Sign-up

VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201003-0517 No CVE Citrix Web Interface Source Code Vulnerability CVSS V2: -
CVSS V3: -
Severity: -
Citrix Web Interface is the WEB interface component of Citrix's diverse products. The Citrix Web Interface does not properly handle user-submitted input, and a remote attacker can exploit the vulnerability to access some source code files.
VAR-201003-0521 No CVE F5 FirePass Active Template Library Vulnerability CVSS V2: -
CVSS V3: -
Severity: -
F5's FirePass server is a powerful network device that can provide users with secure access to the company's network through any standard web browser. The F5 FirePass product uses the problematic ATL (Active Template Library) version, which can be exploited by attackers. Target user system.
VAR-201003-0494 CVE-2010-1185 SAP MaxDB of serv.exe Vulnerable to stack-based buffer overflow

Related entries in the VARIoT exploits database: VAR-E-201003-0333		 CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37 through 7.6.06 allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to TCP port 7210. NOTE: some of these details are obtained from third party information. Authentication is not required to exploit this vulnerability.The specific flaw exists within the serv.exe process which listens by default on TCP port 7210. The process trusts a value from a handshake packet and uses it as a length when copying data to the stack. If provided a malicious value and packet data, this can be leveraged to execute arbitrary code under the context of the SYSTEM user. Failed exploit attempts will result in a denial-of-service condition. ZDI-10-032: SAP MaxDB Malformed Handshake Request Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-032 March 16, 2010 -- Affected Vendors: SAP -- Affected Products: SAP MaxDB -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9403. Authentication is not required to exploit this vulnerability. -- Vendor Response: SAP states: A solution was provided via SAP note 1409425 (https://service.sap.com/sap/support/notes/1409425) -- Disclosure Timeline: 2009-11-09 - Vulnerability reported to vendor 2010-03-16 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * AbdulAziz Hariri of Insight Technologies -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi. ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: MaxDB Handshake Packet Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA38955 VERIFY ADVISORY: http://secunia.com/advisories/38955/ DESCRIPTION: A vulnerability has been reported in MaxDB, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an input validation error within the processing of handshake packets in serv.exe. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet to port 7210/TCP. https://service.sap.com/sap/support/notes/1409425 PROVIDED AND/OR DISCOVERED BY: AbdulAziz Hariri of Insight Technologies, reported via ZDI. ORIGINAL ADVISORY: http://www.zerodayinitiative.com/advisories/ZDI-10-032/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201003-0115 CVE-2009-1299 PulseAudio of core-util.c Vulnerable to changing the permissions of arbitrary files CVSS V2: 6.9
CVSS V3: -
Severity: MEDIUM
The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file. PulseAudio is a sound server used on POSIX and Win32 systems. PulseAudio creates temporary files in an insecure manner. An attacker with local access could potentially exploit this issue to perform symbolic-link attacks. Other attacks may also be possible. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2017-1 security@debian.org http://www.debian.org/security/ Giuseppe Iuculano March 15, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : pulseaudio Vulnerability : insecure temporary directory Problem type : local Debian-specific: no CVE Id : CVE-2009-1299 Debian Bug : 573615 Dan Rosenberg discovered that the PulseAudio sound server creates a temporary directory with a predictable name. For the stable distribution (lenny), this problem has been fixed in version 0.9.10-3+lenny2. For the testing (squeeze) and unstable (sid) distribution this problem will be fixed soon. We recommend that you upgrade your pulseaudio package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10.orig.tar.gz Size/MD5 checksum: 1081546 9187ac1b302b9ab45f355242f453882e http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2.diff.gz Size/MD5 checksum: 31863 185e2f1b111157ea0217ecaeeda185a2 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2.dsc Size/MD5 checksum: 2293 bad720da8b1dd224c9368bef03518054 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 198254 bf3299efe986a12c86dd6d31b4692d8f http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 101510 81d1838144b520c13533febb86a4d8ae http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 70004 4621a73c0ed8789d222addf9da51cd02 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 68490 9897773024d5765b9547d6fa84797f1b http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 407710 398e87bb6a2fa06ba2b03a7fba6e04e9 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 476188 a99a693312c3f02ff67b74ae068b600a http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 62226 5d3ffa6f6f2a999b74f290d369f28d92 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 69334 ca8887e59cbaf769dbba6c4da356e3f3 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 283682 e6c1a76cabb102a4619a721121b49a58 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 58694 f90be25dadee097f80226b65c0267c77 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 252300 200b67f5d9d838272237c802ecbbd5dc http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 198186 dbb3f3e64de9c578d1ae874b8935cb95 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 347852 56e37494031cae8a65f2c6bc18f44598 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 385132 d93896747657e507b93f085a91c3ed14 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 81246 3e4d3bbb433ca2543af0c199a75e44b6 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 98294 5a9321069211a62cbeb56217615bbfd6 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 66028 774091b60c25b1bcbffd05a1f1cd4d5f http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 64602 bb810390cf9f76e4b66f29ee385a67e2 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 77300 5b5bad370a19c97a39e1508d481d318f http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 80918 b5c3bdaca4287822586bcd3960b77467 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 77932 14404db309c71e1e4402589b90c43087 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 95120 6b34172b0d84a28387135a028eb8ad13 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 67854 37019f0d9559c74a5b2e741009360dba http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 80638 9a2200fa281ac102536d542a4bd66410 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 89898 b179aba1d08fb0f603ebe43d7fb38f46 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 103198 238166046bab1f72aed19aabd59d3e4c http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_alpha.deb Size/MD5 checksum: 677730 c622679d79cffc96f08cdc8bbaafd764 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 65678 bdfe76b5b6f73fef7ddfbf5538edf053 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 94720 91387d8509c995ceb471325a40a918c1 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 674646 f9f1fb7fd558d8777973d9009b620c5d http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 393256 28387a6fdb0d4653770895e88234c4a7 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 70614 1c89753c2e4549fd24ec3b86a291a92e http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 260782 aa724d8caed132d9670a4af976c2c3a3 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 69578 391acd479661fee94d1b5f201a48ad02 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 281926 5d814f3c9f0d6f9997d0ef31dd7ff564 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 61720 6aed223a8b7930cd52b0c966de5b2145 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 344340 c06190947e5257a5ba1afdb00ae2e802 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 82596 0065e63e8c0f13db702de7a326b0b338 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 99090 f3cfc4be3737ef0a668e538c3ec67d74 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 103644 d3153f2c4e2d64f218fed89680f9612d http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 77874 fa2a0b3ea9a70366b6957a7b8aa1b9c8 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 68460 030051874ab822a40e0f1ebba58ddead http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 90380 294edd707189ebbb360e25126da5f3a2 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 78480 180d96a80bbc52238149c987efcd9267 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 101318 45eb7d8dec8c8773593bc3e61e2ee17f http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 80928 f4417b7123805444b2bd2eb777194f8f http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 81324 b12099eca0472a65d7764598434b5b67 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 411130 d131d89ca9b30c62380c8212391815d7 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 186770 ceb6e6a8f83d16cb9290f2eac747b762 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 365348 3b22b6ae0cba39a8b5f49cdf981be0bc http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 58444 4507651bd3fa9bb48d04228290217495 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 68166 ebf5639fc15550751078943e549b88fd http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 64616 2675d1843bdda71e5cf7c1c18a143dce http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_amd64.deb Size/MD5 checksum: 209874 cde0075e3b0f467bc58ab415db22340c arm architecture (ARM) http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 315018 e75064668055c8ae10ef4dd6e096c2e6 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 100430 bbd98b5feb6c64200784fe3126cf595a http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 75920 635c5846a331578d46dce0f51f88a758 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 74980 7ccacf3b2d4fdcb7be75e2fc3efd3185 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 349300 5d5e3a5a66d2432cefaa13d982e0ef04 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 57606 8bcf270ac576e1720e22e36d5f7d4a7a http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 64112 50e92c3852acc5db6ac0faf5c68d2370 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 184474 1f7b9ecc0751008d70cb9d7c4c43f13b http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 67238 b6ee5fc9602f553e67a72056ec0136be http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 274806 989a304320c6c5b5b6ea40ceea340b0a http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 68070 96f9bdf429bf76b76f3b9c03dd949613 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 64480 61015921a93c55b7c1b205916eafc2a5 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 170248 5859566307f376366596da81d1582893 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 74240 4d28055bc364d9521f60b0e407ec9958 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 97860 df1dc80cc9584e94010570215fed4081 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 78944 9b57dc3e9e70cbf3554c01e91d3433c2 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 233892 a46b56667e1810c0a981855b2780569b http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 100536 b3cecb3a689ed2a50125d55d66687180 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 79054 c3a0e378ace53bcbdb29157db2807b44 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 60308 e2f54aeda598eca1abfbb4df4a858730 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 88448 0783387edc49be47f6165ef9cca6366f http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 65728 acb42d4c20dc2fa9222b60143de33ad9 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 409708 ef51ce7d173e6d5703f1bc23464968a2 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 93696 a4a01afe7686db8a02ba06550f67adf3 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 342532 deadbe5a310da51310b51efe04843019 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 67540 26315a573f7d7575da53d1d3c603aeaa http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_arm.deb Size/MD5 checksum: 659472 d987697fb520a90a10a68a07f6c0f4e1 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 75862 966a207d42324df7164094600cc0ea45 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 68256 458e9a43d683e44083e0f3e57e540e47 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 359954 e3534f38fa6c3cd201104b795ce1cbfe http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 67784 0631b67225195f115608890f2390372a http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 236964 d15eacc4e1b9e5cc6e524294c0c4f6a1 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 89316 91d68e2b3847fe616df7ec8e0b021622 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 186298 e6494e220ec9d6938ab56691bb7cfe26 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 64876 50df5737f1c75220499903679d49303c http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 80452 b5eb0ab90ec464ab5c548c0b930dc953 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 98314 829c267e64543ed83b5e711705b916e6 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 101492 a2b5c58cbc3f81f0067fb0964e991c4d http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 94786 4ba38f49c1b52a8e974983ea3b5fe7f2 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 74624 a00d0e79e316934602bd54d7a6ec273f http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 411682 99b10baaf86240bed5648660b9b060cb http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 171496 e2392803e70dc60e3720e44663f33b53 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 100408 102cb436426d9145a84471b590c64f1a http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 658246 cc0816cf5e03f0d08d2650465bdfd819 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 61046 8d13fc3868b35c3cf8f21499e964fc94 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 68916 f588e7b2b536fd0a3673acd12b36ac0e http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 66594 bf9209b618c604dc51feeec34b8db41f http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 75526 18ab92fffef4cc013aba609e780796ec http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 274442 d2c1ad4a0611c229840a52e9c93582b1 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 64918 2585549ecc6608973f0c5489e77a42e8 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 343408 6631c45f2ea60a87dd14107c650beb7d http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 58116 751e137d86b39808fe873f6d2a28fe3f http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 79186 c45e1301adc755383f0f251a3d42921a http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_armel.deb Size/MD5 checksum: 315116 6c37cfe6f5929fa83b42c7b69ebe45f2 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 410370 1f277e9707c54b3033bbe7589a1602aa http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 68872 ad8ffa9d393445f0a03d331dad4a94f3 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 183710 3f10015b504a3989c1e23b9934506b4d http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 650980 9ba393bb5259590775ca681607c6ed4f http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 66776 c889abf2b91a1ad6a77d9b54543e4e4a http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 89188 8f7203d295b7d92a4324a4f8f123a6a5 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 394956 81732a88b96ff139a8257d66319c02ff http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 71356 fb990ae0dcee88dd31552d0b04bc270a http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 209304 79440ae8eaf9d8eef5022686d45f7cc2 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 392650 89bdefb8a5b554dfcac4515f005f703d http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 59106 7a5c900e36b96ca32b639594fb2b2221 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 277954 449ab1d5d47da51ec2762b04e67977e7 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 70206 299743fcae5e09dffdce153c61d358d4 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 62172 541c3f7bc6a897acc978b96d31099afe http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 101276 f1c4ecdcbe23d75e3d83886c389a0c27 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 95642 d836d69eeb9e102f112b10610f8001c2 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 346772 3c693394fa3179ae881a79fd4249d09a http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 79610 a88473c926a8af32a2be9cf144af36be http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 79322 f6df6b8707822747ab1067e114977742 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 75994 7726bd27bb8daab836320cca8228cbd1 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 103330 bc48649b46f5c3484e96925691d98087 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 64692 45e5683b36faeadea223655fada01844 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 79954 1215e25556bf2fc8b247a2c1956e77d0 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 262010 4f6c6aee52d567ab70c18d9548f933ef http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 68078 9f68aa441b8b07d3d7feb1f1f495dde3 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 83024 009ec9fcc0ab68cfe4c2b0a6c0bd1b91 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_hppa.deb Size/MD5 checksum: 98286 8cf27daf35ee21948a644941c809f7fd i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 88280 f496809e397a62e6ba9e687480bc012c http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 330342 f07596f47d6e0cec66840fbd39fc4c9c http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 68770 b8c1ffdfdd81595edc686b60306dd2ad http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 78080 241c3db445c65d7771511b12f4c8c991 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 64982 b22b4cebe070b213a7ee1e8cd9ecfdd4 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 78102 96c80bf4bb088ede64989fb57460753a http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 67868 50dc0e5e48eb8d23c0a1538f43c1c754 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 274282 59b197feac4134de1267de25d7ddce2a http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 97110 8725e6a5c28b6192df1f6745509bb2af http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 346768 43953c01cc23f4a50e6519e9af2e5030 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 75312 ef29b4eff621b322f4d61091a253d236 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 97512 e64a7befe16f1a4ef7cd002f2a586805 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 93146 253639eb6a1bff1cea9e9adce83c4c93 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 74858 d79868837e94f13d603d5d90397b1e60 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 188048 00fd21574db171d5cbc3812d875d1bb0 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 61286 6e2e68e6e555e534c776eec9743d0d8e http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 68830 ad2f4f0d2ef358cd3db69ee2e4995862 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 98814 957ed034923cd4df42da8c823d54ad6f http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 74648 37aa94c10027c9ed3862b6c60ef1f2e4 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 64790 5ffff5dbc4b564d668707518984b1208 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 630670 96a698acac0461a609726d2a4c6c4cf5 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 66920 b07a6257bc9010acfcad2693d87a3a05 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 327866 900030048086c71d9a9f568d7aac8b74 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 58302 ec0dfbaee7ababf696e00f2947ae5f20 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 235814 38c7d871177a4377ef89ad8f93e22d1f http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 173158 6884d2a0c5c9afe8ad8393f95a9809a6 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_i386.deb Size/MD5 checksum: 395870 7b286d88cd511e64d677255ef65c5752 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 69054 094ee23e3577933074f92d376f3dae6e http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 59906 7613f5d117ad0b90ee5a38b86c2bf00e http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 63960 ac0ca2820a7cf5a078da3a73c0832d24 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 313480 78fdd16a074939b49c35a53c3579e277 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 68468 23e00873171e40bf1726e9fb36464ebf http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 100600 8066385735208549ff9d8f836d123a5e http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 72016 6c1a5455906d1575074de3009fb7e709 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 84182 f75a6ae221b182b5a289827b5b7c14ad http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 79420 2bbf1cc4841c90c825d8bdb4cd6661fc http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 236336 412aa258e97488853e2d7f80fb6ace6b http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 97028 525ea4382a7705aa1bdcbf9619b2a368 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 476404 b7ebb4250f1978adca6aa6c4e3bbe2c0 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 381278 f77760ffd1266f5bdd0d13be5d110de0 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 83682 edd51428c147c3ff13835cd3f0c87f9e http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 268756 f90308286104bbffa79987565dfb72b3 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 72682 b656ca62ad6c79e5d7a7dee90bbc7799 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 93388 59201632757a7aff0fafbb49634a1d0a http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 311168 875ebe5b1c1166699258589c5d1e0e24 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 89652 faff7647b3bf1ce1f0eea259c086c5f2 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 635890 646a8c7a55757ef1e009012f3fc2ee55 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 248472 6b0c4d39235b25cfa2a551cbd01dba85 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 94774 a5376657866793763d47953028af2225 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 488818 926825026ec7be5131696d78c624e414 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 80886 eed76a0c8cae1e5ba9d33f6e8cce9fd5 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 64922 efc3f8be551df092bfb930f337f5bf01 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 75016 79c056a5463d1945643b79ca1ab57379 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_ia64.deb Size/MD5 checksum: 88130 7c641ced3a73fb0e72050ade8755f493 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 279122 0ecfe59381c45b1a232fa2e3ac21fead http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 67664 905f22c34fc907207b5fbf8636189f88 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 638302 6ec9971a9d5a286608d9d30074d1114c http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 93142 b91309f92031bebf04cb0240a72b8c97 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 76238 396b859c0b7eba4bb99d3dda285bfdd8 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 99580 fb8ea06463dcba05b0cffb6322c6271c http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 101620 1f86454952ea01b9b687eed5cf358ee2 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 405818 4d9d9d9e1209732678a6e5b342d74270 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 74768 e16af01f31905263c3e62c93d16c292d http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 68442 422093e283e037753e6942775262fd3b http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 179650 92cb416ff23f8c90ce65ce05a690a781 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 173910 0518f1b241710f6eb7088ec88dd0b372 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 79762 72b373bc5f883e15fd094f63427d82f9 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 58412 e40e629fb89af0f07113885d0b862cb7 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 327722 efaddf0d3f63d50a2970611e553ae338 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 78640 b43909336ee7a893c48027829fb1937d http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 99350 d7f793f0e5b6ea0f747c2a6234784ea4 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 66096 46189442d7c59f58dde9478f282caf16 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 416920 cf094e4c2f318b4ad0aac706179d9ad5 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 68360 7cb85cc5041b336f052f67e272525aea http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 89024 e3f1f9a6b953b825d8165a1accf6c020 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 61328 139be1413a4402e2962d70ec413814df http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 64610 ef647038aff85f43c359397c9d44b0aa http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 64722 946c411a7f22c5cc5157a398cc017a86 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 75170 ed560fc89701c2152b86d10e50fe639a http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 226252 d58bab6fb08aba1c2400fd25d0197fbc http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_mips.deb Size/MD5 checksum: 348590 915a2851c8bae7226380cb7cdbc14131 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 88826 5057060524efc1ef6bd3f0f7910908c3 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 92776 505f17a4276b679534fa4cf1bcdc95aa http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 180914 9afafa2885bc0620f88edc18d39685b0 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 68384 49e0f9e89f1103b37cbba16652b7842f http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 76292 4ddae903fbdcf4617f19dc37d0e44004 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 99294 f98071bda671e43adedd9164fe03cb83 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 79574 45eb508e38ace7c188e1827207ee60b9 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 64612 e9aed37cc3342d79c55de3af0cc40e37 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 61414 f08eeed32e105b3ab404ea73bf15cda2 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 101118 d111ed841eca519cd617549eb79d7af8 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 66106 ff2019207841ac899964552a80b88851 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 68350 56b8762ef04280189ad1ce77a7a3b762 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 329728 d1fbb730365cadf0d778bec82d937650 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 409176 01ba56cbb41ef13300c860a8bea44160 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 638874 a4aa60c728421052c747b6a44b3b3d62 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 174672 33d7578677722c8fa81e18335bd04e16 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 226090 6123850dd7c66b5b86bc2e76f83b392e http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 98870 afa9bd77298cdf67d3eea5a7fd5667a1 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 78536 7cec363450621342b5e0c8ca9cd3d6a1 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 64732 ebc19921e55c0423527ecafda0ed7ccb http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 74760 c96474fb3954ac39647151acd8aca93f http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 405578 d158a209c34920f6bccedbdb670c46ec http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 75204 8e52337fe0cbad88fe5f032984aedaad http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 67660 6867e1d80eb815b1d9149693822f115d http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 343836 37d8ed012ab336639e9d52612f7174a9 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 58404 17ba432769b35cc2b39b7acf888eb730 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_mipsel.deb Size/MD5 checksum: 276854 c1df2a4f7a00a994915d5d9076f5898e powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 75210 1986b6d497c37f871015b5e357abfb8f http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 439664 d2fbed4dd44359b70e401836a4d18226 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 99608 ea122ce8864702612d0953be08ba937c http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 283978 9b9590d35b104da190acad713b33c4ba http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 404146 3a3cf49b4d400fcecbb5cb4dee6f3e31 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 74008 dad1c5480d4456bcf7582696d4f0371c http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 70272 46b212c94eb8e4a8475af860973088b0 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 60764 39af2ae990fe1ad2ea2ce896f9f3efb0 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 251476 aec717b5363e1a5e2fd1fc095c1d823f http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 339670 b90f33d18c23cd5af3066a3c5097a970 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 77566 9679bc324b59af968409643d14ddee9d http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 65930 1c00c71e83879be9c16a631fece6815e http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 103044 0c7a3c674d73549eeb83454e500c17a5 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 70542 02d5072ed834f82720a5dad6dc6e9de8 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 77550 2d34b4adfce877f0521b3c4ef8dfcf6f http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 379154 e3b2aafc046f8a1b6382a79788602b13 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 87474 7e46001e9e77b8e809ddccc8e52df2b5 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 68232 54839cb4ed5ac6cb19b768f649097d46 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 688850 45d322c94f9f18603fd763a0d20861b6 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 101600 4fc70aefb96daf9bed9bfa2030fcc947 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 92470 fd46d4840a4189352ee82e17b23d6869 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 204300 1710bf2ea2877501dc805b76c77e7764 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 83320 738d92d8eede6ea5095da6d9e4486209 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 65614 f19b3599c1077078248b3a075cfb33d0 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 99132 f4084ea6da372887e5c0bbfbc37b4016 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 195208 3a96e0f3ac6f869a0b4bc53d4c4e36c3 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_powerpc.deb Size/MD5 checksum: 82634 4fd04d899165e4fe72c095e037e196a4 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 265624 1f686ed93d8a5650c84ee7aca3894791 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 64640 3227a532527ef93db8468b252f60614a http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 78966 a779f5ebf742af1f96f0ff3de4c8f7ba http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 621494 ddb14c003e1f4d92911b47ed358e6261 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 190206 919c7c3375733ad45de61f5a62fbf4cb http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 91708 dd1f9db4099af88a7bd4a2716274d3ca http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 341352 75f3adfda4d11b14ef743528d371bc84 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 343260 51d30c442061309d4df8f154b2267fdc http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 75640 e95024193e50659a93cf41b01a229ceb http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 208378 e43dc35d5d9549a770aab8c63fa6c775 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 100660 5059de14cb3f69271d74f3e1c76efc96 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 273490 e1a9d0df136b1e2adc6c15d07b701756 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 69054 84f3553ad5b4e3112f3eb96206a99a32 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 70220 fc7f6d6933068ef11055c9d1cc48b158 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 68120 7686f762e3fb680102dab53c5cbec454 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 371604 4fb527893d65e2eef8b9a65b10388454 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 58698 fb2901a64aa736345b1c53f8f0a17a8d http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 98416 645f827ec7f03f291793ee66cebb2e28 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 78512 95ad7e838656f7f05b3079f4296c9c6e http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 66090 2f3ff6c812aad15b1d5cba2295754ead http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 81830 4d992be74d423cb742ac7fc9c90f6469 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 68002 adcea456be3d948774d7845f131afa6f http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 415816 c8beb3d2e17949dafc4f9b8317c6309c http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 62258 5da6f9b7bbf15b173497ea5204737e98 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 99442 fdf7581a5b19aee626200aad8ad09464 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 79250 44ba5ac7a4ac9c21dc796db39abc0433 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_s390.deb Size/MD5 checksum: 88068 2625c53d05d552c52c32a6ca2570ecea sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 76310 a1e419967d53d41c1e03111429b8fe65 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 64482 96f32641f7d530a81543d4b675fc4ebd http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 243272 844d0674db3947282f4f599909f8a998 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 332678 11b1a22a76dce6fdc6652023fa5eef29 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 66656 0c13c777b42835ccbfa8d32c293a1b6d http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 102446 5be7cfe4eaf4d00f30499f9c22461ca9 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 68824 c32249111af7c04460b52c6b5d36cbe1 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 352172 1e22e421ef07a7e4a8eed0c261bab01e http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 620524 2cc8cdcf11dfd048eacfb9a3f9f53195 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 75120 08b19d161d39e42ab39815563f6b5039 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 191478 e4d1194137d2f4b55636a07f23023642 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 78372 cd7ac74f01b8a92f48eae480b341b510 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 86934 66f1f8c61540bdbd837fd380b7ebaaa7 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 98344 ee2e865e0d16f37a35cd09b1630445da http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 93516 dfe0e7064e188a38ae45cb7077b41d1d http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 67592 20e6b8b20b14da64ffd94ac5be5176fe http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 58392 f7c20f400a797ee367e928cc9d8da7d5 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 175508 8725cb237e1a07cb800289fbf9924a7a http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 392684 61016f3d833dd140fd228deb9e4df759 http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 76044 37e4b9075baa53c30c5b3a3d1e70cdca http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 261486 a6b4f9d4d3abd4d6cc4212f0ed4f14ec http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 67888 2639ced4f582fe11d74e72e7f8194e6a http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 94150 f96d6fb351dadf12fb396cdb368e3937 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 80246 24931905185012db0bc0e6801ead4aff http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 353486 415ece95da3bc41e2554babe6175fd3f http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 64856 0d3e251be6b8419019f9b68164c40737 http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_sparc.deb Size/MD5 checksum: 61160 3373a11eff8d9ac7ac6a39560acfbb69 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkuelTMACgkQNxpp46476aqohgCgnQ1/4i4E0o5BBhjGHOOhioV2 07QAniy941NNbnP8Aao6s9hHL9A3V5Oj =8FvJ -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201402-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PulseAudio: Insecure temporary file usage Date: February 07, 2014 Bugs: #313329 ID: 201402-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An insecure temporary file usage has been reported in PulseAudio, possibly allowing symlink attacks. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-sound/pulseaudio < 0.9.22 >= 0.9.22 Description =========== The pa_make_secure_dir function in core-util.c does not handle temporary files securely. Workaround ========== There is no known workaround at this time. Resolution ========== All PulseAudio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-sound/pulseaudio-0.9.22" References ========== [ 1 ] CVE-2009-1299 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1299 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201402-10.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201003-0528 No CVE Apple iPhone Malformed Character Denial of Service Vulnerability CVSS V2: -
CVSS V3: -
Severity: -
The Apple iPhone is an Apple-issued smartphone. Apple iPhone does not properly handle malformed characters, which can be exploited by attackers to cause Safari, mail and springboard applications on iPhone devices to crash, causing denial of service attacks.
VAR-201003-0530 No CVE HP Broadcom Integrated NIC Firmware Remote Code Execution Vulnerability CVSS V2: -
CVSS V3: -
Severity: -
There is an unspecified error in the Broadcom integrated NIC management firmware for HP PCs that allows remote attackers to execute arbitrary code with system process privileges.
VAR-201003-0152 CVE-2010-0104 Broadcom NetXtreme management firmware ASF buffer overflow CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Unspecified vulnerability in the Broadcom Integrated NIC Management Firmware 1.x before 1.40.0.0 and 8.x before 8.08 on the HP Small Form Factor and Microtower platforms allows remote attackers to execute arbitrary code via unknown vectors. Broadcom NetXtreme Management firmware contains a buffer overflow vulnerability. Part of Broadcom NetXtreme The management firmware installed on the network adapter is Alert Standard Format (ASF) Is supported. Crafted ASF version 2.0 RAKP Message 1 A buffer overflow vulnerability exists due to packet processing. In addition, Remote Management and Control Protocol (RMCP) over RMCP Security-Extensions Protocol (RSP) This vulnerability is only affected when management is enabled. This feature is disabled by default.A remote attacker could execute arbitrary code or disrupt service operations (DoS) There is a possibility of being attacked. Remote control and alarm interfaces can be defined for systems and devices when the host operating system does not exist. This feature is disabled by default. Broadcom NetXtreme devices are prone to a remote code-execution vulnerability. The following versions are vulnerable: - BCM5751, BCM5752, BCM5753, BCM5754, BCM5755, BCM5756, BCM5764, and BCM5787 with firmware version 8.04 - BCM57760 with firmware version 8.07 - BCM5761 with firmware version 1.24.0.9. Broadcom is the world's leading semiconductor company for wired and wireless communications. Disable the management firmware or Secure ASF (RSP) support. ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: HP Broadcom Integrated NIC Management Firmware Vulnerability SECUNIA ADVISORY ID: SA39003 VERIFY ADVISORY: http://secunia.com/advisories/39003/ DESCRIPTION: A vulnerability has been reported in Broadcom Integrated NIC Management Firmware for HP PCs, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is reported in 1.x versions prior to 1.40.0.0, and 8.x versions prior to 8.08. Please see the vendor's advisory for details on affected hardware. SOLUTION: Update to version 1.40.0.0 or 8.08 (available via softpaq SP47557). ftp://ftp.hp.com/pub/softpaq/sp47501-48000/sp47557.exe PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBGN02511 SSRT100022: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02048471 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201003-0532 No CVE JP1/Cm2/Network Node Manager Remote Console Insecure File Permissions Vulnerability CVSS V2: 6.6
CVSS V3: -
Severity: Medium
Computer systems running the JP1/Cm2/Network Node Manager (NNM) Remote Console for Windows are vulnerable due to insecure file permissions set on the systems.A local attacker could replace the affected files provided by the NNM Remote Console with arbitrary files.
VAR-201004-0285 CVE-2010-1226 Apple iPhone of HTTP Service operation interruption in client function (DoS) Vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV element, related to a "malformed character" issue. Apple iPhone is prone to a denial-of-service vulnerability. Successfully exploiting this issue may allow attackers to crash the Safari, Mail, and Springboard applications on a vulnerable device, resulting in denial-of-service conditions. The issue affects iPhone 2G with OS 3.1 and iPhone 3GS with OS 3.1.3; other versions may also be affected
VAR-201003-0529 No CVE Httpdx Multiple Remote Denial of Service Vulnerabilities CVSS V2: -
CVSS V3: -
Severity: -
Httpdx is a lightweight http and ftp server. Httpdx handles certain FTP commands with integer underflow errors, which can cause the server to crash by sending FTP \"USER\" and \"PASS\" commands that use only zero bytes (0x00).
VAR-201003-1095 CVE-2010-0042 Apple Safari of ImageIO Vulnerability in which important information is obtained CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image. These issues affect versions prior to Safari 4.0.5 running on Apple Mac OS X, Windows 7, XP and Vista. NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID: 38674 Apple Safari Prior to 4.0.5 Integer Overflow Vulnerability 35451 LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability 38676 Apple Safari BMP Image Uninitialized Memory Information Disclosure Vulnerability 38677 Apple Safari TIFF Image Uninitialized Memory Information Disclosure Vulnerability 38673 Apple Safari ImageIO TIFF Image Remote Code Execution Vulnerability 38675 Apple Safari Prior to 4.0.5 Configuration Bypass Weakness 38683 Apple Safari URL Schemes Handling Remote Code Execution Vulnerability 38684 WebKit CSS 'format()' Arguments Memory Corruption Vulnerability 38687 WebKit Object Element Fallback Memory Corruption Vulnerability 38688 WebKit XML Document Parsing Memory Corruption Vulnerability 38689 WebKit Right-to-Left Displayed Text Handling Memory Corruption Vulnerability 38685 WebKit Nested HTML Tags Use-After-Free Error Remote Code Execution Vulnerability 38692 WebKit Cross-Origin Stylesheet Request Information Disclosure Vulnerability 38686 WebKit HTML Elements Callback Use-After-Free Error Remote Code Execution Vulnerability 38690 WebKit CSS Display Use-After-Free Error Remote Code Execution Vulnerability 38691 WebKit HTML Image Element Handling Memory Corruption Vulnerability. Apple Safari is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. This issue was previously documented in BID 38671 (Apple Safari Prior to 4.0.5 Multiple Security Vulnerabilities) but has been given its own record to better document it. Versions prior to Safari 4.0.5 on Microsoft Windows are vulnerable. Safari is the web browser bundled by default in the Apple family machine operating system. Apple Safari 4.0.5 based on Windows platform and ImageIO of versions earlier than iTunes 9.1 have an information disclosure vulnerability when processing TIFF graphics. ---------------------------------------------------------------------- Secunia CSI + Microsoft SCCM ----------------------- = Extensive Patch Management http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Apple iTunes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39135 VERIFY ADVISORY: http://secunia.com/advisories/39135/ DESCRIPTION: Some vulnerabilities have been reported in Apple iTunes, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or compromise a user's system. 1) Multiple errors in the ColorSync and ImageIO components when handling images can be exploited to disclose application memory or potentially execute arbitrary code. For more information see vulnerabilities #1 through #4 and #9 in: SA38932 2) An error when processing MP4 files can be exploited to trigger the execution of an infinite loop and render the application unusable after its restart via e.g. a specially crafted podcast. 3) During installation iTunes for Windows installs and executes certain files in a directory in the ""%ALLUSERSPROFILE%\Application Data\" path. As standard permissions allows any user to write files to the path, this can be exploited to either create malicious files with specific names before installation or malicious libraries after installation, allowing execution of arbitrary code with SYSTEM privileges. SOLUTION: Update to version 9.1. PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Sojeong Hong, Sourcefire VRT 3) Jason Geffner, NGSSoftware CHANGELOG: 2010-03-31: Added additional information provided by NGSSoftware. ORIGINAL ADVISORY: http://support.apple.com/kb/HT4105 OTHER REFERENCES: SA38932: http://secunia.com/advisories/38932/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). For more information: SA40257 SA41328 SA42151 SA42312 SOLUTION: Upgrade to iOS 4.2 (downloadable and installable via iTunes)
VAR-201003-1092 CVE-2010-0040 Apple Safari of ColorSync Integer overflow vulnerability CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow. Safari is prone to an integer overflow vulnerability. Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed attacks will likely cause denial-of-service conditions. This issue was previously documented in BID 38671 (Apple Safari Prior to 4.0.5 Multiple Security Vulnerabilities) but has been given its own record to better document it. These issues affect versions prior to Safari 4.0.5 running on Apple Mac OS X, Windows 7, XP and Vista. NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID: 38674 Apple Safari Prior to 4.0.5 Integer Overflow Vulnerability 35451 LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability 38676 Apple Safari BMP Image Uninitialized Memory Information Disclosure Vulnerability 38677 Apple Safari TIFF Image Uninitialized Memory Information Disclosure Vulnerability 38673 Apple Safari ImageIO TIFF Image Remote Code Execution Vulnerability 38675 Apple Safari Prior to 4.0.5 Configuration Bypass Weakness 38683 Apple Safari URL Schemes Handling Remote Code Execution Vulnerability 38684 WebKit CSS 'format()' Arguments Memory Corruption Vulnerability 38687 WebKit Object Element Fallback Memory Corruption Vulnerability 38688 WebKit XML Document Parsing Memory Corruption Vulnerability 38689 WebKit Right-to-Left Displayed Text Handling Memory Corruption Vulnerability 38685 WebKit Nested HTML Tags Use-After-Free Error Remote Code Execution Vulnerability 38692 WebKit Cross-Origin Stylesheet Request Information Disclosure Vulnerability 38686 WebKit HTML Elements Callback Use-After-Free Error Remote Code Execution Vulnerability 38690 WebKit CSS Display Use-After-Free Error Remote Code Execution Vulnerability 38691 WebKit HTML Image Element Handling Memory Corruption Vulnerability. ---------------------------------------------------------------------- Secunia CSI + Microsoft SCCM ----------------------- = Extensive Patch Management http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Apple iTunes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39135 VERIFY ADVISORY: http://secunia.com/advisories/39135/ DESCRIPTION: Some vulnerabilities have been reported in Apple iTunes, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or compromise a user's system. For more information see vulnerabilities #1 through #4 and #9 in: SA38932 2) An error when processing MP4 files can be exploited to trigger the execution of an infinite loop and render the application unusable after its restart via e.g. a specially crafted podcast. 3) During installation iTunes for Windows installs and executes certain files in a directory in the ""%ALLUSERSPROFILE%\Application Data\" path. As standard permissions allows any user to write files to the path, this can be exploited to either create malicious files with specific names before installation or malicious libraries after installation, allowing execution of arbitrary code with SYSTEM privileges. SOLUTION: Update to version 9.1. PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Sojeong Hong, Sourcefire VRT 3) Jason Geffner, NGSSoftware CHANGELOG: 2010-03-31: Added additional information provided by NGSSoftware. ORIGINAL ADVISORY: http://support.apple.com/kb/HT4105 OTHER REFERENCES: SA38932: http://secunia.com/advisories/38932/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. BACKGROUND --------------------- "iTunes is a free application for Mac or PC. It organizes and plays digital music and video on computers. It syncs all media files with iPod, iPhone, and Apple TV." from Apple.com II. DESCRIPTION --------------------- VUPEN Vulnerability Research Team discovered a vulnerability in Apple iTunes. Exploits - PoCs & Binary Analysis ---------------------------------------- In-depth binary analysis of the vulnerability and a proof-of-concept have been released by VUPEN through the VUPEN Binary Analysis & Exploits Service : http://www.vupen.com/exploits V. SOLUTION ---------------- Upgrade to Apple iTunes 9.1: http://www.apple.com/itunes/download/ VI. ABOUT VUPEN Security --------------------------------- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service: http://www.vupen.com/english/services * VUPEN Binary Analysis & Exploits Service : http://www.vupen.com/exploits VIII. REFERENCES ---------------------- http://www.vupen.com/english/advisories/2010/0745 http://support.apple.com/kb/HT4105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0040 IX. DISCLOSURE TIMELINE ----------------------------------- 2009-12-03 - Vendor notified 2009-12-07 - Vendor response 2010-01-26 - Status update received 2010-03-04 - Status update received 2010-03-12 - Vulnerability Fixed in Safari v4.0.5 2010-03-31 - Vulnerability Fixed in iTunes v9.1 . As of February 2010, Safari was the fourth most widely used browser, with 4.45% of the worldwide usage share of web browsers according to Net Application." II. VUPEN also provides in-depth binary analysis of vulnerabilities and commercial-grade exploit codes to help security vendors, governments, and corporations to evaluate and qualify risks, and protect their infrastructures and assets. iDefense Security Advisory 03.11.10 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 11, 2010 I. BACKGROUND WebKit is an open source web browser engine. It is currently used by Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For more information, see the vendor's site at the following link. http://webkit.org/ II. The vulnerability occurs when a certain property of an HTML element is reset via JavaScript code. When this occurs, a C++ object is incorrectly accessed after it has been freed. This results in an attacker controlled value being used as a C++ VTABLE, which leads to the execution of arbitrary code. III. ANALYSIS Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user viewing the Webpage. To exploit this vulnerability, a targeted user must load a malicious Webpage created by an attacker. An attacker typically accomplishes this via social engineering or injecting content into compromised, trusted sites. After the user visits the malicious Webpage, no further user interaction is needed. Exploitation of this vulnerability is relatively simple if a heap spray technique is used to control large portions of heap memory. It is also trivial for an attacker to reallocate the chunk of freed memory and populate it with controlled values. This allows an attacker to control a C++ VTABLE, which leads to code execution. As such, iDefense considers this vulnerability to be highly exploitable. IV. DETECTION iDefense has confirmed the existence of this vulnerability in Google Chrome 3.0.195.38 and Safari 4.0.4. Previous versions are suspected to be vulnerable. V. WORKAROUND The vulnerability is present in the JavaScript engine, so disabling JavaScript is an effective workaround. This can be performed via the command line with Google Chrome, and the Preferences menu in Safari. VI. VENDOR RESPONSE Apple Inc. has released a patch which addresses this issue. Information about downloadable vendor updates can be found by clicking on the URLs shown. http://www.apple.com/safari/download VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2010-0040 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 12/15/2009 Initial Vendor Notification 12/15/2009 Initial Vendor Reply 03/11/2010 Coordinated Public Disclosure IX. CREDIT This vulnerability was reported to iDefense by wushi&Z of team509. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright \xa9 2010 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
VAR-201003-1087 CVE-2010-0047 Apple Safari of WebKit Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: 8.8
Severity: HIGH
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content.". User interaction is required to exploit this vulnerability in that the target must visit a malicious page.The specific flaw exists in the WebCore's HTMLObjectElement::renderFallBackContent() method. By rewriting an HTML element via the document's innerHTML() method a memory corruption occurs resulting from a call-after-free. This can be leveraged to execute arbitrary code under the context of the current user. WebKit is prone to a remote memory-corruption vulnerability; fixes are available. Failed exploit attempts will result in a denial-of-service condition. This issue was previously documented in BID 38671 (Apple Safari Prior to 4.0.5 Multiple Security Vulnerabilities) but has been given its own record to better document it. These issues affect versions prior to Safari 4.0.5 running on Apple Mac OS X, Windows 7, XP and Vista. Safari is the web browser bundled by default in the Apple family machine operating system. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Ubuntu update for webkit SECUNIA ADVISORY ID: SA41856 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41856/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41856/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41856/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for webkit. This fixes multiple vulnerabilities, some of which have an unknown impact while others can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct spoofing or cross-site scripting attacks, and potentially compromise a user's system. For more information: SA36677 SA37346 SA37769 SA37931 SA38545 SA38932 SA39091 SA39651 SA40105 SA40196 SA40479 SA40664 SA41014 SA41085 SA41242 SA41328 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1006-1: http://www.ubuntu.com/usn/usn-1006-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM)
VAR-201003-1067 CVE-2010-0041 Apple Safari of ImageIO Vulnerability in which important information is obtained CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image. Apple Safari is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. This issue was previously documented in BID 38671 (Apple Safari Prior to 4.0.5 Multiple Security Vulnerabilities) but has been given its own record to better document it. Versions prior to Safari 4.0.5 on Microsoft Windows are vulnerable. These issues affect versions prior to Safari 4.0.5 running on Apple Mac OS X, Windows 7, XP and Vista. NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID: 38674 Apple Safari Prior to 4.0.5 Integer Overflow Vulnerability 35451 LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability 38676 Apple Safari BMP Image Uninitialized Memory Information Disclosure Vulnerability 38677 Apple Safari TIFF Image Uninitialized Memory Information Disclosure Vulnerability 38673 Apple Safari ImageIO TIFF Image Remote Code Execution Vulnerability 38675 Apple Safari Prior to 4.0.5 Configuration Bypass Weakness 38683 Apple Safari URL Schemes Handling Remote Code Execution Vulnerability 38684 WebKit CSS 'format()' Arguments Memory Corruption Vulnerability 38687 WebKit Object Element Fallback Memory Corruption Vulnerability 38688 WebKit XML Document Parsing Memory Corruption Vulnerability 38689 WebKit Right-to-Left Displayed Text Handling Memory Corruption Vulnerability 38685 WebKit Nested HTML Tags Use-After-Free Error Remote Code Execution Vulnerability 38692 WebKit Cross-Origin Stylesheet Request Information Disclosure Vulnerability 38686 WebKit HTML Elements Callback Use-After-Free Error Remote Code Execution Vulnerability 38690 WebKit CSS Display Use-After-Free Error Remote Code Execution Vulnerability 38691 WebKit HTML Image Element Handling Memory Corruption Vulnerability. Safari is the web browser bundled by default in the Apple family machine operating system. Apple Safari versions earlier than 4.0.5 and ImageIO versions earlier than iTunes 9.1 based on the Windows platform have an information disclosure vulnerability in the processing of BMP graphics. ---------------------------------------------------------------------- Secunia CSI + Microsoft SCCM ----------------------- = Extensive Patch Management http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Apple iTunes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39135 VERIFY ADVISORY: http://secunia.com/advisories/39135/ DESCRIPTION: Some vulnerabilities have been reported in Apple iTunes, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or compromise a user's system. 1) Multiple errors in the ColorSync and ImageIO components when handling images can be exploited to disclose application memory or potentially execute arbitrary code. For more information see vulnerabilities #1 through #4 and #9 in: SA38932 2) An error when processing MP4 files can be exploited to trigger the execution of an infinite loop and render the application unusable after its restart via e.g. a specially crafted podcast. 3) During installation iTunes for Windows installs and executes certain files in a directory in the ""%ALLUSERSPROFILE%\Application Data\" path. As standard permissions allows any user to write files to the path, this can be exploited to either create malicious files with specific names before installation or malicious libraries after installation, allowing execution of arbitrary code with SYSTEM privileges. SOLUTION: Update to version 9.1. PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Sojeong Hong, Sourcefire VRT 3) Jason Geffner, NGSSoftware CHANGELOG: 2010-03-31: Added additional information provided by NGSSoftware. ORIGINAL ADVISORY: http://support.apple.com/kb/HT4105 OTHER REFERENCES: SA38932: http://secunia.com/advisories/38932/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201003-1061 CVE-2010-0043 Apple Safari of ImageIO Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. Safari is prone to a remote code-execution vulnerability because it fails to properly handle crafted TIFF images. Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed attacks will result in a denial-of-service condition. Versions prior to Safari 4.0.5 running on Microsoft Windows 7, XP, and Vista are vulnerable. This issue was previously documented in BID 38671 (Apple Safari Prior to 4.0.5 Multiple Security Vulnerabilities) but has been given its own record to better document it. ---------------------------------------------------------------------- Secunia CSI + Microsoft SCCM ----------------------- = Extensive Patch Management http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Apple iTunes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39135 VERIFY ADVISORY: http://secunia.com/advisories/39135/ DESCRIPTION: Some vulnerabilities have been reported in Apple iTunes, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or compromise a user's system. For more information see vulnerabilities #1 through #4 and #9 in: SA38932 2) An error when processing MP4 files can be exploited to trigger the execution of an infinite loop and render the application unusable after its restart via e.g. a specially crafted podcast. 3) During installation iTunes for Windows installs and executes certain files in a directory in the ""%ALLUSERSPROFILE%\Application Data\" path. As standard permissions allows any user to write files to the path, this can be exploited to either create malicious files with specific names before installation or malicious libraries after installation, allowing execution of arbitrary code with SYSTEM privileges. The vulnerabilities are reported in versions prior to 9.1. SOLUTION: Update to version 9.1. PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Sojeong Hong, Sourcefire VRT 3) Jason Geffner, NGSSoftware CHANGELOG: 2010-03-31: Added additional information provided by NGSSoftware. ORIGINAL ADVISORY: http://support.apple.com/kb/HT4105 OTHER REFERENCES: SA38932: http://secunia.com/advisories/38932/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201003-0132 CVE-2010-0052 Apple Safari of WebKit Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements.". WebKit is prone to a remote code-execution vulnerability. Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously covered in BID 38671 (Apple Safari Prior to 4.0.5 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. These issues affect versions prior to Safari 4.0.5 running on Apple Mac OS X, Windows 7, XP and Vista. Safari is the web browser bundled by default in the Apple family machine operating system. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Ubuntu update for webkit SECUNIA ADVISORY ID: SA41856 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41856/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41856/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41856/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for webkit. This fixes multiple vulnerabilities, some of which have an unknown impact while others can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct spoofing or cross-site scripting attacks, and potentially compromise a user's system. For more information: SA36677 SA37346 SA37769 SA37931 SA38545 SA38932 SA39091 SA39651 SA40105 SA40196 SA40479 SA40664 SA41014 SA41085 SA41242 SA41328 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1006-1: http://www.ubuntu.com/usn/usn-1006-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM)
VAR-201003-0134 CVE-2010-0054 Apple Safari of WebKit Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements. WebKit is prone to a remote memory-corruption vulnerability; fixes are available. Successful exploits may allow the attacker to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. This issue was previously documented in BID 38671 (Apple Safari Prior to 4.0.5 Multiple Security Vulnerabilities) but has been given its own record to better document it. These issues affect versions prior to Safari 4.0.5 running on Apple Mac OS X, Windows 7, XP and Vista. Safari is the web browser bundled by default in the Apple family machine operating system. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Ubuntu update for webkit SECUNIA ADVISORY ID: SA41856 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41856/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41856/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41856/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for webkit. This fixes multiple vulnerabilities, some of which have an unknown impact while others can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct spoofing or cross-site scripting attacks, and potentially compromise a user's system. For more information: SA36677 SA37346 SA37769 SA37931 SA38545 SA38932 SA39091 SA39651 SA40105 SA40196 SA40479 SA40664 SA41014 SA41085 SA41242 SA41328 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1006-1: http://www.ubuntu.com/usn/usn-1006-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM)
VAR-201003-0125 CVE-2010-0045 Apple Safari Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document. Attackers may exploit this issue to execute arbitrary code in the context of the application. Versions prior to Safari 4.0.5 running on Microsoft Windows 7, XP, and Vista are vulnerable. This issue was previously documented in BID 38671 (Apple Safari Prior to 4.0.5 Multiple Security Vulnerabilities) but has been given its own record to better document it. NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID: 38674 Apple Safari Prior to 4.0.5 Integer Overflow Vulnerability 35451 LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability 38676 Apple Safari BMP Image Uninitialized Memory Information Disclosure Vulnerability 38677 Apple Safari TIFF Image Uninitialized Memory Information Disclosure Vulnerability 38673 Apple Safari ImageIO TIFF Image Remote Code Execution Vulnerability 38675 Apple Safari Prior to 4.0.5 Configuration Bypass Weakness 38683 Apple Safari URL Schemes Handling Remote Code Execution Vulnerability 38684 WebKit CSS 'format()' Arguments Memory Corruption Vulnerability 38687 WebKit Object Element Fallback Memory Corruption Vulnerability 38688 WebKit XML Document Parsing Memory Corruption Vulnerability 38689 WebKit Right-to-Left Displayed Text Handling Memory Corruption Vulnerability 38685 WebKit Nested HTML Tags Use-After-Free Error Remote Code Execution Vulnerability 38692 WebKit Cross-Origin Stylesheet Request Information Disclosure Vulnerability 38686 WebKit HTML Elements Callback Use-After-Free Error Remote Code Execution Vulnerability 38690 WebKit CSS Display Use-After-Free Error Remote Code Execution Vulnerability 38691 WebKit HTML Image Element Handling Memory Corruption Vulnerability. Safari is the web browser bundled by default in the Apple family machine operating system
VAR-201003-0124 CVE-2010-0044 Apple Safari of PubSub In Cookie Vulnerability set CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. Safari is prone to a configuration-bypass weakness that affects the PubSub component of Safari. A successful attack will result in the bypass of intended security settings. This may result in a false sense of security. This issue was previously documented in BID 38671 (Apple Safari Prior to 4.0.5 Multiple Security Vulnerabilities) but has been given its own record to better document it. This issue affect versions prior to Safari 4.0.5 running on Apple Mac OS X, Windows 7, XP, and Vista. NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID: 38674 Apple Safari Prior to 4.0.5 Integer Overflow Vulnerability 35451 LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability 38676 Apple Safari BMP Image Uninitialized Memory Information Disclosure Vulnerability 38677 Apple Safari TIFF Image Uninitialized Memory Information Disclosure Vulnerability 38673 Apple Safari ImageIO TIFF Image Remote Code Execution Vulnerability 38675 Apple Safari Prior to 4.0.5 Configuration Bypass Weakness 38683 Apple Safari URL Schemes Handling Remote Code Execution Vulnerability 38684 WebKit CSS 'format()' Arguments Memory Corruption Vulnerability 38687 WebKit Object Element Fallback Memory Corruption Vulnerability 38688 WebKit XML Document Parsing Memory Corruption Vulnerability 38689 WebKit Right-to-Left Displayed Text Handling Memory Corruption Vulnerability 38685 WebKit Nested HTML Tags Use-After-Free Error Remote Code Execution Vulnerability 38692 WebKit Cross-Origin Stylesheet Request Information Disclosure Vulnerability 38686 WebKit HTML Elements Callback Use-After-Free Error Remote Code Execution Vulnerability 38690 WebKit CSS Display Use-After-Free Error Remote Code Execution Vulnerability 38691 WebKit HTML Image Element Handling Memory Corruption Vulnerability. Safari is the web browser bundled by default in the Apple family machine operating system
VAR-201003-0131 CVE-2010-0051 Apple Safari of WebKit Vulnerability in which important information is obtained CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651. This vulnerability CVE-2010-0651 And may be duplicated.Cleverly crafted HTML Important information may be obtained through the document. WebKit is prone to a remote information-disclosure vulnerability. Successful exploits may allow the attacker to gain access to the contents of another website, including potentially sensitive information. Safari is prone to multiple security vulnerabilities that have been addressed in Apple security advisory APPLE-SA-2010-03-11-1. These issues affect versions prior to Safari 4.0.5 running on Apple Mac OS X, Windows 7, XP and Vista. NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID: 38674 Apple Safari Prior to 4.0.5 Integer Overflow Vulnerability 35451 LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability 38676 Apple Safari BMP Image Uninitialized Memory Information Disclosure Vulnerability 38677 Apple Safari TIFF Image Uninitialized Memory Information Disclosure Vulnerability 38673 Apple Safari ImageIO TIFF Image Remote Code Execution Vulnerability 38675 Apple Safari Prior to 4.0.5 Configuration Bypass Weakness 38683 Apple Safari URL Schemes Handling Remote Code Execution Vulnerability 38684 WebKit CSS 'format()' Arguments Memory Corruption Vulnerability 38687 WebKit Object Element Fallback Memory Corruption Vulnerability 38688 WebKit XML Document Parsing Memory Corruption Vulnerability 38689 WebKit Right-to-Left Displayed Text Handling Memory Corruption Vulnerability 38685 WebKit Nested HTML Tags Use-After-Free Error Remote Code Execution Vulnerability 38692 WebKit Cross-Origin Stylesheet Request Information Disclosure Vulnerability 38686 WebKit HTML Elements Callback Use-After-Free Error Remote Code Execution Vulnerability 38690 WebKit CSS Display Use-After-Free Error Remote Code Execution Vulnerability 38691 WebKit HTML Image Element Handling Memory Corruption Vulnerability. Safari is the web browser bundled by default in the Apple family machine operating system. A bug in Apple Safari's WebKit engine when handling same-origin stylesheet requests could leak data from other domains. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). For more information: SA40257 SA41328 SA42151 SA42312 SOLUTION: Upgrade to iOS 4.2 (downloadable and installable via iTunes). ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Ubuntu update for webkit SECUNIA ADVISORY ID: SA41856 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41856/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41856/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41856/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for webkit. This fixes multiple vulnerabilities, some of which have an unknown impact while others can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct spoofing or cross-site scripting attacks, and potentially compromise a user's system. For more information: SA36677 SA37346 SA37769 SA37931 SA38545 SA38932 SA39091 SA39651 SA40105 SA40196 SA40479 SA40664 SA41014 SA41085 SA41242 SA41328 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1006-1: http://www.ubuntu.com/usn/usn-1006-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------