1d107676fd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.3_all.deb Size/MD5: 45202 b32bc3fdcd32e359c6ad1c260280b7cb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.3_amd64.deb Size/MD5: 254708 722a897b3bb0c14be72c528bdc1960d5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.3_amd64.deb Size/MD5: 248934 187ea2e9b445145d390c4b0c12824885 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.3_amd64.deb Size/MD5: 254096 5468d2c546413c457dde0efc727f3607 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.3_amd64.deb Size/MD5: 208242 e90a1104ff22afd20a688375f1d534e5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.3_amd64.deb Size/MD5: 84210 bde6d33ef4cd6de64fa9bad8b679a953 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.3_amd64.deb Size/MD5: 82564 bd7dda3116e8f72359572c0ef3decfae http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.3_amd64.deb Size/MD5: 209292 f6ac1f570a8e29cec76c8609f2ded80c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.3_amd64.deb Size/MD5: 147490 62cf8c8d12d6fc3211725cfe23928298 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.3_amd64.deb Size/MD5: 819970 224aac9228243abbc6a60a4e319edff1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.3_i386.deb Size/MD5: 241110 4771be538f976e83bb0a8fffecab69ab http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.3_i386.deb Size/MD5: 235806 115d46195e683f821ac40409f4fdadbe http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.3_i386.deb Size/MD5: 240402 b14a6e82d7133751f0543ba11c255d5e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.3_i386.deb Size/MD5: 208258 ea254105da6b1487f9f48c604cb651d8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.3_i386.deb Size/MD5: 83652 72601d91eb074a875907070b4a9ff441 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.3_i386.deb Size/MD5: 82052 860ee530f7e277c250fcaed0629b0a85 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.3_i386.deb Size/MD5: 209304 ca23329f732479ee248828bdf7f6533a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.3_i386.deb Size/MD5: 146322 ea6fadc2c5a00d9b7d91dea6a33b0337 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.3_i386.deb Size/MD5: 778162 17efe881ca21c4ff133b1b87d27c88b9 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.3_lpia.deb Size/MD5: 238092 a97c0cc66a3b22f5ac08ac93ab1f2385 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.3_lpia.deb Size/MD5: 232684 faae20dce6414721b3716287c5c3a6fe http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.3_lpia.deb Size/MD5: 237346 e26437b6fc9a3974bb201a8053553264 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.3_lpia.deb Size/MD5: 208252 e1e4271efb4135b6e55c7c6860bbf620 http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.3_lpia.deb Size/MD5: 83592 e2099ef69a8ad8c71726ca778a158f29 http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.3_lpia.deb Size/MD5: 82020 c79da773761f5de83dd90aee80f4338e http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.3_lpia.deb Size/MD5: 209302 f5317836a395ff13621ba4a04aecc5c9 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.3_lpia.deb Size/MD5: 146006 39343685b81424095204efea52a2f3b7 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.3_lpia.deb Size/MD5: 766314 7536223d21a1e3eb7a23127657172db1 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.3_powerpc.deb Size/MD5: 261244 877a301d4a897a6be9b86a1a015341dd http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.3_powerpc.deb Size/MD5: 255816 ad550375da76438bae920b917f833df7 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.3_powerpc.deb Size/MD5: 260584 467733bf21824936200f5c23c8741a4c http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.3_powerpc.deb Size/MD5: 208264 35b76c877a69f0759e00f58418bf0a3f http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.3_powerpc.deb Size/MD5: 84290 639eb4f7f4f0483ae18b2c1b85282d17 http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.3_powerpc.deb Size/MD5: 82636 ed49ede6f7de1307abaa5b1919de9a25 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.3_powerpc.deb Size/MD5: 209310 7db300d931760da5968a676dca184dfb http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.3_powerpc.deb Size/MD5: 160752 d6808d5bc9b165b595d9f5a4a48aacb8 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.3_powerpc.deb Size/MD5: 925906 9c949bb98afa9348a617d24f6f45ab73 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.3_sparc.deb Size/MD5: 246454 22860b45a220cbc12bf9a2fa81f70f12 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.3_sparc.deb Size/MD5: 241006 e6b6aa64bfca930e9253bc0c8c14577c http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.3_sparc.deb Size/MD5: 245754 03e64d4f5cd3a0da88f2b47f25d58929 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.3_sparc.deb Size/MD5: 208262 0712cb83fb9d97a01f21db7918a6be8e http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.3_sparc.deb Size/MD5: 83826 1fbccc9c79d12292f82df780f0330e4d http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.3_sparc.deb Size/MD5: 82202 9c87d9db6826d7cf0eb6be7a4e3b3d42 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.3_sparc.deb Size/MD5: 209312 f660b6d2b5df8d0285b2d7c3d66dbf90 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.3_sparc.deb Size/MD5: 150646 9722ee8e0a071514a0515956ef800d71 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.3_sparc.deb Size/MD5: 783652 3ee09a60e7fb604e03707932407b50cd Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.3.diff.gz Size/MD5: 135583 725e564c7bacc836f00c889eace61055 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.3.dsc Size/MD5: 1795 b28d6e90112c61cf5e3ca799198f5d86 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz Size/MD5: 6806786 03e0a99a5de0f3f568a0087fb9993af9 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.3_all.deb Size/MD5: 2219058 66314175e4ba3f8aadc3798b38dfff91 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.3_all.deb Size/MD5: 46350 6ba7cb30d390c80580ec89d916f3fbea http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.3_all.deb Size/MD5: 6946608 d2f5135c4c30c8bf283da73bef14f1d0 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.3_amd64.deb Size/MD5: 258756 969c27822153f554740c6d68967b3aaa http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.3_amd64.deb Size/MD5: 252936 5f3a5019d908ec9140627b820659ef8a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.3_amd64.deb Size/MD5: 258136 859795247c4d3f85e7ba1dab1d131608 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.3_amd64.deb Size/MD5: 212994 1f54b0cd877ad3eab7e809cc04641099 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.3_amd64.deb Size/MD5: 213956 d5a8cf3ea176d1d736ebd9c450aabd62 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.3_amd64.deb Size/MD5: 150856 8327a6e4d36c08749242900a8a2a31b9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.3_amd64.deb Size/MD5: 826734 43e74c7cd838b664bdea97072f6b295f http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.3_amd64.deb Size/MD5: 87530 3687597f75c717102ba4450dfa357c17 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.3_amd64.deb Size/MD5: 85814 393965395c80fa282fbd337c6026e8c9 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.3_i386.deb Size/MD5: 245256 000813a4bd145e90018e13c618e91132 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.3_i386.deb Size/MD5: 239762 d26589895dcefed58de2ed9f8209faa9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.3_i386.deb Size/MD5: 244628 48325576b43d110b78f1b60c6174d012 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.3_i386.deb Size/MD5: 213020 941108c49e2fcdf2d74a6d51a1a11d6c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.3_i386.deb Size/MD5: 213982 86e5e3e02aa7145542f5aee915413300 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.3_i386.deb Size/MD5: 149760 3cdbf3fd42e96484d6859e0c20c847d0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.3_i386.deb Size/MD5: 784016 248f0c95e984bba997c70495b73a7ba3 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.3_i386.deb Size/MD5: 86910 a7599c5e97d216b5a55d3db6bff69d9e http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.3_i386.deb Size/MD5: 85304 399fbafd70f247d7ac278133e8efe154 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.3_lpia.deb Size/MD5: 242096 e75ad37baef595d14ac0e678b97fa6a8 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.3_lpia.deb Size/MD5: 236638 3dd29706dc6523c3df20243b281c6ec4 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.3_lpia.deb Size/MD5: 241542 22784ac36bbe3eda0d0c2ee665704a4a http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.3_lpia.deb Size/MD5: 213022 8c8325afe8189cdc3eb078ef1e2ea2b4 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.3_lpia.deb Size/MD5: 213986 d7e6c4faa9a72a25d25476103be9eda1 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.3_lpia.deb Size/MD5: 149470 7aa159ab0ec8591f2abdf6a421c4f75d http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.3_lpia.deb Size/MD5: 773186 fe75f0a00403215a16cf6865aacd7557 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.3_lpia.deb Size/MD5: 86858 855eca97ef444980ad880b8cb8e5796a http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.3_lpia.deb Size/MD5: 85280 3eab4fd62ccd765c4bca99eedb812bc1 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.3_powerpc.deb Size/MD5: 265222 c36acfa1dc1d6e07d5020272c0d24fc5 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.3_powerpc.deb Size/MD5: 260194 7ba8f2c77f3176980f77d047bb946bce http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.3_powerpc.deb Size/MD5: 264870 7cbb55b1a319ab4b6632189ad8b28874 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.3_powerpc.deb Size/MD5: 213018 cb7d79260c4a9963b347203be6924ee8 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.3_powerpc.deb Size/MD5: 213986 ee9df67e16d435066c52d0e56e032ca6 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.3_powerpc.deb Size/MD5: 164168 00dcf33794fc3c059509d2bad5954814 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.3_powerpc.deb Size/MD5: 932072 e7060593682e2d1c6eb9b739b4325ed8 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.3_powerpc.deb Size/MD5: 87604 49fd82d5cd62c7dbaf7deac2e40bf41e http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.3_powerpc.deb Size/MD5: 85868 ff2e142f4bec57ac84a6d99533f0050d sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.3_sparc.deb Size/MD5: 250498 6668ae072262926132e2cadf080912c1 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.3_sparc.deb Size/MD5: 244814 2e07fc65fc82f6084031a7e5da832c15 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.3_sparc.deb Size/MD5: 249828 b6c37d9ea64f78a6e0c8a5c166b1e53f http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.3_sparc.deb Size/MD5: 213022 32c732e55639e0ecf95d1942dfff2354 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.3_sparc.deb Size/MD5: 213992 ef695a662e698088d7be98bd46a1ed47 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.3_sparc.deb Size/MD5: 154012 d38ac0bb14c459a8cf11988eac2b54de http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.3_sparc.deb Size/MD5: 788982 7349137145c5e2073503a29d83eedc34 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.3_sparc.deb Size/MD5: 87096 6afcc865217351b5a807c9d890aa1241 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.3_sparc.deb Size/MD5: 85400 bdaed811ea342b3ef9144bd89d17860d . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02579879 Version: 1 HPSBUX02612 SSRT100345 rev.1 - HP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2010-12-07 Last Updated: 2010-12-06 ------------------------------------------------------------------------------ Potential Security Impact: Local information disclosure, increase of privilege, remote Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache-based Web Server. These vulnerabilities could be exploited locally to disclose information, increase privilege or remotely create a Denial of Service (DoS). References: CVE-2010-1452, CVE-2009-1956, CVE-2009-1955, CVE-2009-1891, CVE-2009-1890, CVE-2009-1195, CVE-2009-0023, CVE-2007-6203, CVE-2006-3918 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23 and B.11.31 running Apache-based Web Server prior to v2.0.63.01 Note: HP-UX Apache-based Web Server v2.0.63.01 is contained in HP-UX Web Server Suite v.2.32 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2010-1452 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2009-1956 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2009-1955 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2009-1890 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2009-1195 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9 CVE-2009-0023 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-6203 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software updates to resolve the vulnerabilities. The updates are available for download from http://software.hp.com Note: HP-UX Web Server Suite v.2.32 contains HP-UX Apache-based Web Server v2.0.63.01 Web Server Suite Version / Apache Depot name HP-UX Web Server Suite v.2.32 HP-UX 11i PA-RISC with IPv6 HP-UX 11i version 2 PA-RISC/IPF 64-bit HP-UX 11i version 2 PA-RISC/IPF 32-bit HP-UX 11i version 3 PA-RISC/IPF 64-bit HP-UX 11i version 3 PA-RISC/IPF 32-bit MANUAL ACTIONS: Yes - Update Install Apache-based Web Server v2.0.63.01 or subsequent. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX Web Server Suite v2.32 HP-UX B.11.11 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.63.01 or subsequent HP-UX B.11.23 ================== hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.63.01 or subsequent HP-UX B.11.31 ================== hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.63.01 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 7 December 2010 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkz+xL4ACgkQ4B86/C0qfVmhiwCg8wrmupoKQCwiB89Wb3dQtBUe o2EAoOcrw8fBt6Tx5ep61P+YjJaHV+ZU =fFig -----END PGP SIGNATURE----- . HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. Kit Name Location HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. Using mod_deflate together with mod_php could cause segfaults when a client aborts a connection. This update corrects this flaw. For reference the original advisory text is below. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. This issue did not affect Debian 4.0 "etch". This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. A similar flaw related to HEAD requests for compressed content was also fixed. (CVE-2009-1891) The oldstable distribution (etch), this problem has been fixed in version 2.2.3-4+etch10. The other distributions stable (lenny), testing (squeeze) and unstable (sid) were not affected by the regression. This advisory also provides updated apache2-mpm-itk packages which have been recompiled against the new apache2 packages. Updated packages for apache2-mpm-itk for the s390 architecture are not included yet. They will be released as soon as they become available. We recommend that you upgrade your apache2 (2.2.3-4+etch10), apache2-mpm-itk (2.2.3-01-2+etch4) package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch10.diff.gz Size/MD5 checksum: 127383 f93c44605a130b89c93b967c6e6bb32f http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01.orig.tar.gz Size/MD5 checksum: 29071 63daaf8812777aacfd5a31ead4ff0061 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4.diff.gz Size/MD5 checksum: 12732 f46b409815f523fb15fc2b013bece3b2 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch10.dsc Size/MD5 checksum: 1070 4baefcb4c6ec1f2d146f1387a5240026 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4.dsc Size/MD5 checksum: 676 b385d6a3a328371323c79c7906deb5bf http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz Size/MD5 checksum: 6342475 f72ffb176e2dc7b322be16508c09f63c Architecture independent packages: http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch10_all.deb Size/MD5 checksum: 6673900 95cf69a8148a93569f183e417753226d http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch10_all.deb Size/MD5 checksum: 41480 dc99f23beb96a0a743d3d61d6c8d941d http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch10_all.deb Size/MD5 checksum: 2243464 1239e372d92afb5551cfa6018e509797 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch10_all.deb Size/MD5 checksum: 274332 5ac8887f0d4b5e46a2d6461a1c75234d alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_alpha.deb Size/MD5 checksum: 345878 09b90c946e6bfab4df70096345b73753 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_alpha.deb Size/MD5 checksum: 445144 c578da017ebba196a95e148b22f45e0f http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_alpha.deb Size/MD5 checksum: 409542 7a2897d2effa66ce0e8125e81c12d98e http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_alpha.deb Size/MD5 checksum: 410448 f6b3abb4d3f7e58f5439969bacdcd693 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_alpha.deb Size/MD5 checksum: 185014 699e45fb31514a058a69fb6c6e7bc7ae http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_alpha.deb Size/MD5 checksum: 1043540 f438e482259956a7e0f110dc28ac868a http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_alpha.deb Size/MD5 checksum: 449444 f0b040f783a19ea83aa7fc195dfd5b95 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_alpha.deb Size/MD5 checksum: 450050 9fe6f4b3f9006c9932161272a78c6fdf amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_amd64.deb Size/MD5 checksum: 999344 76762c4b207fc51a41ba2352a830de5b http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_amd64.deb Size/MD5 checksum: 408140 8c7838b3bdb58da06e2d1b38ac108c5d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_amd64.deb Size/MD5 checksum: 436052 ee0c8c2b7f68310c638797ddb17e63d4 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_amd64.deb Size/MD5 checksum: 172670 95a2ae134db345fa0d511c8195c975da http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_amd64.deb Size/MD5 checksum: 436550 93036fabc3c61c162386e8d60be0b748 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_amd64.deb Size/MD5 checksum: 432066 a9135049fd176e5110c8835d735ac37c http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_amd64.deb Size/MD5 checksum: 341944 b95dffeda21dd8e9e57f95d7dcf2c6db http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_amd64.deb Size/MD5 checksum: 408854 e57b29deda62fd0a7166058c9714a4af arm architecture (ARM) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_arm.deb Size/MD5 checksum: 421544 318e056fc1eba12581f8cd68a58a2efe http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_arm.deb Size/MD5 checksum: 420848 855526f42acaf33e10f39156c0ef86a7 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_arm.deb Size/MD5 checksum: 967868 1d5b37c9e9b43447c09d859f48e3db08 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_arm.deb Size/MD5 checksum: 416808 98bf5d67c2c5c1a0bcdaf5dd0e4a84b4 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_arm.deb Size/MD5 checksum: 346016 b8ebca72754f2a5c060fd0707dae0b48 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_arm.deb Size/MD5 checksum: 157494 0699661a334ce691bee31bda2b5aea13 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_arm.deb Size/MD5 checksum: 407924 169a45721a2a2348b9d4fd9ca4018638 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_arm.deb Size/MD5 checksum: 408736 3e3285544b775977559a7b5a667e9467 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_hppa.deb Size/MD5 checksum: 439794 ae3ee116b4f6734d19e2608c986f20a7 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_hppa.deb Size/MD5 checksum: 410668 0332975eef0ca8914493434c81a3b57c http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_hppa.deb Size/MD5 checksum: 351926 aba7da336587d20e3472c42399a60cbb http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_hppa.deb Size/MD5 checksum: 443764 94b899d6e77c0a1138a1adca32e964d4 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_hppa.deb Size/MD5 checksum: 409798 87358d3a8d78ae38b43147ffc005dbea http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_hppa.deb Size/MD5 checksum: 1078344 5c5df848f29a6b94edd74aaa1938339d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_hppa.deb Size/MD5 checksum: 443176 a3418d816ee5814bf8e4e1782ebf1a13 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_hppa.deb Size/MD5 checksum: 179290 76bada2a7c0b4ce41781da02bc1d6854 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_i386.deb Size/MD5 checksum: 424296 1ac7e4c1b706756a3c68373994eee40d http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_i386.deb Size/MD5 checksum: 160986 f072fe639f1ecfd54c308854f2bf835e http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_i386.deb Size/MD5 checksum: 342538 0cde1185cf0ad60b108a1495920279bb http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_i386.deb Size/MD5 checksum: 410152 fff23ec5be34b4bb737b82193027d1f5 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_i386.deb Size/MD5 checksum: 409140 41ab1d141fc82da6ae31151cc4fbf9cd http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_i386.deb Size/MD5 checksum: 419960 ad49cd170aa024b5675824bc7ad7f5a9 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_i386.deb Size/MD5 checksum: 423772 7d65eb2f244037796be8a002b2c5a8aa http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_i386.deb Size/MD5 checksum: 962518 0c15eacb1a69d8a4c1fe8b51357355ca ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_ia64.deb Size/MD5 checksum: 360442 5390c02c0408fd09da0c80dcbe64213f http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_ia64.deb Size/MD5 checksum: 407446 c36f9d80cd0797b87350bf6143e9ee73 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_ia64.deb Size/MD5 checksum: 490906 9a344d49dc0ec7520d0f643fc3146aa6 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_ia64.deb Size/MD5 checksum: 497976 7317cb12cb6221de213560ded3b70d23 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_ia64.deb Size/MD5 checksum: 1204042 68ebaec425c18cccc50de59cf02a4299 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_ia64.deb Size/MD5 checksum: 497164 f9b49290d914a08bde04dfbb7fe8e08c http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_ia64.deb Size/MD5 checksum: 406794 fc9a49dd15f1b4ff329eaa1c34a42010 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_ia64.deb Size/MD5 checksum: 231680 3c7bef395cd12838a2558a283de92b36 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_mips.deb Size/MD5 checksum: 407450 0b4e8f985961199ab4544d7473c97fb8 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_mips.deb Size/MD5 checksum: 429886 8187f9ba100e7c0888e380d550fc0a9f http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_mips.deb Size/MD5 checksum: 349856 0af264b2e9786b205f41bd98178bd57c http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_mips.deb Size/MD5 checksum: 170252 1231b6309bcf7bdf0e0da6056b5f476a http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_mips.deb Size/MD5 checksum: 951382 10a60cd2f5b966e57b978e02c55d579b http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_mips.deb Size/MD5 checksum: 433908 da8b85f735da139c1f1c7518d3ddf044 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_mips.deb Size/MD5 checksum: 434564 e0ef1472f70fe37b0ba922c56100f934 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_mips.deb Size/MD5 checksum: 406790 d8805ca4ccb44dd6df20a99f75fcae56 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_mipsel.deb Size/MD5 checksum: 433410 03caef7359294827ca37daf9e12eca88 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_mipsel.deb Size/MD5 checksum: 406794 2eb44e4936c0d66460f128bacc64d6a2 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_mipsel.deb Size/MD5 checksum: 168612 d9bf709f9c8e6c3bd1a0b610e2c14997 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_mipsel.deb Size/MD5 checksum: 350096 e9171305fd5073da24561a594a0e7ce7 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_mipsel.deb Size/MD5 checksum: 407444 afd60533d6769b415ed72160009599f0 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_mipsel.deb Size/MD5 checksum: 428732 694d06725c3f3069c5474a1eba8bc5d8 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_mipsel.deb Size/MD5 checksum: 951118 40581cf551d7e6ef3daff28b15d27b43 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_mipsel.deb Size/MD5 checksum: 434082 4e6d114481480983ebe412e59f3144a1 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_powerpc.deb Size/MD5 checksum: 409238 ee52afe172a6adff0fb2189527feb1ab http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_powerpc.deb Size/MD5 checksum: 167606 5c94bb438e858477696f14f9e8c4ddd6 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_powerpc.deb Size/MD5 checksum: 354700 91bec57127d987f81063f403eb135aed http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_powerpc.deb Size/MD5 checksum: 428560 d4e4f84b31105d642438a98d1cd77115 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_powerpc.deb Size/MD5 checksum: 433126 8eebf2551b490b17446d3d32d0260387 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_powerpc.deb Size/MD5 checksum: 432548 dbe2d1e2911315057ca5abde7ed6cbb8 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_powerpc.deb Size/MD5 checksum: 409992 9371af946dc7a6f4155dc3003de1177b http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_powerpc.deb Size/MD5 checksum: 1060574 b7fec9b18fd7df2cf136ca125c12e4b6 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_s390.deb Size/MD5 checksum: 437110 aa86e0b23b46beeaaa5438336fe04552 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_s390.deb Size/MD5 checksum: 406788 d5e931d2fdf36c7fb983e7e1f710653c http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_s390.deb Size/MD5 checksum: 407450 932daa00b0a6d967b1af613ea0930034 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_s390.deb Size/MD5 checksum: 348416 70b8e219b4c86095065b11875ec83b01 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_s390.deb Size/MD5 checksum: 993986 0dd64eb40ee4a89fd3fbff4d1997d30e http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_s390.deb Size/MD5 checksum: 442014 ccb9c5a6ca257e10305cd3772b1d83ff http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_s390.deb Size/MD5 checksum: 443016 4b986bfae8d89f66e8482632d528a449 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_sparc.deb Size/MD5 checksum: 422172 ffb5cc475c8c9773b588afee5cf2e516 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_sparc.deb Size/MD5 checksum: 959208 3122892629c49a09287803c4f0298281 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_sparc.deb Size/MD5 checksum: 409556 a32ab93bcc5458fa0a6d98634075c6e6 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_sparc.deb Size/MD5 checksum: 422568 8e9b179b70d757b411e76e5b7005ba6e http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_sparc.deb Size/MD5 checksum: 157826 bdc36b078bd4f6cb2a5ed6ea7714a74c http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_sparc.deb Size/MD5 checksum: 408632 a834c57ec1d4022e335f7438038ae042 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_sparc.deb Size/MD5 checksum: 343696 db40b0d4b164b8490009aa110621db9c http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_sparc.deb Size/MD5 checksum: 418790 6e51c4c6412d868e5e55808fd4f6865a These files will probably be moved into the stable distribution on its next update
VAR-200907-0122 CVE-2009-2300 phion airlock WAF Service disruption in the management interface (DoS) Vulnerabilities CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
The management interface in the phion airlock Web Application Firewall (WAF) 4.1-10.41 does not properly handle CGI requests that specify large width and height parameters for an image, which allows remote attackers to execute arbitrary commands or cause a denial of service (resource consumption) via a crafted request. Airlock Web Application Firewall is prone to a denial-of-service vulnerability. CGI requests specify large width and height parameters for images. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: phion airlock Web Application Firewall Command Injection Vulnerability SECUNIA ADVISORY ID: SA35641 VERIFY ADVISORY: http://secunia.com/advisories/35641/ DESCRIPTION: A vulnerability has been reported in phion airlock Web Application Firewall, which can be exploited by malicious people to compromise a vulnerable system. Input passed via certain unspecified parameters is not properly sanitised before being used. This can be exploited to inject and execute arbitrary commands by sending specially crafted requests to the management interface. The vulnerability is reported in version 4.1-10.41. Other versions may also be affected. SOLUTION: Apply the hotfix: https://techzone.phion.com/hotfix_HF4112 PROVIDED AND/OR DISCOVERED BY: Michael Kirchner, Wolfgang Neudorfer, and Lukas Nothdurfter. ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2009-July/069470.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------