Sign-up

VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-200901-0221 CVE-2008-5914 Apple Safari of JavaScript Vulnerability in implementations that can be acted upon by disguised pop-up messages CVSS V2: 2.1
CVSS V3: -
Severity: LOW
An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Multiple web browsers are prone to a cross-domain information-disclosure vulnerability. An attacker can exploit this issue to gain information about the internal state of the random number generator used by the vulnerable browsers. This may aid in further attacks. The following browsers are vulnerable: Microsoft Internet Explorer Mozilla Firefox Apple Safari Google Chrome Opera Other browsers may also be affected
VAR-200901-0756 CVE-2009-1687 plural Apple In product JavaScript Garbage Collector Processing Arbitrary Code Execution Vulnerability CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer.". WebKit is prone to a memory-corruption vulnerability. Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed attack attempts will result in a denial-of-service condition. NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. Safari is the web browser bundled by default in the Apple family machine operating system. If the allocation fails, a write to a null pointer offset may occur, leading to unexpected application termination or arbitrary code execution. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1988-1 security@debian.org http://www.debian.org/security/ Giuseppe Iuculano February 02, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Packages : qt4-x11 Vulnerability : several vulnerabilities Problem type : local (remote) Debian-specific: no CVE Ids : CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-1699 CVE-2009-1711 CVE-2009-1712 CVE-2009-1713 CVE-2009-1725 CVE-2009-2700 Debian Bugs : 532718 534946 538347 545793 Several vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0945 Array index error in the insertItemBefore method in WebKit, as used in qt4-x11, allows remote attackers to execute arbitrary code. CVE-2009-1699 The XSL stylesheet implementation in WebKit, as used in qt4-x11 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD. CVE-2009-1712 WebKit in qt4-x11 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. CVE-2009-1713 The XSLT functionality in WebKit, as used in qt4-x11 does not properly implement the document function, which allows remote attackers to read arbitrary local files and files from different security zones. CVE-2009-2700 qt4-x11 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. The oldstable distribution (etch) is not affected by these problems. For the stable distribution (lenny), these problems have been fixed in version 4.4.3-1+lenny1. For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 4.5.3-1. We recommend that you upgrade your qt4-x11 packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.4.3.orig.tar.gz Size/MD5 checksum: 112939803 376c003317c4417326ba2116370227d0 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.4.3-1+lenny1.diff.gz Size/MD5 checksum: 113988 44e1d7b1418a2ea5811b2ba390c6e5e2 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.4.3-1+lenny1.dsc Size/MD5 checksum: 2517 a643e142a0548df25f447e5147e36434 Architecture independent packages: http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-doc_4.4.3-1+lenny1_all.deb Size/MD5 checksum: 52927996 d4f9f1f38e28b02b57f77631c80936c5 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-doc-html_4.4.3-1+lenny1_all.deb Size/MD5 checksum: 26654448 7e65171932e77223aa5b1393daec55f5 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 30804 242795a7b4b6b75655d0c2a1900b4f96 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 256632 ea070e02a8243c8b73463820aa18c16c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 194438 7639b8b9266a76ffa2880e10b265bfd0 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 64780 2e260f7f62771c80884a2a35dcb9b449 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 1642920 05ec919d8ff16f4e5bc9a3e3b0ce6718 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 54143826 a8112a75ecbdf5bf5fba60c5ffcf6639 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 493846 ab8a83e873d4b4df0353b24abdfde772 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 90539672 57d2f91d1b32c724e8ac67fa185f08ce http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 4748512 dc56c050f7fd6162b5ea5b4a862e47ec http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 248966 0d4ee203a4eeead29a21142cf5f5f36a http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 2227462 3298ca0048afc6ba038e2173f76ad99b http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 45958 5c05bee20ac16e347b4df914df0ba573 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 3824480 fb0afb2adf09e056ac1b2a952f923f82 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 14064920 9b168b2fe8e39d65a5de4ec66d98dbb3 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 41942 02c839761d645d29e364fa9d585e0155 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 1510874 55bcc0f38bb98aded16cd3d058948f1a http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 1842134 cc1c00d45977cdafc257a38a19c9f3d6 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 148296 62a149e29e40961eb3ee9fa3f71e46cf http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 4747984 5940af0438fa7982819efc9361d4d218 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 10853838 1b534f13f38e5c4d6d3a6605e27ca5ef http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 986808 4008560ed1b894058f5f7f793224470f http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 194846 393eb42698732905ee322c2e88ea3cbf http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 149118 0d473109c91d1a3deb7af4bd6edd7975 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 74138 a395afc4c7c8ba3dad39322d08c9dfd2 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 30798 05efcfccb419463c2b61fb1f3ca29a95 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 506180 e6d0197c68897fe67a908077b2784533 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 2208902 3898119a8c37a4f40ec3e16269fbf32c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 50888 fef3650e86c4153c7247d2846d000431 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 428680 f37d8592f6211e98858663bc7da5aa11 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 62188 6c0c7762f36acdb31cd172cb8d16746f http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 41200 39bc11946cc3e99f9f54c2c0381e6dd4 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 144382 c12f803d4285afc61380fcdf04fcd4de http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 59926 eaa5395d210bfe708d015c176d207481 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 50214 3cbce693aef71ebfc94652571f581a16 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 61290 76c1ba9c1cc77a714e491ec648ac2d49 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 134690 bf94e92323e68a1b948b7983e8883154 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 458816 2625fac9bd465f2267bb7cf3ca9b12b4 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 1377026 0bc2e8c416723c12a1c2b5325f1d255d http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 87591154 684110dfa018fb12451fade881f2b258 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 70622 c3d8b1eae3557735e3d2cffa1c27a943 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 456012 31697e41896daf771dcdcb4c342b9c06 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 10553896 068c89d9d205cce3c972849793ddc8c6 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 42370 21d5c9fbb91e60d69bd9ce720da2e459 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 58260 0fd799b66c8bdbcaefa98b9924f888ec http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 30802 83b99b7cb51bd621183483db893bbeec http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 1537710 cc75e5bc1a0c87b20ed7100d4a293039 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 2079558 559afbeeec5a3d3bd9df5c2dbc6d0896 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 4274120 97907f0117b368f4b9f23e8599473261 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 30814 7e47a757325b8476e352b03a5c5aec78 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 185344 f9f81022af95cf86541b7a21ca68c220 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 62948 51bc553e17ca6d1f015faf7a70705e45 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 53394502 984acdfd4d9573bedbb1cb9fdea32099 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 3448144 7d523c3c7fcead5b0debdf212ab4b0d7 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 1625680 3bf0cbca2bbd44cb0c84ce0c84ef51cf http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 42656 0ae1f63bf9d2776f6e4048d790ff0fb6 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 237786 b0240806281af4bde43a18ca30beaf9c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 4306138 060500a3c0fd9443305bbc3833a2b2bc http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 186262 bf6a12b3e66e84a41c27cc64d8b9222b http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 828912 cb315956769fcb6630164a2cc0db2a9f http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 137534 f7afd2dc5df6ba81c2e8aacd05263288 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-ibase_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 72788 a96bc474a1dc453038d3e20b91e7da26 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 46088 4a2e8968fc286fa45456feb782501e49 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 2093718 97bc8a55dba288d7d8238b7c37242acc http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 411410 25d97c749070beb820016b63e3275ef0 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 13411206 ed59b0df741ce51e3fd53a20c0d2460f http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 132960 bfd90128e17d45d3d1a9e275cf9b8484 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 240992 baa32b82cf072af916cf54f348ac8b21 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 1490244 b7f5b5521e518f8195a93eaa64a47a6f http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 246778 c578bafdc84117e2e0489f345d63a328 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 4090556 c364c817a98b4b55de7db3124d201a3d http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 13976018 09b344b3f55cf804b29c7b902f358a66 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 30552 3d452b1bbe742911a2c49f0a0533c9f8 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 4302420 bbba102425af53a59e362e8f8ed8a176 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 1559374 b39af442b4a69b9e5ed26f3c949a8c45 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 2051900 8b58466730fdfc163674f8ce67465ac1 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 850514 7da47a92f793e4e87d5cf6ddac563a39 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 42030 ae1f63cdb4c19c090c6efe685bfae0d6 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 72300 1b5f88254367f44211bdfdf921c39305 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 182426 a39e968a814382611f19a5834655cdda http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 57682 874b69bbb0a4e184ccad60b18cf71e80 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 60030 8f8a1faf24aedb8c7db0d349ea894837 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 1291440 cce8b6f8f434f8bc1ccb32779cf74644 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 178792 e7b00a6eed81bd71d2f5277e2595bd4f http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 10208362 5bca5461f7ce8a51e55f130fd4c5d852 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 49814 8038cb08e95871bcdbc6eed747729874 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 30542 145c03d402a1d9cdeb105acc4dfd9add http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 129170 a5cc1ffd87f255b17187b9116a9a902f http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 417314 193284b6d133efd2ce923c4c3498b76e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 457766 b8337c15ad7022f03a339d76e288e510 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 51245582 f28d2c30200aa4c3dfa1c658aa8194c3 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 42882 2bb5d6c5158c98e0e753118653e100e6 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 405660 1cf50d4eadc18a9ec58a0b64a57e4bb3 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 89502610 17620beaf7eb7648a6e76bd3b6ef5b81 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 2052626 9d52d385b4dfe5b3e84e9f37f6a5262d http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 62778 96b4ad6c7002d4b5d6e0d29b8c3c48c4 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 139982 0e82833ffd6e4370103a67002551850e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 2935026 7a1986aa9702df21c770f4b66477e0eb http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 45656 b41efd29606c780b4fde733ca7fadd2b http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 133334 79223e7f554a07aec91ee2dd23683edf http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 233960 e4fddb32150f6d343bfcc85e7b58215a hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 76570 d8ed6f1595b23cdff3874e2bc9bc16ab http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 502954 af0b3cc8554f302f8e0a8837b2793499 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 88102392 6910957cabd74c068fb43581a7654495 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 1047740 bce5cbb0da6e22a8e3fa9d82faf69a48 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 65002 d54455c037071dfa191e7fa774068345 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 164024 271f70ccadf4536f0168be44d2edb617 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 272194 5ceba67ab66f9c687ccd5aa6dd9a2a42 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 52802 ee752bab39d48e9ed3aa9ac22b459fdc http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 139864 4f5c9f13f9b53d7174ed75bafd186490 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 269716 8c763165b42e2e7fcc2163fd61229a96 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 43398 b7b64dfe8ceeb67d551faee74f8e8184 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 534088 2c2ab2681f9b1d71fa6cc7f16c4aab66 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 1733748 7c2e5e485e341b2440f08cd720d63ee5 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 10984260 b721e64df219e2afda07c0a9dae77bd3 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 48060 ed2b04165cfb65391efbc5a857ef925a http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 42290 27850d5246ca6fd752d8391adb686d48 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 5050272 9788f089c1d28f7b5daefc7948aa0d93 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 13472070 1ef74506e71dfe9d4f54eea5f17888cf http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 1634402 5314d4d81ac19f5645b1e1675ba6525e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 4753614 7c5f9e9415a58b065b593228bd8cac77 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 2311948 368daa9ae5595e3b01fc46c3d772d5e8 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 440934 dff816abb46a6fd0901aa7b46df70978 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 216320 06af895bbc34177ba07a54640fcd82f9 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 4111644 ba7285e1ab7763143616162c647f9c1c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 30560 7179e8bfc10ffba15f16fc489d6c8767 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 54867760 f3a6306eb7868e2051c9133ae13001a5 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 2482204 99df86846bac3b9ed311d208e3d60052 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 1674078 b3a41e98392119d6f18714f2cd30c620 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 30556 4deae2df41ac92447aab4a19f28f449c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 67256 918f264f290aa032321eb41ffe3fb470 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 61638 d43df02948f52ae0ade58491e4e01184 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 215604 1368fdf3f01f9c6c8fe1f9ebf692aa7f http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 150290 3e019e50412c7053e59210d23558ff3f i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 60056 17379341e284a38f644c3ef48f3d153f http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 4308318 f66dac39c8646b5d6f86d687d14876a5 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 86425734 45941d60457519d748df891ae9d6fb3b http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 49540 53ef1e6bd36093d87e3a9ae9e4f8f25b http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 1525530 086e6751de436355a09962c886622f5b http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 41558 610999d2f201d4aa2dbe2a8a7b89a297 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 30562 eb0de8312c4ae39517ce301513321433 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 134916 39a04c32712484b7afdeb8b18e9eaba9 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 1577902 c4e82a4d23e9d82fc3d03df912075dfd http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 132728 9f0b09e83111a6747b398ae769a58838 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 42696 c35fed94056e8b19ef711354aa2ec581 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 444694 f1a39c9137fb693c29296b8e253b13bc http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 780670 23067bad00a58f4072ca1af9a41af2ff http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 460070 a63dc401216e6c27d9047f1a755d2ca0 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 10386438 2591e51461f3b4a7247007cf45267135 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 3249592 ee8c1c0aa94c466ddeaafb4bd1f491db http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 61966 72d831daa19c34c59051845b4cd58a16 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 181350 9f48c0dbab6bb86cb5c59a9024493036 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 2083758 009fd94d4fac6f73eada4d20f91e88a2 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 1389528 c80b6c53b187a323ecdfd3f4cfd5b44d http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 53025666 29e651bcb5703a6bfe40a0800e36df1f http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 30570 1e680aaa186d52d2a2242dd19b76ffa6 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 185196 c8e779b2db03670eb05556887dfd0fc3 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-ibase_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 72576 15f2f845993e5fe2dfe38cf4202e0070 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 236816 c6dfeb8fd01d4405377e4ccdda4131cb http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 4282456 35848f6936fe030424f44e71992631e5 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 57054 ead8f282f8104e070642dcced8ec9bdb http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 135448 6c28e942bcdbeac060e8e8a0a84ddb90 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 45662 7902e7c821865035758a060acc06d1b8 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 13273488 dfd26b502ae2ec0b07ba5c8c3009f47b http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 403720 dfb3f85f19b28ae30d4fb8d7a70b3101 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 2103050 15bf7f0d013780dc6644c598cf9bfc2c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 70224 7292d01857e2e63c8d9c2a7559ce5e5c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 240438 0677fbf3af429aed4042035cf5fe3174 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 1117582 626119564af23bf1502e7356f21b6915 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 44950 b77dd8bcdd872ce53477addc87e837fe http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 6027574 84ed0cba631580c23c512ef0528ce6a3 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 30550 67930c8d0685ce81832a8ce84c0f7a24 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 68624 068eb1b54b047f52435a2020e206ae5e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 53396760 3d187d9ea8c05ec521440f2b30091fa6 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 2575384 59b7a007a62ff3a30631333384f4ef15 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 487778 06aca6786068692ae811409418122138 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 295098 dbfaa938bdc60534692c34ffb94abe4c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 2668608 9e82b0b6dfcba94112666fe8ea9c8d9a http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 66094 4cfea5eee8f72a9ac230fa6a460a6d5f http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 41242 1777cf6df5b2dcfbba2d6408e64cc03d http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 54168 5ce5f187a81716b59d8f21bb5b574946 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 233336 53f4577c6bfc5ac24e83a9351f52cb57 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 302362 cc74da836c1676844082c818ed1186a6 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 172432 d240749108d8900be7a1845294bff484 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 89080984 bc9e19f29d3e5528bae6c65f32b716ed http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 579478 488c9c35a86921e6190c0e4955536b37 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 166064 d7731426876b36221566f86a0a0e2453 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 70086 16f96b3e2676c23e80c968753e82784a http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 11526082 37f059728643cfabb94d9733655bac61 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 146634 8327e828736c91db0177ba6ba042cabc http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 1806196 15600b5f7f3d78467e2781fe84910620 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 4894148 f2ace07dc909157d021948dac7fc3bf5 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 13971058 8a29679d1abf4a4e2df783cf1a861a1e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 250056 54ad40eb2b043e44bc0cf72cb82f99e6 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 83468 49e601ace7fc68fda06d2ea501eb79a5 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 49078 2e01f8e5b543ed924286fbb75fa2efd8 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 661268 6d6858547004e307d140d694f27431d4 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 30558 f2ce47b00bc67df9b185cc270a87e47c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 1873218 0e559bc2e24169cd62289412e0453f00 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 5244556 804c0718a2caacf6d26fffdbf006adae http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 2208414 069ed40aae3c456f06c81c06da3460e9 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 13731026 2cf7a5b1603540351b28ea37a98a681b http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 61884 19402e470dd403395446a6e5c55626b3 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 445328 4d20e4060988521dc63cbf37c30f100d http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 232750 0754ed2ce13641874a5fcc696cca9fd7 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 45358 dd4b5a28a81306956a47c03554cc8d59 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 2076344 cc317e6f6ef542e9ef43691e0cdfe625 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 238704 fab119df8f0826eb2c25a090f711b45e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 30564 2c816aed7bf0e28f6b425de26929e419 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 4384714 7900cddfa51331384db080a6040c7f74 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 130570 60d8c58cbbf93fbf0ce8a8df5aa1fee5 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 138014 9e039fbb1238db80bab9e04ecea71a80 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 41614 e05888e3d7f0138c24fb20a5a422b4ca http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 3291732 5a8544c976f02858283c26ba43bd109a http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 1353820 3cd3c7a8b0a56f081f3bca85a27a76ef http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 1997940 54b5e8e103e38cd53a13bfbd27559328 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 1548658 a8a9cc3cc9115c75a45bc0cd694134b8 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 193882 2bf228574df6a2835552b4815afc696a http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 186294 d88d65e6a85ce57bcf9e81fa4fd04b77 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 30556 05b460890a55a81ba0f192235a3c0192 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 4351110 afac1e4e3ac405e1bbe8283e37d20b45 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 49412 ca97fb0c6d14a2114885b2cb87786e15 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 41262 7f4bb9e46d585246ed69e7da595570bd http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 10432216 ef271383ff6f2600b966955f21d75dc1 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 1599606 3e088686e99b421f9f531ea7d5baa162 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 796818 a4a24e95261b29c8da07f3b5b61a14c2 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 57742 1350b3cc65918433cf9974be12129405 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 69750 dc570d8cf67f8ae2f44df459f89a7704 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 60274 eabf99068a0d0182eb1d95bc231d9c82 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 431144 e23f8d941bf2f10c1a9ea53f01b19261 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 55251700 eedba6f66975bbb0433c6e650d33071f http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 425568 c4936529fc1fcb1d135cfc01892ab40d http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 131324 0a867f9ea1ea1eb906d46f43c180fe05 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 89596300 6d22a177a7c1ef7e457a75756990d604 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 229968 e7876664a0ea2577213f6dc854dc7beb http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 10376684 ee440eeb5d00ea1a8e1172d3b3d00aff http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 4347292 f4cd4c89a0f7537f8e26f6879a0f893e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 191406 9f015ddc9e3e9c718cb97ab11296c6e5 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 41540 7661ae54a10a2d2ca44875d123705870 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 30552 3d0751fdd9aed771e4912c211bea089e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 1958868 43fc237fccc7979cb4328769a9712b44 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 236330 f39a7a36d1d13e6cabc183b54bc8a541 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 135644 50bb1a918ca208dbb524211ca2f1fd72 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 4290348 10ad0e19a2388acc31a88f8ac25ad2e5 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 57452 e41274c827e5cf94498772b74579d58e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 30570 f48d279ccdd49c6e519da7df2f910b1e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 86262916 279b30139f7d4e7a24bc3fe3873d802e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 130074 20a9cb3f067bb663cf6b9e5500afc15d http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 3144304 18c39b4efe29da0f6698f7cc1662513c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 759628 8bd9c81c6160c6fa73955e6eb7589143 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 129280 0d196ba45f0f25957b28519063fec79a http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 59950 ce633cf5f8ca612bdea81d98eb984c39 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 69248 c26886682df753907b8c6e32167135e8 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 1585390 09d818aafb7331444c5f799390a5ab61 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 49176 34549e52d8e29ed02c7d469145c47391 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 1532608 37e6e25a50b4f9823a5455c51966c8e3 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 425456 5883cd14a56c3bc2903f72704231a0bf http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 439666 5fbc5af909dc395f49f720542f8735d1 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 13194092 ea7674bd0c4b797d0295b17dd1ed3e85 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 45182 8ffbc7bb8d565ddc3fe773a2c099a523 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 422618 b1edf41f7dc0214b2dac0c3395fac73c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 52871332 be96377a4b5ebdaddef10c5001895cbe http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 2048016 8569e3fdef2371d07a123344e7ef8abb http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 61554 bf0effb3185b92e7eb0de5729f1be76e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 41254 70f58c78b610e1937e52eb34e5809d2e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 1327318 de6c4ecc2baf7e28b8705dca4f3606a7 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 184066 ff313cbda6b9bcb6dd71dc7cca3c07ec powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 13997058 d47bbbd31efc9282a917cc48d921c1fb http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 140650 f0f469b814443d6113365d6ac8c01b4f http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 42212 81d51c4361750df38e6dd7bcb7f294e4 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 4435166 cd8b0b45170ea1ccb5af66a2a037f9ac http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 196810 77aa5a519b4bbc82fac8ea9d7086ede4 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 60652 8ce4b23af0fc90b90d9c4d53d1a50bda http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 30802 69317bc289e10bf016e6df959f364f63 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 2182738 31201b8165db906fb338c217aaf7b835 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 44858 e2f7113b7b7c00a86caf179c2a8042b2 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 90556268 8acc67fe335daaf799bece65ea6ef2e4 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 2149626 93b142c76b1c8e1fba0f2d5c5e1f52b0 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-ibase_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 75792 97ae586b12501133f0f3c2139fd55620 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 64864 33f39474f447957c77cb1eca2188fdff http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 251222 2b12af171e0b6bc3e01a2d169f8e9ded http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 4545642 fb808821c12d59490d232c1573ce9425 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 140016 deb24263775b117ef8367bc89d4d68be http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 3497416 0f97f950fb49a399532694aa6ab40b8c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 459192 5ee6a6fbfa1548358ca2ad801e033340 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 144158 80581254defdb7d7b7d3af7069ff14b2 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 72716 7912412d5e675fb673132200d9d9117d http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 480786 60e389b50aae477531b50dc2905f20b8 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 1594040 395947773b25b0692d566f9c6e47e0b4 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 48414 9056405b51e0f2cad816e071a36776f4 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 194714 caad1a28959aa7fea561dc06bef55346 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 55217666 f4f0f246c07a7ae1b44497fc00dbd8e3 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 244830 f074a00e007903e3771c66df7f3efcfa http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 30790 c1dec1bf28a20e1bd2a24833d2384bec http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 52576 c783203cfb164e0013fbfded1c1d0052 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 854404 560ba73fc55690189a271215f3ef2c2e http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 422532 b0ffc9c56df7f7f2445eee291c820749 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 11235082 9a80f5e8649a24c8c4da3b4f77f2d924 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 1597838 597ccee014ca55295e45cc97f98cf73c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 1455288 bfd8f94f8a4f65603cf0c3ad7762ab78 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 65100 8d6ca22bb24e9304c2030e99ac38279a s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 852900 ab84bcde1321f0b33c04686edbdd7f1d http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 42392 47c06dcbbd608394b79a52ce13befe24 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 4336914 41015bf0edea53f8df86a3f0892b0516 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 186528 f627eabae0217449b946acbadd9d2885 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 245080 5d54afb9b1998f0cbe571c2d4bc63d98 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 4317764 3c3bf66ecd2a332dcee92f90ce8c7e76 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 55245590 565b4ec96fbf02ac81f9e08cf3af205a http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 63496 ac31ab8ec8679251afc06f54d49aa4ee http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 1548988 516a92fd4db89942aa6b8e6a21ce02d0 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 10492564 9fd10fe6fd84eb14d3b23832eab65124 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 192324 f7ab5380c677edcf15ebdd8e4f184a34 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 45234 66f5a114119c904ad46e6e848154ecd2 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 70528 708da134eee0742b14bdc76af09c1627 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 449388 ddfe9418c152ae4a55042d85d69c9c37 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 1417152 806724b858f8c693c582360f544ee5de http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 1475076 3d24017f5b062c615f490301ac27214a http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 14296138 9aeeb16c17f3034e55a0b7a82643417a http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 142528 d836b52cf73b72199562d684a8eeb2ed http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 30558 8277d0f9382a8f7a4867d6a87711ea87 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 414206 91ad7bda75d6664b197485977a8955f2 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 30546 632c492577c5af53fc01161de449dabb http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 2154792 5b8fe3e7e176155dc97e5ffcfe7426fd http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 91685948 b8b0e9db0180b1c47c16bdd5746598ef http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 62314 c47784c1587ea7e4425a33495c9de617 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 2095460 145b66848768e0f8330e2edbc88db858 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 138826 7a8a21a09786137a9c13ab56988488ce http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 42386 64c89d29b0f5d0d84536105c6beff329 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 59058 a6cecbd3d78430f46b0317e2c9e0ea45 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 129886 76b18008de98800aed1777ddaf1d0a86 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 246406 43de5e12b7dcd643850775095b120a1c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 49912 e42ce220d1adfac8630ee0eed70ce2b9 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 3378234 976ddc4073eb8acbbd4bdb2d2fb3cf83 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 477090 d2fd78ee5b1d8b1b93830e5b9d10cea4 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 1612394 aeed09e1c797c6f3c78c2db6adddbd66 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 13513910 e11a313d02af5a5b79733f13ad5a9627 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 133442 e42268cd2ac22a6e0af50701d289d81b http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 138466 b789834cb08512d7f2cf779cf00e60e9 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 62244 8d8fc29313a6ecec4863bc1eaf20b0a7 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 86626712 cbe2e0a6baeba262cf0f6134aca47998 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 238238 3fdf41c36cce556577084517cfe63c6d http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 245044 919c3190e38c7ba7be27bdc24db75653 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-ibase_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 69856 a06755c7fc2a9974ab129bc02b2d7e5c http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 418010 5a8a929c3d633524085bac704917ab55 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 2098292 d926ce20c96607548bfbef73bba1ac8b http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 180832 32e134535beccec0979de7d105ff7490 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 54687724 1088d3a4524de00036f2c88559c7ec07 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 49476 aa94973518edb2faaad42c2205aa930c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 45524 0fb2f6c5e15d90e2aeaaf96289a6ba17 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 60184 9e22d62c7c2d77a7d75644680ab9811c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 30810 45cf6b13c45cb2811780530b8a60f04a http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 1582588 ff25c993d3d60e229cef37321692a1fd http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 10547182 7243f1579c193aec7c3d472b65383861 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 1376686 edcdf57e4e38b4f3b2937de6b808a0f5 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 3692006 a01a7f3e016589c2eba628a72c554064 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 186504 b008a5e95976305e9412c286195501c1 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 69522 29dfe86fa6214e7dedd4caa3e89f6fec http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 451670 cdd73f76458886fd7fc787d4c7145622 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 4302930 65d8e1404fc0d9cfe0fb1f0e94be0900 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 4349116 3867bd57ca4431d98fe4a476c3580990 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 30802 9a791075b2a61d609b00964e08777ad4 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 457166 c2ffc3b9e5128626418b082aacff0dcf http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 2110668 e01397334eae0b1520ec76d179f4b10b http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 42510 e72b9f8cc81106c60ea68e600166b903 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 138498 c32afba000ebf7e606381e014ac6a424 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 42218 882c929eb6b8334340f3483c89e17eae http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 57508 590be78cb50ec0134ef9f1bfbc0e3595 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 1053648 28d8a618c3eaf32fb797fa56e00a8f81 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAktoqrUACgkQNxpp46476apXlwCfX4/NGKODvpcR0lKw69TjHNlV 0CQAn37Oz00Rq3T2OwNDVTcTpYzDyCMJ =yUgH -----END PGP SIGNATURE----- . (CVE-2009-1687). (CVE-2009-1690). (CVE-2009-0689). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1690 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2537 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.1: c08161eacba6cdb1b0ba26babe5f8cc5 2009.1/i586/kdelibs4-core-4.2.4-0.8mdv2009.1.i586.rpm 933468cf4109252dac5119edd958f73d 2009.1/i586/kdelibs4-devel-4.2.4-0.8mdv2009.1.i586.rpm 96703a0ef0baf299647ff27d64cb0680 2009.1/i586/libkde3support4-4.2.4-0.8mdv2009.1.i586.rpm e5f60ba41e5919fa77c313b204e1f712 2009.1/i586/libkdecore5-4.2.4-0.8mdv2009.1.i586.rpm cf8af6e467cd1585c44e1cce01362526 2009.1/i586/libkdefakes5-4.2.4-0.8mdv2009.1.i586.rpm 1c9c04b5f6c0c59d2e5860b077e0c6e3 2009.1/i586/libkdesu5-4.2.4-0.8mdv2009.1.i586.rpm 89fe7c33c7e5bcc23595560ae4664bf6 2009.1/i586/libkdeui5-4.2.4-0.8mdv2009.1.i586.rpm 30b73ef58ac3a45ff86756ad09d0d555 2009.1/i586/libkdnssd4-4.2.4-0.8mdv2009.1.i586.rpm a1f00af00ea7e52d9f187f1fe5ccdfe2 2009.1/i586/libkfile4-4.2.4-0.8mdv2009.1.i586.rpm 553486988b945307ee038cb41dcb76e6 2009.1/i586/libkhtml5-4.2.4-0.8mdv2009.1.i586.rpm 9d9501ff70e709c5ea32b35aa985688a 2009.1/i586/libkimproxy4-4.2.4-0.8mdv2009.1.i586.rpm a2ec3f440eb6cf545abbc63a3d34c1e5 2009.1/i586/libkio5-4.2.4-0.8mdv2009.1.i586.rpm 4168e955b60a5a69d8f1e085b30d0424 2009.1/i586/libkjs4-4.2.4-0.8mdv2009.1.i586.rpm bfcece9c73348c6415c48ec266877908 2009.1/i586/libkjsapi4-4.2.4-0.8mdv2009.1.i586.rpm 228ca7dc2a86fdc868a5937b16a7a08c 2009.1/i586/libkjsembed4-4.2.4-0.8mdv2009.1.i586.rpm f6297ae0630eb6207895df9f2f971eb6 2009.1/i586/libkmediaplayer4-4.2.4-0.8mdv2009.1.i586.rpm cf6113c17858d5e6e3c0e04622f8a66c 2009.1/i586/libknewstuff2_4-4.2.4-0.8mdv2009.1.i586.rpm da55a2f428ad020834f7b91c0023ecf6 2009.1/i586/libknotifyconfig4-4.2.4-0.8mdv2009.1.i586.rpm 9fef466138ff78a3d6d3244998a9ba30 2009.1/i586/libkntlm4-4.2.4-0.8mdv2009.1.i586.rpm 4f7c0ad254ec1990f5dab1c0b959629d 2009.1/i586/libkparts4-4.2.4-0.8mdv2009.1.i586.rpm 8c58d6a9a6ec7fc21f287b2f4c2e9858 2009.1/i586/libkpty4-4.2.4-0.8mdv2009.1.i586.rpm 8ed500d050b95560d7eff6db26fa05ee 2009.1/i586/libkrosscore4-4.2.4-0.8mdv2009.1.i586.rpm 2d8d12d8a7bbfe18f6b04b9807795077 2009.1/i586/libkrossui4-4.2.4-0.8mdv2009.1.i586.rpm 8cc5c226e381b122983440b3440c1476 2009.1/i586/libktexteditor4-4.2.4-0.8mdv2009.1.i586.rpm 3c53941130fb8cc6d12b8cdea488f536 2009.1/i586/libkunittest4-4.2.4-0.8mdv2009.1.i586.rpm 3996bfcff0b2465c39c6ccdb8367f401 2009.1/i586/libkutils4-4.2.4-0.8mdv2009.1.i586.rpm 129a26ab20c792994113b5db00b7f7c4 2009.1/i586/libnepomuk4-4.2.4-0.8mdv2009.1.i586.rpm 0b88090e1cba0db59a3fb85c34e6b726 2009.1/i586/libplasma3-4.2.4-0.8mdv2009.1.i586.rpm 79b484a6c8e20db156fbe130c81e2001 2009.1/i586/libsolid4-4.2.4-0.8mdv2009.1.i586.rpm ddd09e03af15f421b2e38b6f06c0247a 2009.1/i586/libthreadweaver4-4.2.4-0.8mdv2009.1.i586.rpm fe70dc01416cc986d1e19c15a0b5cfa7 2009.1/SRPMS/kdelibs4-4.2.4-0.8mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 89f77418ccda86b51c7d32d011e88e9b 2009.1/x86_64/kdelibs4-core-4.2.4-0.8mdv2009.1.x86_64.rpm d0b009e595350648b12cca1ee094802e 2009.1/x86_64/kdelibs4-devel-4.2.4-0.8mdv2009.1.x86_64.rpm 03db494c356e0b0823ddf697d42c0f50 2009.1/x86_64/lib64kde3support4-4.2.4-0.8mdv2009.1.x86_64.rpm 6d98531ba95a096fd49801f7df452776 2009.1/x86_64/lib64kdecore5-4.2.4-0.8mdv2009.1.x86_64.rpm bf3845f586eeeaafab5e25442f4d8950 2009.1/x86_64/lib64kdefakes5-4.2.4-0.8mdv2009.1.x86_64.rpm b9767fb69262886d60a7844ad6569e27 2009.1/x86_64/lib64kdesu5-4.2.4-0.8mdv2009.1.x86_64.rpm d709c9fb8874c432d1b4e415e9c06858 2009.1/x86_64/lib64kdeui5-4.2.4-0.8mdv2009.1.x86_64.rpm 6d062780a7629eed7e93ab9e66daf633 2009.1/x86_64/lib64kdnssd4-4.2.4-0.8mdv2009.1.x86_64.rpm f39c44bc7572d06921061c0ac5ef78c9 2009.1/x86_64/lib64kfile4-4.2.4-0.8mdv2009.1.x86_64.rpm 90f8ecd4967830ebff3b81732162fe33 2009.1/x86_64/lib64khtml5-4.2.4-0.8mdv2009.1.x86_64.rpm 005d7de69a0063a8dc396b9dffdf20ed 2009.1/x86_64/lib64kimproxy4-4.2.4-0.8mdv2009.1.x86_64.rpm 3924d83bf43990f7a7ba5d2eea29ef5d 2009.1/x86_64/lib64kio5-4.2.4-0.8mdv2009.1.x86_64.rpm 9124f0ce5f1643e4310ef0bfc5fda970 2009.1/x86_64/lib64kjs4-4.2.4-0.8mdv2009.1.x86_64.rpm 573504d0c305e757b3c163b9132264e4 2009.1/x86_64/lib64kjsapi4-4.2.4-0.8mdv2009.1.x86_64.rpm 917e5b175a3a5480e848dee6201e99d9 2009.1/x86_64/lib64kjsembed4-4.2.4-0.8mdv2009.1.x86_64.rpm 604cce29c11b2452b2744ff72e248b7c 2009.1/x86_64/lib64kmediaplayer4-4.2.4-0.8mdv2009.1.x86_64.rpm bd75d3e4feaa98a3659ae5d113fe45f6 2009.1/x86_64/lib64knewstuff2_4-4.2.4-0.8mdv2009.1.x86_64.rpm 0a7d48b91c673f5908ce2d47a77746e2 2009.1/x86_64/lib64knotifyconfig4-4.2.4-0.8mdv2009.1.x86_64.rpm a91967cfec8b470cc7520ac17590d41b 2009.1/x86_64/lib64kntlm4-4.2.4-0.8mdv2009.1.x86_64.rpm 0159bb033c507f20fb8bd77a7a8be43a 2009.1/x86_64/lib64kparts4-4.2.4-0.8mdv2009.1.x86_64.rpm a062d0124cdea9dfcafb82ed2c5dfd54 2009.1/x86_64/lib64kpty4-4.2.4-0.8mdv2009.1.x86_64.rpm 8c0950479a23531a03836f7744d6b90d 2009.1/x86_64/lib64krosscore4-4.2.4-0.8mdv2009.1.x86_64.rpm ca61efacf989bd4421d2c88abc440e3f 2009.1/x86_64/lib64krossui4-4.2.4-0.8mdv2009.1.x86_64.rpm bcd31e87995de0f86ad9c363e87ea0d4 2009.1/x86_64/lib64ktexteditor4-4.2.4-0.8mdv2009.1.x86_64.rpm 23a0f2c640a20dd1be2b4475a9102cd6 2009.1/x86_64/lib64kunittest4-4.2.4-0.8mdv2009.1.x86_64.rpm e49987a6d8016b6ac39011b6cac0b570 2009.1/x86_64/lib64kutils4-4.2.4-0.8mdv2009.1.x86_64.rpm 90d6806fa9dcd2ac1b71fc3b72dd4f81 2009.1/x86_64/lib64nepomuk4-4.2.4-0.8mdv2009.1.x86_64.rpm 4808080c578223d0bcb156e78f5d661f 2009.1/x86_64/lib64plasma3-4.2.4-0.8mdv2009.1.x86_64.rpm e8cecb137634dfc738617b67a6d34122 2009.1/x86_64/lib64solid4-4.2.4-0.8mdv2009.1.x86_64.rpm 35c8778eaaa5465a8f15c27a57d8ed60 2009.1/x86_64/lib64threadweaver4-4.2.4-0.8mdv2009.1.x86_64.rpm fe70dc01416cc986d1e19c15a0b5cfa7 2009.1/SRPMS/kdelibs4-4.2.4-0.8mdv2009.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLX/3wmqjQ0CJFipgRApr4AKC7I0w56Y9GFgmZeeNIeUDGaXgxHQCg6N5C YuntVxGlOXktJ3qUQl1SZ1Y= =5Avg -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . (CVE-2009-0945) Several flaws were discovered in the QtWebKit browser and JavaScript engines. (CVE-2009-1699, CVE-2009-1713) It was discovered that QtWebKit did not prevent the loading of local Java applets. This update upgrades KDE in Mandriva Linux 2008.0 to version 3.5.10, which brings many bugfixes, overall improvements and many security fixes. kdegraphics contains security fixes for CVE-2009-3603,3604,3605,3606,3608,3609,0146,0147,0165,0166,0799,0800,1179,1180,1181,1182,1183 kdelibs contains security fixes for CVE-2009-0689,1687,1690,1698,2702,1725,2537 Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. =========================================================== Ubuntu Security Notice USN-822-1 August 24, 2009 kde4libs, kdelibs vulnerabilities CVE-2009-0945, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: kdelibs4c2a 4:3.5.10-0ubuntu1~hardy1.2 Ubuntu 8.10: kdelibs4c2a 4:3.5.10-0ubuntu6.1 kdelibs5 4:4.1.4-0ubuntu1~intrepid1.2 Ubuntu 9.04: kdelibs4c2a 4:3.5.10.dfsg.1-1ubuntu8.1 kdelibs5 4:4.2.2-0ubuntu5.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: It was discovered that KDE-Libs did not properly handle certain malformed SVG images. This issue only affected Ubuntu 9.04. (CVE-2009-0945) It was discovered that the KDE JavaScript garbage collector did not properly handle memory allocation failures. (CVE-2009-1687) It was discovered that KDE-Libs did not properly handle HTML content in the head element. (CVE-2009-1690) It was discovered that KDE-Libs did not properly handle the Cascading Style Sheets (CSS) attr function call. (CVE-2009-1698) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu1~hardy1.2.diff.gz Size/MD5: 1809719 988ba0b3fcdebaacd489ef624af90d52 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu1~hardy1.2.dsc Size/MD5: 1729 c2ba26fd1969292837be77339835463e http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.orig.tar.gz Size/MD5: 18631467 5eeb6f132e386668a0395d4d426d495e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10-0ubuntu1~hardy1.2_all.deb Size/MD5: 7326386 15016f77751a853d96fbc549bdd0a487 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.10-0ubuntu1~hardy1.2_all.deb Size/MD5: 25454764 b8e521c8bfc228667701baad29f9ea0b http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu1~hardy1.2_all.deb Size/MD5: 9322 8a87b3a4fed9f227bb9e2eb0c0cd4829 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.2_amd64.deb Size/MD5: 26758194 806e9679c84113d44a6fdcb3827e22b6 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.2_amd64.deb Size/MD5: 1381550 739025e9a5f87b174b1b099b8c1f3e4f http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.2_amd64.deb Size/MD5: 10654972 04e9b1429bb914d202bfedfc652dab2f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.2_i386.deb Size/MD5: 25990732 a09812c65c6e8d93ed21591cee340396 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.2_i386.deb Size/MD5: 1410600 4f6d363ac598ecf83ab910e920cb08b0 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.2_i386.deb Size/MD5: 9614618 de2bdf46fa444443af067acdb288d758 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.2_lpia.deb Size/MD5: 25971080 5073531043650dac33a01175fd9ba304 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.2_lpia.deb Size/MD5: 1375956 fbcbdc659fc44128a4bf37afdc3d466b http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.2_lpia.deb Size/MD5: 9642602 904999dc74b11f078c50b9798be80b41 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.2_powerpc.deb Size/MD5: 27656762 88ea3f12cee10e81fe212f604697ee87 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.2_powerpc.deb Size/MD5: 1393490 7b6d787cba530e950ac4e783693cbce9 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.2_powerpc.deb Size/MD5: 10453190 a09dadf79f488712a21d49a829e26c79 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.2_sparc.deb Size/MD5: 25026168 a2066fad04e4b92cb4374a10f3ca4912 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.2_sparc.deb Size/MD5: 1376552 ca7b84a5ea9c36ca36d51b113335ab70 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.2_sparc.deb Size/MD5: 9596082 29426bec2f7943549b046d8aced4172d Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.1.4-0ubuntu1~intrepid1.2.diff.gz Size/MD5: 94086 bca07843a8dbb43504199cf28f5e5e66 http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.1.4-0ubuntu1~intrepid1.2.dsc Size/MD5: 2308 42bc5a6639b095c402aa1336159b958a http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.1.4.orig.tar.gz Size/MD5: 11190299 18264580c1d6d978a3049a13fda36f29 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu6.1.diff.gz Size/MD5: 720448 8dc9da15189485cac9374322825bccbc http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu6.1.dsc Size/MD5: 2284 e99a996b350144fdf4bef83e6f339ce5 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.orig.tar.gz Size/MD5: 18631467 5eeb6f132e386668a0395d4d426d495e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-data_4.1.4-0ubuntu1~intrepid1.2_all.deb Size/MD5: 3110640 8abefbf8d9f4c168a645761589c2935e http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-doc_4.1.4-0ubuntu1~intrepid1.2_all.deb Size/MD5: 68582 86eda9548527b86c791c29789ed7fe28 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10-0ubuntu6.1_all.deb Size/MD5: 7321518 162272e6155b3cd9f3ea08c566b80e5b http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.10-0ubuntu6.1_all.deb Size/MD5: 25522224 a0ce548bf6862e68285df52ac391c429 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu6.1_all.deb Size/MD5: 2270 650ab9bbf7f9748a9344495da23a2c82 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.2_amd64.deb Size/MD5: 395434 02fdee1fed9ff829a045d3785730d2fd http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.2_amd64.deb Size/MD5: 66055728 a8c41d8a9dc4e540a2c7d0c8199799a4 http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.2_amd64.deb Size/MD5: 1440484 79881c87f9bd56d377790807842c3dcb http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.2_amd64.deb Size/MD5: 10104606 421e72c07c231a7a68bcbca2c8069062 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.1_amd64.deb Size/MD5: 27376386 59c3b6c1110365d63e1da80c363b96da http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.1_amd64.deb Size/MD5: 1371456 f25f7f7b7fbc0c99df8ca1f2e734a64c http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.1_amd64.deb Size/MD5: 10929852 e55ab2261280a73df4d75b9a0112ec87 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.2_i386.deb Size/MD5: 371576 68138ccb311714315e34a88645c29b33 http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.2_i386.deb Size/MD5: 65218012 5fd7fa06fa0d28c98f75c58b3c8130ee http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.2_i386.deb Size/MD5: 1437924 c1df5e2b5b8aa17774b23e651b9a88ee http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.2_i386.deb Size/MD5: 9524338 f0a135714a94aefab44f7380a40e967f http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.1_i386.deb Size/MD5: 26665042 cf31490fcc88f793c5ea6175b29b4df3 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.1_i386.deb Size/MD5: 1404872 d383c99760eb1c92ab22a52bd6f33d4e http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.1_i386.deb Size/MD5: 10144008 7e596d9e1464e5d016f674fb5d73b869 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.2_lpia.deb Size/MD5: 376410 ffc3b92e989c2a301559ebeea2f03d6e http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.2_lpia.deb Size/MD5: 65334318 d54fd6082a0ab4c1d324759379674b3d http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.2_lpia.deb Size/MD5: 1440518 01b987ef5588a94e82dbffa4f5afd1a1 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.2_lpia.deb Size/MD5: 9536660 c3369e8abf325a91ab192e1349c3ecb2 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.1_lpia.deb Size/MD5: 26674802 9de5792962f3c0bb21358f44aa000267 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.1_lpia.deb Size/MD5: 1368306 b21739dc8c80f55ce0205efcdd2f2e08 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.1_lpia.deb Size/MD5: 10141386 ee45606aa19cc8ceaeb73c5d4e6048c5 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.2_powerpc.deb Size/MD5: 422856 6467cb43fcd16c4d6db7ff5053aaec1b http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.2_powerpc.deb Size/MD5: 69277942 6820294b0c9505435fbff224c1a4f4f2 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.2_powerpc.deb Size/MD5: 1445424 99b6afac70dead785c3211a9e92516f6 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.2_powerpc.deb Size/MD5: 10239400 be1872cf9859bf46176a2d485584134f http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.1_powerpc.deb Size/MD5: 28217616 c2360441a42e8b9d8b91120b38d8ba51 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.1_powerpc.deb Size/MD5: 1380892 2841eff5fc2a0a50227ca9a8d34c0a3b http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.1_powerpc.deb Size/MD5: 10748632 f6e7de17cd38ee62c1f082a4fb218949 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.2_sparc.deb Size/MD5: 381184 1718118e08731a9690a5ce00f0c9f88b http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.2_sparc.deb Size/MD5: 64515916 f380c0a0865f4dbaad6b7e2d22d93294 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.2_sparc.deb Size/MD5: 1437568 14c1a84e7a518b443b0e851ef41f9ada http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.2_sparc.deb Size/MD5: 9653946 803926ff9f9cc59a2f728d1aef8affbd http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.1_sparc.deb Size/MD5: 25440578 311423fbaa788d51978e7857010c9242 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.1_sparc.deb Size/MD5: 1368492 d4364357c5450b07aca1aa8981d96290 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.1_sparc.deb Size/MD5: 9800480 4dc89a5d63ce16463a822f16fb82f3d7 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.2.2-0ubuntu5.1.diff.gz Size/MD5: 102579 71b53faad8570c6ad92c0fc5e6aa4dfb http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.2.2-0ubuntu5.1.dsc Size/MD5: 2305 558c2bdbbdb899c71197683df45fc75d http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.2.2.orig.tar.gz Size/MD5: 12335659 83d6a0d59e79873bbe0a5a90ef23f27e http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-1ubuntu8.1.diff.gz Size/MD5: 724421 c73109ccdfb1d6c01eda7b6c0b4934a2 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-1ubuntu8.1.dsc Size/MD5: 2342 8ee55c88b43902a23d127d14917511be http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1.orig.tar.gz Size/MD5: 18639393 4bcfee29b0f939415791f5032a72e7b0 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-data_4.2.2-0ubuntu5.1_all.deb Size/MD5: 1991468 99747c4c57d32b9d7477ff0c418cbd1b http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10.dfsg.1-1ubuntu8.1_all.deb Size/MD5: 6751880 d7dfaf8fc4b8e658722a2beaaa3403d6 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-1ubuntu8.1_all.deb Size/MD5: 2272 fcf90c11a73566f41fd0eb5b54c4ee8f amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.1_amd64.deb Size/MD5: 280594 b0ccdd311755d4d73e4ae5c14b749c41 http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.1_amd64.deb Size/MD5: 44148058 a7db92bd1bcf982314b0b89c1651a39b http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.1_amd64.deb Size/MD5: 1091210 b5430381f4c37424295eed580303a58c http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.1_amd64.deb Size/MD5: 7069750 e38c9e852339ef6c2134421765ed4eeb http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.1_amd64.deb Size/MD5: 102446 4370939a24e6e0783da79e4781a63b33 http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.1_amd64.deb Size/MD5: 611834 f61383e1830f92ed8ce2331ce4b8a366 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.1_amd64.deb Size/MD5: 27110136 a617a5b148e5e78f3b8523198869c8b0 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.1_amd64.deb Size/MD5: 1360082 d22364103ba04d238e9c6ce6632132c4 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.1_amd64.deb Size/MD5: 10782444 6fea32d8dd41bfae44c2c6392e74928d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.1_i386.deb Size/MD5: 268936 55d68e9bbd600e288721479d2b90e16e http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.1_i386.deb Size/MD5: 43456236 4fe778549740544eb1304cfba184d899 http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.1_i386.deb Size/MD5: 1090396 db9306ddd8d1029b523ef398cb0acfcb http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.1_i386.deb Size/MD5: 6775516 374ea41072ec5221589c5f022f648434 http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.1_i386.deb Size/MD5: 126910 e4dbfd8386ea15fb613d7d56c971fd5e http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.1_i386.deb Size/MD5: 569616 b83e42d5f01e5e64ebb376820855771d http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.1_i386.deb Size/MD5: 26382844 e88d283fb997e17aa96e8d7b0d6ca41e http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.1_i386.deb Size/MD5: 1394762 97bb37a8d0c8d60e278b671e14ee678b http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.1_i386.deb Size/MD5: 10006808 1e023a799c01aa6826ec770afbd68c90 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.1_lpia.deb Size/MD5: 275124 9779e3644ebfe8d78b7a4e3ffbf911f1 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.1_lpia.deb Size/MD5: 43588032 45eed1b291e0bd64bbbbbb3310d0f627 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.1_lpia.deb Size/MD5: 1092816 f7f13887c87e7ff27ae68785010e6720 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.1_lpia.deb Size/MD5: 6849342 b864a2c9fa03c050581a3102194adc1b http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.1_lpia.deb Size/MD5: 102444 7fee9a94b561c3fc03eac8de41b9ced5 http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.1_lpia.deb Size/MD5: 599800 9a75c9c7a63848de9c911e45370556e4 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.1_lpia.deb Size/MD5: 26385234 73d6c254de10b86ee1c4e042ad6af402 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.1_lpia.deb Size/MD5: 1356828 d361a888c74d0c508876404cbcad4af5 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.1_lpia.deb Size/MD5: 10020040 4f9bc1c45c3dd04185de146cb1d1f4fd powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.1_powerpc.deb Size/MD5: 269632 341b2a4e4e1dc63aa429a525ac5a2cd4 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.1_powerpc.deb Size/MD5: 43129040 2288d1735b6c017024e04702626a139d http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.1_powerpc.deb Size/MD5: 1089846 b7ce576938df67875e4cd0e61c86f9cd http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.1_powerpc.deb Size/MD5: 6201830 fa9f8330ab5390563e78f2dbdce2e3e5 http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.1_powerpc.deb Size/MD5: 102426 1cc244e9262435b1779586108b2388af http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.1_powerpc.deb Size/MD5: 554306 bc91379d58e2cc610671b092fcacbeb5 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.1_powerpc.deb Size/MD5: 27928600 45b14e2a27fba6bd686880d8db9df586 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.1_powerpc.deb Size/MD5: 1369304 3d402371b107efa1a35551ebf4d5b502 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.1_powerpc.deb Size/MD5: 10611572 a85ed7be116a175427d9da3ab4d1325f sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.1_sparc.deb Size/MD5: 249574 e2e1b89231e89f4756c5abf11fc3f336 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.1_sparc.deb Size/MD5: 40331324 5505211faa8ff8b08be22e533dd49dff http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.1_sparc.deb Size/MD5: 1086200 4f8049b2f341873fd26ecb2b03b1ba21 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.1_sparc.deb Size/MD5: 5941632 a62ca018afa73d9d42feabd7cd12e534 http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.1_sparc.deb Size/MD5: 102468 6e6a2473358e87b7866b4844659d5a85 http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.1_sparc.deb Size/MD5: 529504 cc978af233ef52e1211e52ad00199cb0 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.1_sparc.deb Size/MD5: 25158764 020573ace30e4a179891aec0abe60149 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.1_sparc.deb Size/MD5: 1356898 a5c04c3bfce3e79bac6ad5be6b97e212 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.1_sparc.deb Size/MD5: 9662850 c7a7204aede16a1951ec1af8a26b4d1c
VAR-200902-0004 CVE-2009-0440 IBM WebSphere Partner Gateway Illegal in RosettaNet document ( alias RNIF document ) Vulnerability sent to CVSS V2: 6.5
CVSS V3: -
Severity: MEDIUM
IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print.". IBM WebSphere Partner Gateway is prone to a security-bypass vulnerability. Successful exploits may allow attackers to pass malicious RosettaNet Implementation Framework (RNIF) documents to a back-end application. ---------------------------------------------------------------------- Did you know? Our assessment and impact rating along with detailed information such as exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/ Click here to trial our solutions: http://secunia.com/advisories/try_vi/ ---------------------------------------------------------------------- TITLE: IBM WebSphere Partner Gateway RNIF Signature Verification Bypass SECUNIA ADVISORY ID: SA33994 VERIFY ADVISORY: http://secunia.com/advisories/33994/ DESCRIPTION: A vulnerability has been reported in IBM WebSphere Partner Gateway, which can be exploited by malicious users to bypass certain security restrictions. SOLUTION: Update to version 6.0.0.7 and apply APAR JR31231. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www-01.ibm.com/support/docview.wss?uid=swg21330341 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200902-0472 CVE-2009-0137 Safari RSS In any JavaScript Vulnerability to be executed CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues.". Safari RSS Has a feed URL In the local security zone. JavaScript There is a vulnerability that is executed.Any remote attacker JavaScript May be executed. Apple Safari is prone to multiple input-validation vulnerabilities. An attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious website. Successfully exploiting these issues will allow the attacker to execute arbitrary JavaScript code in the local security zone. This may allow the attacker to obtain sensitive information that can aid in further attacks; other consequences may also occur. These issues affect versions prior to Safari 3.2.2 for Windows. NOTE: This BID was previously titled 'Apple Safari RSS Feed Information Disclosure Vulnerability', but has been updated to reflect new information. Mac OS X is the operating system used by the Apple family of machines
VAR-200901-0272 CVE-2009-0123 Mac OS X and Windows Run on Apple Safari Vulnerable to browsing arbitrary files on client machines CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Apple Safari is prone to multiple input-validation vulnerabilities. An attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious website. Successfully exploiting these issues will allow the attacker to execute arbitrary JavaScript code in the local security zone. This may allow the attacker to obtain sensitive information that can aid in further attacks; other consequences may also occur. These issues affect versions prior to Safari 3.2.2 for Windows. NOTE: This BID was previously titled 'Apple Safari RSS Feed Information Disclosure Vulnerability', but has been updated to reflect new information. A remote attacker can use specific vectors to read arbitrary files on the client machine. These vectors are associated with Safari and feedsearch URL-like connections for (1) feeds, (2) feeds, and (3) RSS feeds. ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Apple Safari RSS Feed URL Handling Information Disclosure SECUNIA ADVISORY ID: SA33458 VERIFY ADVISORY: http://secunia.com/advisories/33458/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: >From remote SOFTWARE: Safari 3.x http://secunia.com/advisories/product/17989/ Safari for Windows 3.x http://secunia.com/advisories/product/17978/ DESCRIPTION: Brian Mastenbrook has reported a vulnerability in Apple Safari, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an unspecified error within the handling of RSS feed URLs and can potentially be exploited to gain access to sensitive information. SOLUTION: Do not visit untrusted web sites and don't follow untrusted links. PROVIDED AND/OR DISCOVERED BY: Brian Mastenbrook ORIGINAL ADVISORY: http://brian.mastenbrook.net/display/27 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200901-0269 CVE-2009-0120 IBM WebSphere DataPower XML Security Gateway XS40 Remote Denial Of Service Vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection, as demonstrated by the abc\r\n\r\n string data. Remote attackers can exploit this issue to cause the device to reboot, denying service to legitimate users. WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 is affected; other versions may also be vulnerable
VAR-200901-0714 CVE-2008-5077 F5 FirePass OpenSSL has an unknown vulnerability CVSS V2: 5.8
CVSS V3: -
Severity: MEDIUM
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. F5's FirePass server is a powerful network device that can provide users with secure access to the company's network through any standard web browser. F5 FirePass products have unidentified security vulnerabilities, allowing malicious users to conduct fraud and forgery attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-09:02.openssl Security Advisory The FreeBSD Project Topic: OpenSSL incorrectly checks for malformed signatures Category: contrib Module: openssl Announced: 2009-01-07 Credits: Google Security Team Affects: All FreeBSD releases Corrected: 2009-01-07 21:03:41 UTC (RELENG_7, 7.1-STABLE) 2009-01-07 20:17:55 UTC (RELENG_7_1, 7.1-RELEASE-p1) 2009-01-07 20:17:55 UTC (RELENG_7_0, 7.0-RELEASE-p8) 2009-01-07 20:17:55 UTC (RELENG_6, 6.4-STABLE) 2009-01-07 20:17:55 UTC (RELENG_6_4, 6.4-RELEASE-p2) 2009-01-07 20:17:55 UTC (RELENG_6_3, 6.3-RELEASE-p8) CVE Name: CVE-2008-5077 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. Problem Description The EVP_VerifyFinal() function from OpenSSL is used to determine if a digital signature is valid. This is only a problem for DSA and ECDSA keys. III. Impact For applications using OpenSSL for SSL connections, an invalid SSL certificate may be interpreted as valid. This could for example be used by an attacker to perform a man-in-the-middle attack. Other applications which use the OpenSSL EVP API may similarly be affected. IV. Workaround For a server an RSA signed certificate may be used instead of DSA or ECDSA based certificate. Note that Mozilla Firefox does not use OpenSSL and thus is not affected. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 6.3, 6.4, 7.0, and 7.1 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 7.x] # fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch # fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch.asc [FreeBSD 6.x] # fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch # fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/secure/lib/libssl # make obj && make depend && make && make install # cd /usr/src/secure/usr.bin/openssl # make obj && make depend && make && make install NOTE: On the amd64 platform, the above procedure will not update the lib32 (i386 compatibility) libraries. On amd64 systems where the i386 compatibility libraries are used, the operating system should instead be recompiled as described in <URL:http://www.FreeBSD.org/handbook/makeworld.html> VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_6 src/crypto/openssl/apps/speed.c 1.13.2.1 src/crypto/openssl/apps/verify.c 1.1.1.5.12.1 src/crypto/openssl/apps/x509.c 1.1.1.10.2.1 src/crypto/openssl/apps/spkac.c 1.1.1.4.12.1 src/crypto/openssl/ssl/s2_srvr.c 1.12.2.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.2 src/crypto/openssl/ssl/s2_clnt.c 1.13.2.2 RELENG_6_4 src/UPDATING 1.416.2.40.2.5 src/sys/conf/newvers.sh 1.69.2.18.2.8 src/crypto/openssl/apps/speed.c 1.13.12.1 src/crypto/openssl/apps/verify.c 1.1.1.5.24.1 src/crypto/openssl/apps/x509.c 1.1.1.10.12.1 src/crypto/openssl/apps/spkac.c 1.1.1.4.24.1 src/crypto/openssl/ssl/s2_srvr.c 1.12.12.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.12.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.6.1 src/crypto/openssl/ssl/s2_clnt.c 1.13.2.1.6.1 RELENG_6_3 src/UPDATING 1.416.2.37.2.13 src/sys/conf/newvers.sh 1.69.2.15.2.12 src/crypto/openssl/apps/speed.c 1.13.10.1 src/crypto/openssl/apps/verify.c 1.1.1.5.22.1 src/crypto/openssl/apps/x509.c 1.1.1.10.10.1 src/crypto/openssl/apps/spkac.c 1.1.1.4.22.1 src/crypto/openssl/ssl/s2_srvr.c 1.12.10.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.10.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.4.1 src/crypto/openssl/ssl/s2_clnt.c 1.13.2.1.4.1 RELENG_7 src/crypto/openssl/apps/speed.c 1.15.2.1 src/crypto/openssl/apps/verify.c 1.1.1.6.2.1 src/crypto/openssl/apps/x509.c 1.1.1.11.2.1 src/crypto/openssl/apps/spkac.c 1.1.1.5.2.1 src/crypto/openssl/ssl/s2_srvr.c 1.13.2.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.1 src/crypto/openssl/ssl/ssltest.c 1.1.1.10.2.1 src/crypto/openssl/ssl/s2_clnt.c 1.15.2.1 RELENG_7_1 src/UPDATING 1.507.2.13.2.4 src/sys/conf/newvers.sh 1.72.2.9.2.5 src/crypto/openssl/apps/speed.c 1.15.6.1 src/crypto/openssl/apps/verify.c 1.1.1.6.6.1 src/crypto/openssl/apps/x509.c 1.1.1.11.6.1 src/crypto/openssl/apps/spkac.c 1.1.1.5.6.1 src/crypto/openssl/ssl/s2_srvr.c 1.13.6.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.6.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.6.1 src/crypto/openssl/ssl/ssltest.c 1.1.1.10.6.1 src/crypto/openssl/ssl/s2_clnt.c 1.15.6.1 RELENG_7_0 src/UPDATING 1.507.2.3.2.12 src/sys/conf/newvers.sh 1.72.2.5.2.12 src/crypto/openssl/apps/speed.c 1.15.4.1 src/crypto/openssl/apps/verify.c 1.1.1.6.4.1 src/crypto/openssl/apps/x509.c 1.1.1.11.4.1 src/crypto/openssl/apps/spkac.c 1.1.1.5.4.1 src/crypto/openssl/ssl/s2_srvr.c 1.13.4.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.4.1 src/crypto/openssl/ssl/ssltest.c 1.1.1.10.4.1 src/crypto/openssl/ssl/s2_clnt.c 1.15.4.1 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/6/ r186873 releng/6.4/ r186872 releng/6.3/ r186872 stable/7/ r186872 releng/7.1/ r186872 releng/7.0/ r186872 - ------------------------------------------------------------------------- VII. HP System Management Homepage (SMH) before v3.0.1.73 running on Linux and Windows 2003, 2008. This vulnerability is tracked as CVE-2008-5077. The OpenSSL security team would like to thank the Google Security Team for reporting this issue. Who is affected? ================= Everyone using OpenSSL releases prior to 0.9.8j as an SSL/TLS client when connecting to a server whose certificate contains a DSA or ECDSA key. Verification of client certificates by OpenSSL servers for any key type is NOT affected. Recommendations for users of OpenSSL ===================================== Users of OpenSSL 0.9.8 should update to the OpenSSL 0.9.8j release which contains a patch to correct this issue. The patch used is also appended to this advisory for users or distributions who wish to backport this patch to versions they build from source. Recommendations for projects using OpenSSL =========================================== Projects and products using OpenSSL should audit any use of the routine EVP_VerifyFinal() to ensure that the return code is being correctly handled. As documented, this function returns 1 for a successful verification, 0 for failure, and -1 for an error. General recommendations ======================== Any server that has clients using OpenSSL verifying DSA or ECDSA certificates, regardless of the software used by the server, should either ensure that all clients are upgraded or stop using DSA/ECDSA certificates. Note that unless certificates are revoked (and clients check for revocation) impersonation will still be possible until the certificate expires. References =========== URL for this Security Advisory: http://www.openssl.org/news/secadv_20090107.txt diff -ur openssl-0.9.8i-ORIG/apps/speed.c openssl-0.9.8i/apps/speed.c --- openssl-0.9.8i/apps/speed.c 2007-11-15 13:33:47.000000000 +0000 +++ openssl-0.9.8i/apps/speed-new.c 2008-12-04 00:00:00.000000000 +0000 @@ -2132,7 +2132,7 @@ { ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]); - if (ret == 0) + if (ret <= 0) { BIO_printf(bio_err, "RSA verify failure\n"); diff -ur openssl-0.9.8i-ORIG/apps/spkac.c openssl-0.9.8i/apps/spkac.c --- openssl-0.9.8i-ORIG/apps/spkac.c 2005-04-05 19:11:18.000000000 +0000 +++ openssl-0.9.8i/apps/spkac.c 2008-12-04 00:00:00.000000000 +0000 @@ -285,7 +285,7 @@ pkey = NETSCAPE_SPKI_get_pubkey(spki); if(verify) { i = NETSCAPE_SPKI_verify(spki, pkey); - if(i) BIO_printf(bio_err, "Signature OK\n"); + if (i > 0) BIO_printf(bio_err, "Signature OK\n"); else { BIO_printf(bio_err, "Signature Failure\n"); ERR_print_errors(bio_err); diff -ur openssl-0.9.8i-ORIG/apps/verify.c openssl-0.9.8i/apps/verify.c --- openssl-0.9.8i-ORIG/apps/verify.c 2004-11-29 11:28:07.000000000 +0000 +++ openssl-0.9.8i/apps/verify.c 2008-12-04 00:00:00.600000000 +0000 @@ -266,7 +266,7 @@ ret=0; end: - if (i) + if (i > 0) { fprintf(stdout,"OK\n"); ret=1; @@ -367,4 +367,3 @@ ERR_clear_error(); return(ok); } - diff -ur openssl-0.9.8i-ORIG/apps/x509.c openssl-0.9.8i/apps/x509.c --- openssl-0.9.8i-ORIG/apps/x509.c 2007-10-12 00:00:10.000000000 +0000 +++ openssl-0.9.8i/apps/x509.c 2008-12-04 00:00:00.400000000 +0000 @@ -1151,7 +1151,7 @@ /* NOTE: this certificate can/should be self signed, unless it was * a certificate request in which case it is not. */ X509_STORE_CTX_set_cert(&xsc,x); - if (!reqfile && !X509_verify_cert(&xsc)) + if (!reqfile && X509_verify_cert(&xsc) <= 0) goto end; if (!X509_check_private_key(xca,pkey)) diff -ur openssl-0.9.8i-ORIG/crypto/cms/cms_sd.c openssl-0.9.8i/crypto/cms/cms_sd.c --- openssl-0.9.8i-ORIG/crypto/cms/cms_sd.c 2008-04-06 16:30:38.000000000 +0000 +++ openssl-0.9.8i/crypto/cms/cms_sd.c 2008-12-04 00:00:00.400000000 +0000 @@ -830,7 +830,7 @@ cms_fixup_mctx(&mctx, si->pkey); r = EVP_VerifyFinal(&mctx, si->signature->data, si->signature->length, si->pkey); - if (!r) + if (r <= 0) CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE); err: EVP_MD_CTX_cleanup(&mctx); diff -ur openssl-0.9.8i-ORIG/ssl/s2_clnt.c openssl-0.9.8i/ssl/s2_clnt.c --- openssl-0.9.8i-ORIG/ssl/s2_clnt.c 2007-09-06 12:43:53.000000000 +0000 +++ openssl-0.9.8i/ssl/s2_clnt.c 2008-12-04 00:00:00.100000000 +0000 @@ -1044,7 +1044,7 @@ i=ssl_verify_cert_chain(s,sk); - if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)) + if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) { SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); goto err; diff -ur openssl-0.9.8i-ORIG/ssl/s2_srvr.c openssl-0.9.8i/ssl/s2_srvr.c --- openssl-0.9.8i-ORIG/ssl/s2_srvr.c 2007-09-06 12:43:53.000000000 +0000 +++ openssl-0.9.8i/ssl/s2_srvr.c 2008-12-04 00:00:00.900000000 +0000 @@ -1054,7 +1054,7 @@ i=ssl_verify_cert_chain(s,sk); - if (i) /* we like the packet, now check the chksum */ + if (i > 0) /* we like the packet, now check the chksum */ { EVP_MD_CTX ctx; EVP_PKEY *pkey=NULL; @@ -1083,7 +1083,7 @@ EVP_PKEY_free(pkey); EVP_MD_CTX_cleanup(&ctx); - if (i) + if (i > 0) { if (s->session->peer != NULL) X509_free(s->session->peer); diff -ur openssl-0.9.8i-ORIG/ssl/s3_clnt.c openssl-0.9.8i/ssl/s3_clnt.c --- openssl-0.9.8i-ORIG/ssl/s3_clnt.c 2008-06-16 16:56:41.000000000 +0000 +++ openssl-0.9.8i/ssl/s3_clnt.c 2008-12-04 00:00:00.100000000 +0000 @@ -972,7 +972,7 @@ } i=ssl_verify_cert_chain(s,sk); - if ((s->verify_mode != SSL_VERIFY_NONE) && (!i) + if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0) #ifndef OPENSSL_NO_KRB5 && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) != (SSL_aKRB5|SSL_kKRB5) @@ -1459,7 +1459,7 @@ EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,param,param_len); - if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey)) + if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0) { /* bad signature */ al=SSL_AD_DECRYPT_ERROR; @@ -1477,7 +1477,7 @@ EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,param,param_len); - if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey)) + if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0) { /* bad signature */ al=SSL_AD_DECRYPT_ERROR; diff -ur openssl-0.9.8i-ORIG/ssl/s3_srvr.c openssl-0.9.8i/ssl/s3_srvr.c --- openssl-0.9.8i-ORIG/ssl/s3_srvr.c 2008-09-14 18:16:09.000000000 +0000 +++ openssl-0.9.8i/ssl/s3_srvr.c 2008-12-04 00:00:00.100000000 +0000 @@ -2560,7 +2560,7 @@ else { i=ssl_verify_cert_chain(s,sk); - if (!i) + if (i <= 0) { al=ssl_verify_alarm_type(s->verify_result); SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED); diff -ur openssl-0.9.8i-ORIG/ssl/ssltest.c openssl-0.9.8i/ssl/ssltest.c --- openssl-0.9.8i-ORIG/ssl/ssltest.c 2008-06-16 16:56:42.000000000 +0000 +++ openssl-0.9.8i/ssl/ssltest.c 2008-12-04 00:00:00.900000000 +0000 @@ -2093,7 +2093,7 @@ if (cb_arg->proxy_auth) { - if (ok) + if (ok > 0) { const char *cond_end = NULL; . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01706219 Version: 1 HPSBUX02418 SSRT090002 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2009-03-31 Last Updated: 2009-03-30 Potential Security Impact: Remote unauthorized access Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running OpenSSL. The vulnerability could be exploited remotely to allow an unauthorized access. References: CVE-2008-5077 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL BACKGROUND CVSS 2.0 Base Metrics =============================================== Reference Base Vector Base Score CVE-2008-5077 (AV:R/AC:L/Au:N/C:N/I:P/A:N) 5.0 =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002. RESOLUTION HP has provided the following patches to resolve this vulnerability. The patches are available from the following location: URL: http://software.hp.com HP-UX Release HP-UX OpenSSL version B.11.11 (11i v1) A.00.09.07m.046 B.11.23 (11i v2) A.00.09.07m.047 B.11.31 (11i v3) A.00.09.08j.003 MANUAL ACTIONS: Yes - Update PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 ================== fips_1_1_2.FIPS-CONF fips_1_1_2.FIPS-DOC fips_1_1_2.FIPS-INC fips_1_1_2.FIPS-LIB fips_1_1_2.FIPS-MAN fips_1_1_2.FIPS-MIS fips_1_1_2.FIPS-RUN fips_1_1_2.FIPS-SRC action: install revision FIPS-OPENSSL-1.1.2.046 or subsequent fips_1_2.FIPS-CONF fips_1_2.FIPS-DOC fips_1_2.FIPS-INC fips_1_2.FIPS-LIB fips_1_2.FIPS-MAN fips_1_2.FIPS-MIS fips_1_2.FIPS-RUN fips_1_2.FIPS-SRC action: install revision FIPS-OPENSSL-1.2.001 or subsequent openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.07m.046 or subsequent URL: http://software.hp.com HP-UX B.11.23 ================== fips_1_1_2.FIPS-CONF fips_1_1_2.FIPS-DOC fips_1_1_2.FIPS-INC fips_1_1_2.FIPS-LIB fips_1_1_2.FIPS-MAN fips_1_1_2.FIPS-MIS fips_1_1_2.FIPS-RUN fips_1_1_2.FIPS-SRC action: install revision FIPS-OPENSSL-1.1.2.047 or subsequent fips_1_2.FIPS-CONF fips_1_2.FIPS-DOC fips_1_2.FIPS-INC fips_1_2.FIPS-LIB fips_1_2.FIPS-LIB fips_1_2.FIPS-MAN fips_1_2.FIPS-MIS fips_1_2.FIPS-RUN fips_1_2.FIPS-RUN fips_1_2.FIPS-SRC action: install revision FIPS-OPENSSL-1.2.002 or subsequent openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.07m.047 or subsequent URL: http://software.hp.com HP-UX B.11.31 ================== fips_1_1_2.FIPS-CONF fips_1_1_2.FIPS-DOC fips_1_1_2.FIPS-INC fips_1_1_2.FIPS-LIB fips_1_1_2.FIPS-MAN fips_1_1_2.FIPS-MIS fips_1_1_2.FIPS-RUN fips_1_1_2.FIPS-SRC action: install revision FIPS-OPENSSL-1.1.2.048 or subsequent fips_1_2.FIPS-CONF fips_1_2.FIPS-DOC fips_1_2.FIPS-INC fips_1_2.FIPS-LIB fips_1_2.FIPS-MAN fips_1_2.FIPS-MIS fips_1_2.FIPS-RUN fips_1_2.FIPS-SRC action: install revision FIPS-OPENSSL-1.2.003 or subsequent openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08j.003 or subsequent URL: http://software.hp.com END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 31 March 2009 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." \xa9Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBSdNBjeAfOvwtKn1ZEQI07wCg4iu1Jn5I5OInhZq8nYL+a/9MT2UAoPGR gTd3Vf2bK3bnrFOIBFl0/t75 =vt7j -----END PGP SIGNATURE----- . At the request of the OpenSSL team, oCERT has aided in the remediation coordination for other projects with similar API misuse vulnerabilities. In addition to EVP_VerifyFinal, the return codes from DSA_verify and DSA_do_verify functions were being incorrectly validated, and packages doing so are affected in a similar fashion as OpenSSL. NTP <= 4.2.4p5 (production), <= 4.2.5p150 (development) Sun GridEngine <= 5.3 Gale <= 0.99 OpenEvidence <= 1.0.6 Belgian eID middleware - eidlib <= 2.6.0 [2] Freedom Network Server <= 2.x The following packages were identified as affected by a vulnerability similar to the OpenSSL one, as they use OpenSSL DSA_verify function and incorrectly check the return code. 2 - Belgian eID middleware latest versions are not available in source form, therefore we cannot confirm if they are affected Fixed version: OpenSSL >= 0.9.8j NTP >= 4.2.4p6 (production), >= 4.2.5p153 (development) Sun GridEngine >= 6.0 Gale N/A OpenEvidence N/A Belgian eID middleware - eidlib N/A Freedom Network Server N/A BIND >= 9.3.6-P1, 9.4.3-P1, 9.5.1-P1, 9.6.0-P1 Lasso >= 2.2.2 ZXID N/A Credit: Google Security Team (for the original OpenSSL issue). CVE: CVE-2008-5077 (OpenSSL), CVE-2009-0021 (NTP), CVE-2009-0025 (BIND) Timeline: 2008-12-16: OpenSSL Security Team requests coordination aid from oCERT 2008-12-16: oCERT investigates packages affected by similar issues 2008-12-16: contacted affected vendors 2008-12-17: investigation expanded to DSA verification 2008-12-17: BIND, Lasso and ZXID added to affected packages 2008-12-18: contacted additional affected vendors 2009-01-05: status updates and patch dissemination to affected vendors 2009-01-05: confirmation from BIND of issue and fix 2009-01-06: requested CVE assignment for BIND 2009-01-07: advisory published References: http://openssl.org/news/secadv_20090107.txt Links: http://openssl.org/ http://www.ntp.org/ http://gridengine.sunsource.net/ http://gale.org/ http://www.openevidence.org/ http://eid.belgium.be/ http://www.google.com/codesearch/p?#1vGzyQX--LU/achilles/remailer/zero-knowledge/freedomserver-2.x.tgz/ https://www.isc.org/products/BIND http://lasso.entrouvert.org/ http://www.zxid.org/ Permalink: http://www.ocert.org/advisories/ocert-2008-016.html -- Will Drewry <redpig@ocert.org> oCERT Team :: http://ocert.org . Background ========== ntp contains the client and daemon implementations for the Network Time Protocol. The updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 6585e08eab279e6a249630385683bf43 2008.0/i586/libopenssl0.9.8-0.9.8e-8.2mdv2008.0.i586.rpm b5955c2c0a2cc24abd9f5f3ebc7d0148 2008.0/i586/libopenssl0.9.8-devel-0.9.8e-8.2mdv2008.0.i586.rpm 7c92323d7aa583b936ef908f3f6ac867 2008.0/i586/libopenssl0.9.8-static-devel-0.9.8e-8.2mdv2008.0.i586.rpm 2b791168311c3ecba4f8b7acd24e64ab 2008.0/i586/openssl-0.9.8e-8.2mdv2008.0.i586.rpm cf51c48e4c05ac5357f6076fbaeff0a5 2008.0/SRPMS/openssl-0.9.8e-8.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 6259ac00622227eee59f888bc516bc3a 2008.0/x86_64/lib64openssl0.9.8-0.9.8e-8.2mdv2008.0.x86_64.rpm fe745327c1bbb599e025a5b90bb05817 2008.0/x86_64/lib64openssl0.9.8-devel-0.9.8e-8.2mdv2008.0.x86_64.rpm bdb7113b06aab0c4d77cbf86bcf208c2 2008.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8e-8.2mdv2008.0.x86_64.rpm d4fda198a80b88c7caaf947af0866df8 2008.0/x86_64/openssl-0.9.8e-8.2mdv2008.0.x86_64.rpm cf51c48e4c05ac5357f6076fbaeff0a5 2008.0/SRPMS/openssl-0.9.8e-8.2mdv2008.0.src.rpm Mandriva Linux 2008.1: 4a0be98cd3fb82a22e3836c5ae81ed37 2008.1/i586/libopenssl0.9.8-0.9.8g-4.2mdv2008.1.i586.rpm 277058ecc1d26d24bf4da5ea27d4a31f 2008.1/i586/libopenssl0.9.8-devel-0.9.8g-4.2mdv2008.1.i586.rpm 29b08a5a233f1987c4ca98aaa4e97ac5 2008.1/i586/libopenssl0.9.8-static-devel-0.9.8g-4.2mdv2008.1.i586.rpm e47be879abc0c089a8f380469a6a62c8 2008.1/i586/openssl-0.9.8g-4.2mdv2008.1.i586.rpm 7395d0e10c1938be16261baba05da55c 2008.1/SRPMS/openssl-0.9.8g-4.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 71a69804b928a9f7856f65fee332c5ab 2008.1/x86_64/lib64openssl0.9.8-0.9.8g-4.2mdv2008.1.x86_64.rpm e9c5d1d4895a5a679945bde62df6f988 2008.1/x86_64/lib64openssl0.9.8-devel-0.9.8g-4.2mdv2008.1.x86_64.rpm 7f2d66839f93e2083dcd1b1f27ca4ddf 2008.1/x86_64/lib64openssl0.9.8-static-devel-0.9.8g-4.2mdv2008.1.x86_64.rpm 40408ffdf13faa6c79b28c764bb88b22 2008.1/x86_64/openssl-0.9.8g-4.2mdv2008.1.x86_64.rpm 7395d0e10c1938be16261baba05da55c 2008.1/SRPMS/openssl-0.9.8g-4.2mdv2008.1.src.rpm Mandriva Linux 2009.0: 2512f6a41e9a8e7bcff53e5737029689 2009.0/i586/libopenssl0.9.8-0.9.8h-3.1mdv2009.0.i586.rpm d7774faaed2866da5bb05cbcf07604da 2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.1mdv2009.0.i586.rpm ed99160bdf1ce33fa81dc47c71915318 2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.1mdv2009.0.i586.rpm 6116fafed014596ee1e6ec43db93133f 2009.0/i586/openssl-0.9.8h-3.1mdv2009.0.i586.rpm 8ad6b0d8aff3bb992d716668450aef3a 2009.0/SRPMS/openssl-0.9.8h-3.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: d2cc04fc0bdaeea8e4cc5d7ab4e997fd 2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.1mdv2009.0.x86_64.rpm b537da3113c75f87c4fa8d66be2d6797 2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.1mdv2009.0.x86_64.rpm ef9add2bec302b324b9c0690cf79b57c 2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.1mdv2009.0.x86_64.rpm 16b8c11f4d6dedf2e4176bfc55607c15 2009.0/x86_64/openssl-0.9.8h-3.1mdv2009.0.x86_64.rpm 8ad6b0d8aff3bb992d716668450aef3a 2009.0/SRPMS/openssl-0.9.8h-3.1mdv2009.0.src.rpm Corporate 3.0: 5e8f4b7c1e646d0e16af2d83238a011b corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.9.C30mdk.i586.rpm 5115d911b9a6842fd0c3495429c7c2f2 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.9.C30mdk.i586.rpm b934b4f9686deef6cb1eba750ab36288 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.9.C30mdk.i586.rpm 11ec8a4df261d4d4fa9957d33be08604 corporate/3.0/i586/openssl-0.9.7c-3.9.C30mdk.i586.rpm dcd1a4feb1a04302c54465dce7c7c506 corporate/3.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm Corporate 3.0/X86_64: 64521521330df90b42c9c37cafe50b54 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.9.C30mdk.x86_64.rpm 3a85c30c0511e42ec76c80e08efe5192 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.9.C30mdk.x86_64.rpm 12af66f30c5022d8d29b57a9131458c3 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.9.C30mdk.x86_64.rpm 62f5c54be99ddc9458670ae04b24d3f0 corporate/3.0/x86_64/openssl-0.9.7c-3.9.C30mdk.x86_64.rpm dcd1a4feb1a04302c54465dce7c7c506 corporate/3.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm Corporate 4.0: 60c64d9ead2b01fb39058a705fcb95dc corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.7.20060mlcs4.i586.rpm fb4d5555c211b375707bf7d194e74776 corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.7.20060mlcs4.i586.rpm c13ff967b4310e5a790e85595f940b7e corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.7.20060mlcs4.i586.rpm e9a96a389c00ee674d689e3747c3e501 corporate/4.0/i586/openssl-0.9.7g-2.7.20060mlcs4.i586.rpm 4df38ebd98b467bdee0d4a24d3b0158f corporate/4.0/SRPMS/openssl-0.9.7g-2.7.20060mlcs4.src.rpm Corporate 4.0/X86_64: de71d0bbc98589afdf03b7a99aad7103 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.7.20060mlcs4.x86_64.rpm 0c330148b55987e50f491c7e4d3b65a5 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.7.20060mlcs4.x86_64.rpm ce64720b2685fada3e88a5725c43b532 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.7.20060mlcs4.x86_64.rpm 29f0f40602184d7f366e1d1d8e5c03e4 corporate/4.0/x86_64/openssl-0.9.7g-2.7.20060mlcs4.x86_64.rpm 4df38ebd98b467bdee0d4a24d3b0158f corporate/4.0/SRPMS/openssl-0.9.7g-2.7.20060mlcs4.src.rpm Multi Network Firewall 2.0: 74a4beac1c01f9fd888dd5eea356f7be mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.9.C30mdk.i586.rpm c809a08f26051c7a3931ccda00c94429 mnf/2.0/i586/openssl-0.9.7c-3.9.C30mdk.i586.rpm 8ae9f7004b77dca2317980ba4215dc92 mnf/2.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJZqIYmqjQ0CJFipgRAqRNAKDNNvWgsIk0/eh5f8539zOJ7dtnnQCeJezP ZE8i9Ju80WcdhXe9yIoPevE= =9n1t -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200902-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Certificate validation error Date: February 12, 2009 Bugs: #251346 ID: 200902-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An error in the OpenSSL certificate chain validation might allow for spoofing attacks. Impact ====== A remote attacker could exploit this vulnerability and spoof arbitrary names to conduct Man-In-The-Middle attacks and intercept sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8j" References ========== [ 1 ] CVE-2008-5077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200902-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . HP SSL v1.3 for OpenVMS Alpha (v 8.2 or higher) and Integrity (v 8.2-1 or higher)
VAR-200901-0399 CVE-2008-4827 AddTab Multiple heap overflow vulnerabilities in methods

Related entries in the VARIoT exploits database: VAR-E-200901-0112		 CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8, SAP GUI 6.40 Patch 29 and 7.10, and possibly other products, allow remote attackers to execute arbitrary code by adding many tabs, or adding tabs with long tab captions. The SizerOne ActiveX control used in products by multiple vendors is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within the context of the application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in denial-of-service conditions. ====================================================================== 2) Severity Rating: Highly critical Impact: System compromise Where: Remote ====================================================================== 3) Vendor's Description of Software "SAP GUI is SAP's universal client for accessing SAP functionality in SAP applications such as - SAP ERP, SAP Business Suite (SAP CRM, SAP SCM and SAP PLM), SAP Business Intelligence and so on. SAP GUI functions like a browser. It gets information from the SAP server like what, where, when and how, to display contents in its window.". Users can also set the kill-bit manually by following the procedure explained in SAP note 1092631. ====================================================================== Secunia Research 07/01/2009 - ComponentOne SizerOne ActiveX Control Buffer Overflow - ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Vendor's Description of Software.....................................3 Description of Vulnerability.........................................4 Solution.............................................................5 Time Table...........................................................6 Credits..............................................................7 References...........................................................8 About Secunia........................................................9 Verification........................................................10 ====================================================================== 1) Affected Software * ComponentOne SizerOne 8.0.20081.140 NOTE: Other versions may also be affected. ====================================================================== 2) Severity Rating: Highly critical Impact: System compromise Where: Remote ====================================================================== 3) Vendor's Description of Software "ComponentOne SizerOne 8.0 is a four-in-one tool that includes two resizing controls to easily handle both simple and complex sizing. The tabbing control enables you to quickly create notebook-style and Microsoft Outlook-style tabs. And with the parsing control, you can automatically slice and dice strings." Product Link: http://www.componentone.com/SuperProducts/SizerOne/ ====================================================================== 4) Description of Vulnerability Secunia Research has discovered a vulnerability in ComponentOne SizerOne, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a boundary error in the included Tab ActiveX control (c1sizer.ocx) when copying tab captions. This can be exploited to cause a heap-based buffer overflow by e.g. adding tabs with overly long captions via the "AddTab()" method. Successful exploitation may allow execution of arbitrary code. ====================================================================== 5) Solution Update to version 8.0.20081.142 of the ActiveX control. ====================================================================== 6) Time Table 13/11/2008 - Vendor notified. 19/11/2008 - Vendor response. 25/11/2008 - Vendor informs that vulnerability has been fixed and offers to provide test version. 26/11/2008 - Copy of fixed test version requested. 01/12/2008 - Test version provided by the vendor. 02/12/2008 - Vendor informed that patch fixes vulnerability nicely. 02/12/2008 - Vendor informs that fix will be available within a week. 05/01/2008 - Status update requested. 05/01/2008 - Vendor informs that fix has been made available. 07/01/2009 - Public disclosure. ====================================================================== 7) Credits Discovered by Carsten Eiram, Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2008-4827 for the vulnerability. ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2008-52/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ====================================================================== _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Other versions may also be affected. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2008-53/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200901-0450 CVE-2008-3819 Cisco Global Site Selector DNS Server Remote Denial Of Service Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
dnsserver in Cisco Application Control Engine Global Site Selector (GSS) before 3.0(1) allows remote attackers to cause a denial of service (daemon crash) via a series of crafted DNS requests, aka Bug ID CSCsj70093. The problem is BagID:CSCsj70093 It is a problem. A remote attacker may exploit this issue to crash the vulnerable DNS server, resulting in a denial-of-service condition. This issue is documented in Cisco Bug ID CSCsj70093. The following are vulnerable to this issue when running system software prior to version 3.0(1): Cisco GSS 4480 Global Site Selector Cisco GSS 4490 Global Site Selector Cisco GSS 4491 Global Site Selector Cisco GSS 4492R Global Site Selector. Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090107-gss.shtml Affected Products ================= All versions of GSS system software prior to 3.0(1) are affected by this vulnerability. If the GSS is configured with the optional Cisco Network Registrar (CNR) software, the device is not vulnerable. The version is indicated on the line starting with Version. Version 2.0(1) Uptime: 19 Hours 18 Minutes and 14 seconds gss.cisco.com# In order to determine if CNR is enabled on the GSS device, users should log in to the device and issue the show running-config | grep cnr command to display the system CNR configuration. If CNR is enabled, cnr enable will be displayed in the output. If CNR is disabled, no cnr enable will be displayed. Details ======= The Cisco GSS platform allows customers to leverage global content deployment across multiple distributed and mirrored data locations, optimizing site selection, improving Domain Name System (DNS) responsiveness, and ensuring data center availability. The GSS is inserted into the traditional DNS hierarchy and is closely integrated with the Cisco CSS, Cisco Content Switching Module (CSM), or third-party server load balancers (SLBs) to monitor the health and load of the SLBs in customers data centers. The GSS uses this information and user-specified routing algorithms to select the best-suited and least-loaded data center in real time. When the DNS server crashes, an error message will appear in the logs similar to the following example: Dec 18 04:47:21 gss NMR-6-LAUNCHSVR_EXIT[27261] dnsserver' has exited [ExitUnknown(139)]" This vulnerability is documented in Cisco Bug ID: CSCsj70093 This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-3819. Vulnerability Scoring Details ============================== Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCsj70093: GSS DNS service may crash when processing specific DNS requests. CVSS Base Score - 7.8 Access Vector : Network Access Complexity : Low Authentication : None Confidentiality Impact: None Integrity Impact : None Availability Impact : Complete CVSS Temporal Score - 6.4 Exploitability : Functional Remediation Level : Official-Fix Report Confidence : Confirmed Impact ====== Successful exploitation of the vulnerability may result in a crash of the GSS DNS service. Repeated exploitation may result in a sustained denial of service (DoS) attack. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. +---------------------------------------+ | GSS | First Fixed | Recommended | | Major | Release | Release | | Version | | | |---------+---------------+-------------| | | Vulnerable; | | | 1.x(y) | Migrate to | 3.0(2) | | | 3.0(1) or | | | | later | | |---------+---------------+-------------| | | Vulnerable; | | | 2.x(y) | Migrate to | 3.0(2) | | | 3.0(1) or | | | | later | | |---------+---------------+-------------| | 3.x(y) | Not | | | | Vulnerable | | +---------------------------------------+ GSS fixed system software is available for download from http://www.cisco.com/cgi-bin/tablebuild.pl/gss-3des?psrtdcat20e2 Workarounds =========== A workaround for this vulnerability includes setting the property "ServerConfig.dnsserver.returnError" to disabled (or zero). The following example shows how to set the property to disabled. It is enabled by default: GSS#config terminal GSS(config)#$sserver.returnError 0 GSS(config)#property set ServerConfig.dnsserver.returnError 0 GSS(config)#exit GSS#write memory Note: Negative responses (NXDOMAIN and NODATA) will not be sent out by the GSS with this setting disabled. Also, by using the DNS server statistics (show statistics dns global), it will not be possible to differentiate between the NXDOMAIN or NODATA mismatches because both of these will increment the DNSQueriesUnmatched counter. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is aware of active exploitations where malicious use of the vulnerability described in this advisory has occurred. This vulnerability was discovered by investigating customer TAC service requests. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20090107-gss.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-January-07 | public | | | | release | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAklk0GkACgkQ86n/Gc8U/uC6pgCcCgB77Z4FQULx2eaebHFGykP5 9f4AoIpdxXVA12D+KcCAxNZphQk/ICNc =YvIZ -----END PGP SIGNATURE-----
VAR-200901-0055 CVE-2008-5848 advantech adam-6066 Module Trust Management Vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and (1) monitor or (2) control the module's Modbus/TCP I/O activity. Adam-6050W is prone to a remote security vulnerability. advantech adam is an Advantech industrial ADAM module
VAR-200901-0299 CVE-2009-0066 TXT of Intel Vulnerabilities that prevent the integrity of loader integrity in system software CVSS V2: 7.6
CVSS V3: -
Severity: HIGH
Multiple unspecified vulnerabilities in Intel system software for Trusted Execution Technology (TXT) allow attackers to bypass intended loader integrity protections, as demonstrated by exploitation of tboot. NOTE: as of 20090107, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Details on these issues are scheduled to be released at the BlackHat Security Conference on February 16-17, 2009. We will update this BID as more information becomes available. Trusted Boot 20081008 is affected; additional applications using TXT may also be affected. Intel Trusted Execution Technology is a provided security technology that works with the motherboard chipset supporting Intel vPro commercial technology and Virtual Machine virtual machine software to help protect important system data and prevent it from being attacked
VAR-200901-0099 CVE-2008-5821 WebKit of WebKit.dll Memory leak vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document. Apple Safari is prone to a denial-of-service vulnerability that resides in the WebKit library. Remote attackers can exploit this issue to crash the affected browser, denial-of-service condition. Apple Safari 3.2 running on Microsoft Windows Vista is vulnerable; other versions running on different platforms may also be affected. Note (December 20, 2010): Safari on iOS 4.0.1 is also vulnerable. Safari is the web browser bundled by default in the Apple operating system
VAR-200901-0466 CVE-2004-2761 MD5 vulnerable to collision attacks

Related entries in the VARIoT exploits database: VAR-E-200412-0151		 CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate. Weaknesses in the MD5 algorithm allow for collisions in output. As a result, attackers can generate cryptographic tokens or other data that illegitimately appear to be authentic. Is a one-way hash function MD5 Outputs a value called a fixed-length message digest from the input value. A secure hash function must be extremely difficult to find an input value that corresponds to a particular message digest. That the same message digest is output from different inputs. " collision " Call it. 1996 From the year MD5 Attack methods that exploit the lack of collision resistance of algorithms have been reported. After that, this attack technique X.509 It can be used to forge certificates, 2008 A year CA Based on a certificate signed by CA It was reported that the certificate was successfully forged. MD5 Products that use the algorithm are affected.MD5 There are various effects depending on the usage pattern. As an example, forged SSL Trusting a malicious website using a certificate may cause information leakage. Attackers may take advantage of this issue to generate pairs of different, valid X.509 certificates that share a common signature. An attacker is most likely to exploit this issue to conduct phishing attacks or to impersonate legitimate sites by taking advantage of malicious certificates. Other attacks are likely possible. - HPE iMC PLAT - Please refer to the RESOLUTION below for a list of impacted products. All product versions are impacted prior to the fixed version listed. + **iMC PLAT - Version: IMC PLAT 7.2, E0403P10** - JD125A HP IMC Std S/W Platform w/100-node - JD126A HP IMC Ent S/W Platform w/100-node - JD808A HP IMC Ent Platform w/100-node License - JD814A HP A-IMC Enterprise Edition Software DVD Media - JD815A HP IMC Std Platform w/100-node License - JD816A HP A-IMC Standard Edition Software DVD Media - JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU - JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU - JF377A HP IMC Std S/W Platform w/100-node Lic - JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU - JF378A HP IMC Ent S/W Platform w/200-node Lic - JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU - JG546AAE HP IMC Basic SW Platform w/50-node E-LTU - JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU - JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU - JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU - JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU - JG550AAE HPE PCM+ Mobility Manager to IMC Basic WLAN Platform Upgrade 50-node and 150-AP E-LTU - JG590AAE HPE IMC Basic WLAN Manager Software Platform 50 Access Point E-LTU - JG660AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU - JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU - JG767AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU - JG768AAE HPE PCM+ to IMC Standard Software Platform Upgrade with 200-node E-LTU **Note:** Please contact HPE Technical Support if any assistance is needed acquiring the software updates. HISTORY Version:1 (rev.1) - 26 September 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05336888 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05336888 Version: 1 HPSBHF03673 rev.1 - HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Multiple Remote Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-11-18 Last Updated: 2016-11-18 Potential Security Impact: Remote: Multiple Vulnerabilities Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Security vulnerabilities in MD5 message digest algorithm and RC4 ciphersuite could potentially impact HPE Comware 5 and Comware 7 network products using SSL/TLS. These vulnerabilities could be exploited remotely to conduct spoofing attacks and plaintext recovery attacks resulting in disclosure of information. References: - CVE-2004-2761 - MD5 Hash Collision Vulnerability - CVE-2013-2566 - SSL/TLS RC4 algorithm vulnerability - CVE-2015-2808 - SSL/TLS RC4 stream vulnerability known as "Bar Mitzvah" SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - Comware 5 (CW5) Products All versions - Comware 7 (CW7) Products All versions BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2004-2761 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVE-2013-2566 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2015-2808 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has released the following mitigation information to resolve the vulnerabilities in HPE Comware 5 and Comware 7 network products. *Note:* Please contact HPE Technical Support for any assistance configuring the recommended settings. **Mitigation for the hash collision vulnerability in the MD5 Algorithm:** + For Comware V7, this issue only exists when the key-type is RSA and the public key length less than 1024 bits. Since the default length of the RSA key is 1024 bits, the length should only have to be set manually if necessary. Example command to set the RSA key length to 1024 bits: public-key rsa general name xxx length 1024 + For Comware V5, this issue only exists when the key-type is RSA. HPE recommends using DSA and ECDSA keys and not an RSA key. **Mitigation for the RC4 vulnerabilities:** HPE recommends disabling RC2 and RC4 ciphers. + For Comware V7, remove the RC2/RC4 ciphers: - exp_rsa_rc2_md5 - exp_rsa_rc4_md5 - rsa_rc4_128_md5 - rsa_rc4_128_sha Example using the *ssl server-policy anamea ciphersuite* command to omit the RC2/RC4 ciphers: ssl server-policy anamea ciphersuite { dhe_rsa_aes_128_cbc_sha | dhe_rsa_aes_256_cbc_sha | exp_rsa_des_cbc_sha | rsa_3des_ede_cbc_sha | rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha | rsa_des_cbc_sha } Example using the *ssl client-policy anamea prefer-cipher* command to omit the RC2/RC4 ciphers: ssl client-policy anamea prefer-cipher { dhe_rsa_aes_128_cbc_sha | dhe_rsa_aes_256_cbc_sha | exp_rsa_des_cbc_sha | rsa_3des_ede_cbc_sha | rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha | rsa_des_cbc_sha } + For Comware V5, remove the following RC4 ciphers: - rsa_rc4_128_md5 - rsa_rc4_128_sha Example using the *ssl server-policy anamea ciphersuite* command to omit the RC4 ciphers: ssl server-policy anamea ciphersuite { rsa_3des_ede_cbc_sha | rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha| rsa_des_cbc_sha } Example using the *ssl client-policy anamea prefer-cipher* command to omit the RC4 ciphers: ssl client-policy anamea prefer-cipher { rsa_3des_ede_cbc_sha | rsa_aes_128_cbc_sha |rsa_aes_256_cbc_sha | rsa_des_cbc_sha } **COMWARE 5 Products** + **HSR6602 (Comware 5) - Version: See Mitigation** * HP Network Products - JC176A HP 6602 Router Chassis - JG353A HP HSR6602-G Router - JG354A HP HSR6602-XG Router - JG355A HP 6600 MCP-X1 Router Main Processing Unit - JG356A HP 6600 MCP-X2 Router Main Processing Unit - JG776A HP HSR6602-G TAA-compliant Router - JG777A HP HSR6602-XG TAA-compliant Router - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit + **HSR6800 (Comware 5) - Version: See Mitigation** * HP Network Products - JG361A HP HSR6802 Router Chassis - JG361B HP HSR6802 Router Chassis - JG362A HP HSR6804 Router Chassis - JG362B HP HSR6804 Router Chassis - JG363A HP HSR6808 Router Chassis - JG363B HP HSR6808 Router Chassis - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit + **MSR20 (Comware 5) - Version: See Mitigation** * HP Network Products - JD432A HP A-MSR20-21 Router - JD662A HP MSR20-20 Router - JD663A HP A-MSR20-21 Router - JD663B HP MSR20-21 Router - JD664A HP MSR20-40 Router - JF228A HP MSR20-40 Router - JF283A HP MSR20-20 Router + **MSR20-1X (Comware 5) - Version: See Mitigation** * HP Network Products - JD431A HP MSR20-10 Router - JD667A HP MSR20-15 IW Multi-Service Router - JD668A HP MSR20-13 Multi-Service Router - JD669A HP MSR20-13 W Multi-Service Router - JD670A HP MSR20-15 A Multi-Service Router - JD671A HP MSR20-15 AW Multi-Service Router - JD672A HP MSR20-15 I Multi-Service Router - JD673A HP MSR20-11 Multi-Service Router - JD674A HP MSR20-12 Multi-Service Router - JD675A HP MSR20-12 W Multi-Service Router - JD676A HP MSR20-12 T1 Multi-Service Router - JF236A HP MSR20-15-I Router - JF237A HP MSR20-15-A Router - JF238A HP MSR20-15-I-W Router - JF239A HP MSR20-11 Router - JF240A HP MSR20-13 Router - JF241A HP MSR20-12 Router - JF806A HP MSR20-12-T Router - JF807A HP MSR20-12-W Router - JF808A HP MSR20-13-W Router - JF809A HP MSR20-15-A-W Router - JF817A HP MSR20-15 Router - JG209A HP MSR20-12-T-W Router (NA) - JG210A HP MSR20-13-W Router (NA) + **MSR 30 (Comware 5) - Version: See Mitigation** * HP Network Products - JD654A HP MSR30-60 POE Multi-Service Router - JD657A HP MSR30-40 Multi-Service Router - JD658A HP MSR30-60 Multi-Service Router - JD660A HP MSR30-20 POE Multi-Service Router - JD661A HP MSR30-40 POE Multi-Service Router - JD666A HP MSR30-20 Multi-Service Router - JF229A HP MSR30-40 Router - JF230A HP MSR30-60 Router - JF232A HP RTMSR3040-AC-OVSAS-H3 - JF235A HP MSR30-20 DC Router - JF284A HP MSR30-20 Router - JF287A HP MSR30-40 DC Router - JF801A HP MSR30-60 DC Router - JF802A HP MSR30-20 PoE Router - JF803A HP MSR30-40 PoE Router - JF804A HP MSR30-60 PoE Router - JG728A HP MSR30-20 TAA-compliant DC Router - JG729A HP MSR30-20 TAA-compliant Router + **MSR 30-16 (Comware 5) - Version: See Mitigation** * HP Network Products - JD659A HP MSR30-16 POE Multi-Service Router - JD665A HP MSR30-16 Multi-Service Router - JF233A HP MSR30-16 Router - JF234A HP MSR30-16 PoE Router + **MSR 30-1X (Comware 5) - Version: See Mitigation** * HP Network Products - JF800A HP MSR30-11 Router - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr - JG182A HP MSR30-11E Router - JG183A HP MSR30-11F Router - JG184A HP MSR30-10 DC Router + **MSR 50 (Comware 5) - Version: See Mitigation** * HP Network Products - JD433A HP MSR50-40 Router - JD653A HP MSR50 Processor Module - JD655A HP MSR50-40 Multi-Service Router - JD656A HP MSR50-60 Multi-Service Router - JF231A HP MSR50-60 Router - JF285A HP MSR50-40 DC Router - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply + **MSR 50-G2 (Comware 5) - Version: See Mitigation** * HP Network Products - JD429A HP MSR50 G2 Processor Module - JD429B HP MSR50 G2 Processor Module + **MSR 9XX (Comware 5) - Version: See Mitigation** * HP Network Products - JF812A HP MSR900 Router - JF813A HP MSR920 Router - JF814A HP MSR900-W Router - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr - JG207A HP MSR900-W Router (NA) - JG208A HP MSR920-W Router (NA) + **MSR 93X (Comware 5) - Version: See Mitigation** * HP Network Products - JG511A HP MSR930 Router - JG511B HP MSR930 Router - JG512A HP MSR930 Wireless Router - JG513A HP MSR930 3G Router - JG513B HP MSR930 3G Router - JG514A HP MSR931 Router - JG514B HP MSR931 Router - JG515A HP MSR931 3G Router - JG516A HP MSR933 Router - JG517A HP MSR933 3G Router - JG518A HP MSR935 Router - JG518B HP MSR935 Router - JG519A HP MSR935 Wireless Router - JG520A HP MSR935 3G Router - JG531A HP MSR931 Dual 3G Router - JG531B HP MSR931 Dual 3G Router - JG596A HP MSR930 4G LTE/3G CDMA Router - JG597A HP MSR936 Wireless Router - JG665A HP MSR930 4G LTE/3G WCDMA Global Router - JG704A HP MSR930 4G LTE/3G WCDMA ATT Router - JH009A HP MSR931 Serial (TI) Router - JH010A HP MSR933 G.SHDSL (TI) Router - JH011A HP MSR935 ADSL2+ (TI) Router - JH012A HP MSR930 Wireless 802.11n (NA) Router - JH012B HP MSR930 Wireless 802.11n (NA) Router - JH013A HP MSR935 Wireless 802.11n (NA) Router + **MSR1000 (Comware 5) - Version: See Mitigation** * HP Network Products - JG732A HP MSR1003-8 AC Router + **12500 (Comware 5) - Version: See Mitigation** * HP Network Products - JC072B HP 12500 Main Processing Unit - JC085A HP A12518 Switch Chassis - JC086A HP A12508 Switch Chassis - JC652A HP 12508 DC Switch Chassis - JC653A HP 12518 DC Switch Chassis - JC654A HP 12504 AC Switch Chassis - JC655A HP 12504 DC Switch Chassis - JC808A HP 12500 TAA Main Processing Unit - JF430A HP A12518 Switch Chassis - JF430B HP 12518 Switch Chassis - JF430C HP 12518 AC Switch Chassis - JF431A HP A12508 Switch Chassis - JF431B HP 12508 Switch Chassis - JF431C HP 12508 AC Switch Chassis + **9500E (Comware 5) - Version: See Mitigation** * HP Network Products - JC124A HP A9508 Switch Chassis - JC124B HP 9505 Switch Chassis - JC125A HP A9512 Switch Chassis - JC125B HP 9512 Switch Chassis - JC474A HP A9508-V Switch Chassis - JC474B HP 9508-V Switch Chassis + **10500 (Comware 5) - Version: See Mitigation** * HP Network Products - JC611A HP 10508-V Switch Chassis - JC612A HP 10508 Switch Chassis - JC613A HP 10504 Switch Chassis - JC614A HP 10500 Main Processing Unit - JC748A HP 10512 Switch Chassis - JG375A HP 10500 TAA-compliant Main Processing Unit - JG820A HP 10504 TAA-compliant Switch Chassis - JG821A HP 10508 TAA-compliant Switch Chassis - JG822A HP 10508-V TAA-compliant Switch Chassis - JG823A HP 10512 TAA-compliant Switch Chassis + **7500 (Comware 5) - Version: See Mitigation** * HP Network Products - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo - JC697A HP 7502 TAA-compliant Main Processing Unit - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports - JD194A HP 7500 384Gbps Fabric Module - JD194B HP 7500 384Gbps Fabric Module - JD195A HP 7500 384Gbps Advanced Fabric Module - JD196A HP 7502 Fabric Module - JD220A HP 7500 768Gbps Fabric Module - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports - JD238A HP 7510 Switch Chassis - JD238B HP 7510 Switch Chassis - JD239A HP 7506 Switch Chassis - JD239B HP 7506 Switch Chassis - JD240A HP 7503 Switch Chassis - JD240B HP 7503 Switch Chassis - JD241A HP 7506-V Switch Chassis - JD241B HP 7506-V Switch Chassis - JD242A HP 7502 Switch Chassis - JD242B HP 7502 Switch Chassis - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot - JE164A HP E7902 Switch Chassis - JE165A HP E7903 Switch Chassis - JE166A HP E7903 1 Fabric Slot Switch Chassis - JE167A HP E7906 Switch Chassis - JE168A HP E7906 Vertical Switch Chassis - JE169A HP E7910 Switch Chassis + **6125G/XG Blade Switch - Version: See Mitigation** * HP Network Products - 737220-B21 HP 6125G Blade Switch with TAA - 737226-B21 HP 6125G/XG Blade Switch with TAA - 658250-B21 HP 6125G/XG Blade Switch Opt Kit - 658247-B21 HP 6125G Blade Switch Opt Kit + **5830 (Comware 5) - Version: See Mitigation** * HP Network Products - JC691A HP 5830AF-48G Switch with 1 Interface Slot - JC694A HP 5830AF-96G Switch - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot - JG374A HP 5830AF-96G TAA-compliant Switch + **5800 (Comware 5) - Version: See Mitigation** * HP Network Products - JC099A HP 5800-24G-PoE Switch - JC099B HP 5800-24G-PoE+ Switch - JC100A HP 5800-24G Switch - JC100B HP 5800-24G Switch - JC101A HP 5800-48G Switch with 2 Slots - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots - JC103A HP 5800-24G-SFP Switch - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot - JC104A HP 5800-48G-PoE Switch - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot - JC105A HP 5800-48G Switch - JC105B HP 5800-48G Switch with 1 Interface Slot - JG254A HP 5800-24G-PoE+ TAA-compliant Switch - JG254B HP 5800-24G-PoE+ TAA-compliant Switch - JG255A HP 5800-24G TAA-compliant Switch - JG255B HP 5800-24G TAA-compliant Switch - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot - JG225A HP 5800AF-48G Switch - JG225B HP 5800AF-48G Switch - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot - JG219A HP 5820AF-24XG Switch - JG219B HP 5820AF-24XG Switch - JC102A HP 5820-24XG-SFP+ Switch - JC102B HP 5820-24XG-SFP+ Switch + **5500 HI (Comware 5) - Version: See Mitigation** * HP Network Products - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots + **5500 EI (Comware 5) - Version: See Mitigation** * HP Network Products - JD373A HP 5500-24G DC EI Switch - JD374A HP 5500-24G-SFP EI Switch - JD375A HP 5500-48G EI Switch - JD376A HP 5500-48G-PoE EI Switch - JD377A HP 5500-24G EI Switch - JD378A HP 5500-24G-PoE EI Switch - JD379A HP 5500-24G-SFP DC EI Switch - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots + **4800G (Comware 5) - Version: See Mitigation** * HP Network Products - JD007A HP 4800-24G Switch - JD008A HP 4800-24G-PoE Switch - JD009A HP 4800-24G-SFP Switch - JD010A HP 4800-48G Switch - JD011A HP 4800-48G-PoE Switch + **5500SI (Comware 5) - Version: See Mitigation** * HP Network Products - JD369A HP 5500-24G SI Switch - JD370A HP 5500-48G SI Switch - JD371A HP 5500-24G-PoE SI Switch - JD372A HP 5500-48G-PoE SI Switch - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots + **4500G (Comware 5) - Version: See Mitigation** * HP Network Products - JF428A HP 4510-48G Switch - JF847A HP 4510-24G Switch + **5120 EI (Comware 5) - Version: See Mitigation** * HP Network Products - JE066A HP 5120-24G EI Switch - JE067A HP 5120-48G EI Switch - JE068A HP 5120-24G EI Switch with 2 Interface Slots - JE069A HP 5120-48G EI Switch with 2 Interface Slots - JE070A HP 5120-24G-PoE EI 2-slot Switch - JE071A HP 5120-48G-PoE EI 2-slot Switch - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots + **4210G (Comware 5) - Version: See Mitigation** * HP Network Products - JF844A HP 4210-24G Switch - JF845A HP 4210-48G Switch - JF846A HP 4210-24G-PoE Switch + **5120 SI (Comware 5) - Version: See Mitigation** * HP Network Products - JE072A HP 5120-48G SI Switch - JE072B HPE 5120 48G SI Switch - JE073A HP 5120-16G SI Switch - JE073B HPE 5120 16G SI Switch - JE074A HP 5120-24G SI Switch - JE074B HPE 5120 24G SI Switch - JG091A HP 5120-24G-PoE+ (370W) SI Switch - JG091B HPE 5120 24G PoE+ (370W) SI Switch - JG092A HP 5120-24G-PoE+ (170W) SI Switch - JG309B HPE 5120 8G PoE+ (180W) SI Switch - JG310B HPE 5120 8G PoE+ (65W) SI Switch + **3610 (Comware 5) - Version: See Mitigation** * HP Network Products - JD335A HP 3610-48 Switch - JD336A HP 3610-24-4G-SFP Switch - JD337A HP 3610-24-2G-2G-SFP Switch - JD338A HP 3610-24-SFP Switch + **3600V2 (Comware 5) - Version: See Mitigation** * HP Network Products - JG299A HP 3600-24 v2 EI Switch - JG299B HP 3600-24 v2 EI Switch - JG300A HP 3600-48 v2 EI Switch - JG300B HP 3600-48 v2 EI Switch - JG301A HP 3600-24-PoE+ v2 EI Switch - JG301B HP 3600-24-PoE+ v2 EI Switch - JG301C HP 3600-24-PoE+ v2 EI Switch - JG302A HP 3600-48-PoE+ v2 EI Switch - JG302B HP 3600-48-PoE+ v2 EI Switch - JG302C HP 3600-48-PoE+ v2 EI Switch - JG303A HP 3600-24-SFP v2 EI Switch - JG303B HP 3600-24-SFP v2 EI Switch - JG304A HP 3600-24 v2 SI Switch - JG304B HP 3600-24 v2 SI Switch - JG305A HP 3600-48 v2 SI Switch - JG305B HP 3600-48 v2 SI Switch - JG306A HP 3600-24-PoE+ v2 SI Switch - JG306B HP 3600-24-PoE+ v2 SI Switch - JG306C HP 3600-24-PoE+ v2 SI Switch - JG307A HP 3600-48-PoE+ v2 SI Switch - JG307B HP 3600-48-PoE+ v2 SI Switch - JG307C HP 3600-48-PoE+ v2 SI Switch + **3100V2-48 (Comware 5) - Version: See Mitigation** * HP Network Products - JG315A HP 3100-48 v2 Switch - JG315B HP 3100-48 v2 Switch + **HP870 (Comware 5) - Version: See Mitigation** * HP Network Products - JG723A HP 870 Unified Wired-WLAN Appliance - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance + **HP850 (Comware 5) - Version: See Mitigation** * HP Network Products - JG722A HP 850 Unified Wired-WLAN Appliance - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance + **HP830 (Comware 5) - Version: See Mitigation** * HP Network Products - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant + **HP6000 (Comware 5) - Version: See Mitigation** * HP Network Products - JG639A HP 10500/7500 20G Unified Wired-WLAN Module - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module + **WX5004-EI (Comware 5) - Version: See Mitigation** * HP Network Products - JD447B HP WX5002 Access Controller - JD448A HP WX5004 Access Controller - JD448B HP WX5004 Access Controller - JD469A HP WX5004 Access Controller + **SecBlade FW (Comware 5) - Version: See Mitigation** * HP Network Products - JC635A HP 12500 VPN Firewall Module - JD245A HP 9500 VPN Firewall Module - JD249A HP 10500/7500 Advanced VPN Firewall Module - JD250A HP 6600 Firewall Processing Router Module - JD251A HP 8800 Firewall Processing Module - JD255A HP 5820 VPN Firewall Module + **F1000-E (Comware 5) - Version: See Mitigation** * HP Network Products - JD272A HP F1000-E VPN Firewall Appliance + **F1000-A-EI (Comware 5) - Version: See Mitigation** * HP Network Products - JG214A HP F1000-A-EI VPN Firewall Appliance + **F1000-S-EI (Comware 5) - Version: See Mitigation** * HP Network Products - JG213A HP F1000-S-EI VPN Firewall Appliance + **F5000-A (Comware 5) - Version: See Mitigation** * HP Network Products - JD259A HP A5000-A5 VPN Firewall Chassis - JG215A HP F5000 Firewall Main Processing Unit - JG216A HP F5000 Firewall Standalone Chassis + **U200S and CS (Comware 5) - Version: See Mitigation** * HP Network Products - JD273A HP U200-S UTM Appliance + **U200A and M (Comware 5) - Version: See Mitigation** * HP Network Products - JD275A HP U200-A UTM Appliance + **F5000-C/S (Comware 5) - Version: See Mitigation** * HP Network Products - JG650A HP F5000-C VPN Firewall Appliance - JG370A HP F5000-S VPN Firewall Appliance + **SecBlade III (Comware 5) - Version: See Mitigation** * HP Network Products - JG371A HP 12500 20Gbps VPN Firewall Module - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JC177A HP 6608 Router - JC177B HP 6608 Router Chassis - JC178A HP 6604 Router Chassis - JC178B HP 6604 Router Chassis - JC496A HP 6616 Router Chassis - JC566A HP 6600 RSE-X1 Router Main Processing Unit - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JC165A HP 6600 RPE-X1 Router Module - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit + **6602 RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JC176A HP 6602 Router Chassis + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JC177A HP 6608 Router - JC177B HP 6608 Router Chassis - JC178A HP 6604 Router Chassis - JC178B HP 6604 Router Chassis - JC496A HP 6616 Router Chassis - JG353A HP HSR6602-G Router - JG354A HP HSR6602-XG Router - JG355A HP 6600 MCP-X1 Router Main Processing Unit - JG356A HP 6600 MCP-X2 Router Main Processing Unit - JG776A HP HSR6602-G TAA-compliant Router - JG777A HP HSR6602-XG TAA-compliant Router - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JG361A HP HSR6802 Router Chassis - JG361B HP HSR6802 Router Chassis - JG362A HP HSR6804 Router Chassis - JG362B HP HSR6804 Router Chassis - JG363A HP HSR6808 Router Chassis - JG363B HP HSR6808 Router Chassis - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit + **SMB1910 (Comware 5) - Version: See Mitigation** * HP Network Products - JG540A HP 1910-48 Switch - JG539A HP 1910-24-PoE+ Switch - JG538A HP 1910-24 Switch - JG537A HP 1910-8 -PoE+ Switch - JG536A HP 1910-8 Switch + **SMB1920 (Comware 5) - Version: See Mitigation** * HP Network Products - JG928A HP 1920-48G-PoE+ (370W) Switch - JG927A HP 1920-48G Switch - JG926A HP 1920-24G-PoE+ (370W) Switch - JG925A HP 1920-24G-PoE+ (180W) Switch - JG924A HP 1920-24G Switch - JG923A HP 1920-16G Switch - JG922A HP 1920-8G-PoE+ (180W) Switch - JG921A HP 1920-8G-PoE+ (65W) Switch - JG920A HP 1920-8G Switch + **V1910 (Comware 5) - Version: See Mitigation** * HP Network Products - JE005A HP 1910-16G Switch - JE006A HP 1910-24G Switch - JE007A HP 1910-24G-PoE (365W) Switch - JE008A HP 1910-24G-PoE(170W) Switch - JE009A HP 1910-48G Switch - JG348A HP 1910-8G Switch - JG349A HP 1910-8G-PoE+ (65W) Switch - JG350A HP 1910-8G-PoE+ (180W) Switch + **SMB 1620 (Comware 5) - Version: See Mitigation** * HP Network Products - JG914A HP 1620-48G Switch - JG913A HP 1620-24G Switch - JG912A HP 1620-8G Switch **COMWARE 7 Products** + **12500 (Comware 7) - Version: See Mitigation** * HP Network Products - JC072B HP 12500 Main Processing Unit - JC085A HP A12518 Switch Chassis - JC086A HP A12508 Switch Chassis - JC652A HP 12508 DC Switch Chassis - JC653A HP 12518 DC Switch Chassis - JC654A HP 12504 AC Switch Chassis - JC655A HP 12504 DC Switch Chassis - JF430A HP A12518 Switch Chassis - JF430B HP 12518 Switch Chassis - JF430C HP 12518 AC Switch Chassis - JF431A HP A12508 Switch Chassis - JF431B HP 12508 Switch Chassis - JF431C HP 12508 AC Switch Chassis - JG497A HP 12500 MPU w/Comware V7 OS - JG782A HP FF 12508E AC Switch Chassis - JG783A HP FF 12508E DC Switch Chassis - JG784A HP FF 12518E AC Switch Chassis - JG785A HP FF 12518E DC Switch Chassis - JG802A HP FF 12500E MPU + **10500 (Comware 7) - Version: See Mitigation** * HP Network Products - JC611A HP 10508-V Switch Chassis - JC612A HP 10508 Switch Chassis - JC613A HP 10504 Switch Chassis - JC748A HP 10512 Switch Chassis - JG608A HP FlexFabric 11908-V Switch Chassis - JG609A HP FlexFabric 11900 Main Processing Unit - JG820A HP 10504 TAA Switch Chassis - JG821A HP 10508 TAA Switch Chassis - JG822A HP 10508-V TAA Switch Chassis - JG823A HP 10512 TAA Switch Chassis - JG496A HP 10500 Type A MPU w/Comware v7 OS - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit + **12900 (Comware 7) - Version: See Mitigation** * HP Network Products - JG619A HP FlexFabric 12910 Switch AC Chassis - JG621A HP FlexFabric 12910 Main Processing Unit - JG632A HP FlexFabric 12916 Switch AC Chassis - JG634A HP FlexFabric 12916 Main Processing Unit - JH104A HP FlexFabric 12900E Main Processing Unit - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit - JH263A HP FlexFabric 12904E Main Processing Unit - JH255A HP FlexFabric 12908E Switch Chassis - JH262A HP FlexFabric 12904E Switch Chassis - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis - JH103A HP FlexFabric 12916E Switch Chassis + **5900 (Comware 7) - Version: See Mitigation** * HP Network Products - JC772A HP 5900AF-48XG-4QSFP+ Switch - JG296A HP 5920AF-24XG Switch - JG336A HP 5900AF-48XGT-4QSFP+ Switch - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch - JG555A HP 5920AF-24XG TAA Switch - JG838A HP FF 5900CP-48XG-4QSFP+ Switch - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant + **MSR1000 (Comware 7) - Version: See Mitigation** * HP Network Products - JG875A HP MSR1002-4 AC Router - JH060A HP MSR1003-8S AC Router + **MSR2000 (Comware 7) - Version: See Mitigation** * HP Network Products - JG411A HP MSR2003 AC Router - JG734A HP MSR2004-24 AC Router - JG735A HP MSR2004-48 Router - JG866A HP MSR2003 TAA-compliant AC Router + **MSR3000 (Comware 7) - Version: See Mitigation** * HP Network Products - JG404A HP MSR3064 Router - JG405A HP MSR3044 Router - JG406A HP MSR3024 AC Router - JG407A HP MSR3024 DC Router - JG408A HP MSR3024 PoE Router - JG409A HP MSR3012 AC Router - JG410A HP MSR3012 DC Router - JG861A HP MSR3024 TAA-compliant AC Router + **MSR4000 (Comware 7) - Version: See Mitigation** * HP Network Products - JG402A HP MSR4080 Router Chassis - JG403A HP MSR4060 Router Chassis - JG412A HP MSR4000 MPU-100 Main Processing Unit - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit + **VSR (Comware 7) - Version: See Mitigation** * HP Network Products - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software - JG811AAE HP VSR1001 Comware 7 Virtual Services Router - JG812AAE HP VSR1004 Comware 7 Virtual Services Router - JG813AAE HP VSR1008 Comware 7 Virtual Services Router + **7900 (Comware 7) - Version: See Mitigation** * HP Network Products - JG682A HP FlexFabric 7904 Switch Chassis - JG841A HP FlexFabric 7910 Switch Chassis - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit + **5130 (Comware 7) - Version: See Mitigation** * HP Network Products - JG932A HP 5130-24G-4SFP+ EI Switch - JG933A HP 5130-24G-SFP-4SFP+ EI Switch - JG934A HP 5130-48G-4SFP+ EI Switch - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch - JG938A HP 5130-24G-2SFP+-2XGT EI Switch - JG939A HP 5130-48G-2SFP+-2XGT EI Switch - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch - JG975A HP 5130-24G-4SFP+ EI Brazil Switch - JG976A HP 5130-48G-4SFP+ EI Brazil Switch - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch + **6125XLG - Version: See Mitigation** * HP Network Products - 711307-B21 HP 6125XLG Blade Switch - 737230-B21 HP 6125XLG Blade Switch with TAA + **6127XLG - Version: See Mitigation** * HP Network Products - 787635 HP 6127XLG Blade Switch Opt Kit + **Moonshot - Version: See Mitigation** * HP Network Products - 786617-B21 - HP Moonshot-45Gc Switch Module - 704654-B21 - HP Moonshot-45XGc Switch Module - 786619-B21 - HP Moonshot-180XGc Switch Module + **5700 (Comware 7) - Version: See Mitigation** * HP Network Products - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch + **5930 (Comware 7) - Version: See Mitigation** * HP Network Products - JG726A HP FlexFabric 5930 32QSFP+ Switch - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch - JH179A HP FlexFabric 5930 4-slot Switch - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch + **HSR6600 (Comware 7) - Version: See Mitigation** * HP Network Products - JG353A HP HSR6602-G Router - JG354A HP HSR6602-XG Router - JG776A HP HSR6602-G TAA-compliant Router - JG777A HP HSR6602-XG TAA-compliant Router + **HSR6800 (Comware 7) - Version: See Mitigation** * HP Network Products - JG361A HP HSR6802 Router Chassis - JG361B HP HSR6802 Router Chassis - JG362A HP HSR6804 Router Chassis - JG362B HP HSR6804 Router Chassis - JG363A HP HSR6808 Router Chassis - JG363B HP HSR6808 Router Chassis - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit + **1950 (Comware 7) - Version: See Mitigation** * HP Network Products - JG960A HP 1950-24G-4XG Switch - JG961A HP 1950-48G-2SFP+-2XGT Switch - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch + **7500 (Comware 7) - Version: See Mitigation** * HP Network Products - JD238C HP 7510 Switch Chassis - JD239C HP 7506 Switch Chassis - JD240C HP 7503 Switch Chassis - JD242C HP 7502 Switch Chassis - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit - JH208A HP 7502 Main Processing Unit - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit + **5950 (Comware 7) - Version: See Mitigation** * HP Network Products - JH321A HPE FlexFabric 5950 32QSFP28 Switch + **5940 (Comware 7) - Version: See Mitigation** * HP Network Products - JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch - JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch - JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch - JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch - JH396A HPE FlexFabric 5940 32QSFP+ Switch - JH397A HPE FlexFabric 5940 2-slot Switch - JH398A HPE FlexFabric 5940 4-slot Switch HISTORY Version:1 (rev.1) - 18 November 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJYLytTAAoJELXhAxt7SZaiMjYIAI4xgRNJCPqOZ40XLUNhxYrc HyqTd62PbcGOPTFya1qOo16V94eJ5id5oRHOtcrFjJKtDedDS6OoAe5HWYXvLEI3 0fEzCNjk9aHTcvuf2t17MGhS0Fk2JrZ0191RFONKuEkqgMmK0d44SGMrVXSA28Dj phW1dzm1HiJO0NPUOa+cYMhNt0+I7b+ulD6FdldNdqx4fNtlXiHvcRbF4Wffe2hD N2hlvx1Wu1iu2g75XPNPOPYhDRkyAm79P2HZGCUohQlhWsRgcJRnubojJBr7CMf9 2Ud7MwYL4jTKK/mFdim4ej/hwPn3SCb5ekhTUBFDlu2J2DjUYi2xDQgyQkhuUIg= =NGQO -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-740-1 March 17, 2009 nss, firefox vulnerability CVE-2004-2761 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libnss3 1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2 Ubuntu 7.10: libnss3-0d 3.11.5-3ubuntu0.7.10.2 Ubuntu 8.04 LTS: libnss3-0d 3.12.0.3-0ubuntu0.8.04.5 libnss3-1d 3.12.0.3-0ubuntu0.8.04.5 Ubuntu 8.10: libnss3-1d 3.12.0.3-0ubuntu5.8.10.1 After a standard system upgrade you need to restart your session to effect the necessary changes. This update blacklists the proof of concept rogue certificate authority as discussed in http://www.win.tue.nl/hashclash/rogue-ca/. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2.diff.gz Size/MD5: 188837 84bf6c0e34576e50daab0284028533bb http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2.dsc Size/MD5: 2389 abbe8becc260777f55315eb565f8d732 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k.orig.tar.gz Size/MD5: 48504132 171958941a2ca0562039add097278245 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_all.deb Size/MD5: 53898 025eab1318c7a90e48fb0a927bbbd433 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_all.deb Size/MD5: 53014 87135a54ac04ea95a0a3c7dccb8a4d4e amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 47681092 19a313089bf1da267950c8f5b8d2d2df http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 2859292 f6a4b48f0e0e3250d83f0bf4183836f7 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 86270 0bd3983f76c7474d37018f26eee721f4 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 9494334 91c75d6baf740531224bed258c6622b9 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 222572 2779237df4dc1c30d8d2c01623eef1e3 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 166118 862f4a02164840c1d94228a396c2688c http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 248116 183208d5e43c3ddc117d6cbefc54a472 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 826574 2ff813a52cac4b3392f056b145129821 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 218858 2fcc1d909f4fdafaced1b1f737f83bf1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 44228668 5a244b5b731d0d703cb573e2db10b74b http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 2859256 274033babbff1131a391ca71c19a6e6b http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 78600 3e86ec8d1b73b8f7b822f12aaa56451a http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 7997718 56cb9f85d34aa86721dcc36414b8f0e9 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 222564 14edfb722d08b49930b901114b841c81 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 150606 fa56606c4d002559ee41e965299b523a http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 248106 58139d67e47359f9cb056ad29292d06d http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 717824 ce294179ee0e0fcdea589e751548f04e http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 212058 b3874b6f769aeafedce238b9a15e7b09 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 49085684 a4ea3920e8120e9dc7138cf8e8595aa4 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 2859352 dac458ed9e848ba8c64d0e18071149f8 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 81686 228d420fc876cb95b6edad70d58c2c48 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 9113232 7ba2b92dad312ca9d2186dac6380d638 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 222564 9e89e2cc261f1c1b43e0b765e140d3d5 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 163310 3ddb28abafbffe0943e25f48267df5f1 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 248128 94da18de9bba74798a5ae257e85d882b http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 817522 eb53d37dea9fce55780abda44b94ca89 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 215556 779f90ccb4534487d2274536ac9279dd sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 45629214 b30a5365e327c4366ae3ea2b393e1d78 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 2859296 c7f225dc39717d6156b9163c7a8ddda0 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 80180 51ca826844fa46702feb9bbeb5c6e999 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 8499070 ee1fd111aa113ac50e5ea42dc85e1e77 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 222590 6a5621015d57ffbd93f92a8552d98e54 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 153210 b7c4a9074a678fcaf70a4db7bcb8fd5d http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 248150 1273ab06f98bf861e4e66985add8685a http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 728698 cd5ba0f693710a604274d327d4724c88 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 213030 fe7a017cd7f4a8a9064372e51f903263 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5-3ubuntu0.7.10.2.diff.gz Size/MD5: 23735 2c3b55fe3f316790d2174a56709723ad http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5-3ubuntu0.7.10.2.dsc Size/MD5: 1925 9d9a2fa42ff8dcb452761d66e3238ef6 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5.orig.tar.gz Size/MD5: 3696893 1add44e6a41dbf5091cfd000f19ad6b9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_amd64.deb Size/MD5: 3143890 dad0155f293aff8a59d42086cef022c3 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_amd64.deb Size/MD5: 799588 70d491944efd2ce20cb839da11030b0e http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_amd64.deb Size/MD5: 241342 567c357ea31e0e1729db4738822aa7b0 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_amd64.deb Size/MD5: 656372 a6868f642b5c295236c7df01dbc3f2d9 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_i386.deb Size/MD5: 2995870 d4ea291de433c1768148f35a4f40e596 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_i386.deb Size/MD5: 723166 81b970c37e37b2bfe13bf8edf8b8c2df http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_i386.deb Size/MD5: 238436 a901d3b0431faa6bfd4d8b732fc6b8ed http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_i386.deb Size/MD5: 605568 f7a02ba6c2e65c2e3644f81e2e5add33 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_lpia.deb Size/MD5: 3213428 32f032e4c5ebc8383d334e2de5b1e0b5 http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_lpia.deb Size/MD5: 709556 606d9ee62127ecad6620ce6ee2a351c1 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_lpia.deb Size/MD5: 237148 526eb9b27871cee224d480ce8483d015 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_lpia.deb Size/MD5: 596394 35c4ef7f97a6934947760236b119d1f1 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_powerpc.deb Size/MD5: 3168400 13560d02da9c481147177504476a3f21 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_powerpc.deb Size/MD5: 807892 5a0232d184bb4d87811974d61a902e17 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_powerpc.deb Size/MD5: 240514 9cfb4b3bace2f033b7c55ba571d0c4a1 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_powerpc.deb Size/MD5: 645362 ccd118c24941759b0c2e758ae60b4ba5 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_sparc.deb Size/MD5: 2834042 f884524281d9521e07b60c8bf9aa8074 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_sparc.deb Size/MD5: 718096 906896f0101a88bd6cb78ffdb103fe0e http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_sparc.deb Size/MD5: 235222 f679c8d076c15860a41c1e16b1d69ded http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_sparc.deb Size/MD5: 576390 75811d5dc9ddd1eca108bc50ffe3e911 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu0.8.04.5.diff.gz Size/MD5: 38918 6fda80e067b0f84e323b3556b5f9dd18 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu0.8.04.5.dsc Size/MD5: 2001 e9365c71192c0e568d5dd9891708e436 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3.orig.tar.gz Size/MD5: 5161407 9e96418400e073f982e83c235718c4e9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_amd64.deb Size/MD5: 17910 7933180f37ce55969719730463fef4cb http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_amd64.deb Size/MD5: 4511304 1a241985ee6673075b8610bbb2be2902 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_amd64.deb Size/MD5: 1135226 fcc9b7555aac5a0ef0260aa639b7421a http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_amd64.deb Size/MD5: 256738 992898a7cce94822e29a3e0d5d318e46 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_amd64.deb Size/MD5: 813730 542b82a7837b4a43191fd5862a97699e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_i386.deb Size/MD5: 17894 3ea3554784b1242ce89f96bb631d0c4d http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_i386.deb Size/MD5: 4294520 d7eb7d334bd821d887e24d76d8e2804f http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_i386.deb Size/MD5: 1017710 7afd17b32bc5ce80babf2405488997e8 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_i386.deb Size/MD5: 253724 f7f8ad3723f384a657907016b8476c35 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_i386.deb Size/MD5: 741278 ed53c68732f059a90a35310b68c4be88 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_lpia.deb Size/MD5: 17874 5e1a506010c923ba8a41129fef693344 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_lpia.deb Size/MD5: 4322188 cd5765f42aaffa32e20b0ac0510d9b6c http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_lpia.deb Size/MD5: 993934 313d088bd4a0a44fe05b762e33ef927d http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_lpia.deb Size/MD5: 252500 dcaf82868eaa0e3162a6a49fb6f512be http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_lpia.deb Size/MD5: 719648 8e422c9ee3dd5a062f547d36d6e2725c powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb Size/MD5: 20352 144b270c8fc23407e1da27112151c952 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb Size/MD5: 4440132 f89a7f34a199abd8e0d840bb011ca5bf http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb Size/MD5: 1115852 d88c0295406e468f7ac1c087edb661dd http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb Size/MD5: 255446 4eef63577fbaa5b611b0d9064c47ac6c http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb Size/MD5: 777064 83ad19b301d2c1eceef6682cbad5a00d sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_sparc.deb Size/MD5: 17976 c763ceebcc3bf6371477809a8589cebf http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_sparc.deb Size/MD5: 4038136 bbb4ff75f73844f33727fada2ca730b4 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_sparc.deb Size/MD5: 995598 2785d368bbb6665eee586ac3fc3e453e http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_sparc.deb Size/MD5: 250450 a972e1131466d149480a574a57537c37 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_sparc.deb Size/MD5: 702432 d16a1353ba80d7104820f97c4f712334 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu5.8.10.1.diff.gz Size/MD5: 38881 8be9f8eb187a657a743e115f58dbb58b http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu5.8.10.1.dsc Size/MD5: 2001 88381f73650cd5c2c369f387638ec40d http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3.orig.tar.gz Size/MD5: 5161407 9e96418400e073f982e83c235718c4e9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_amd64.deb Size/MD5: 4696732 5e2844909ee8896f71548c37f7ab711f http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_amd64.deb Size/MD5: 1182642 6f73554c7970e2c0e3da7dcddf8d4d7f http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_amd64.deb Size/MD5: 256520 808f5ff374081b1fd7f981699e267828 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_amd64.deb Size/MD5: 17962 63411a0d50d9fa340f688c7a5cec33ae http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_amd64.deb Size/MD5: 824382 367bbe2bf29f17c4fa5b085142e0bc8f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_i386.deb Size/MD5: 4450042 bb8560c5208a6f4d2a121a93d7ff7bac http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_i386.deb Size/MD5: 1054914 1f7cbdc5e0776b8c2fc92241776bd96e http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_i386.deb Size/MD5: 253554 c1cc8fff73ef7b34dadc6fea411bc7db http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_i386.deb Size/MD5: 17940 b3577f334ed9f5a95c6fdbdd4de83ef4 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_i386.deb Size/MD5: 752462 703f7bd356efc312f216e361209ef3a7 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_lpia.deb Size/MD5: 4482980 c27f13a5f5aba10c93b2dda917c1ba31 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_lpia.deb Size/MD5: 1029092 3b2805f79d61b595907187846da18a54 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_lpia.deb Size/MD5: 252140 06b18884a6e275a5fc9a73abd1464875 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_lpia.deb Size/MD5: 17914 28d1eeaac6ba2f9c17da9a9a6ea35fdd http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_lpia.deb Size/MD5: 730786 e1497e0cbdf8d7c3ac4c6e80e86837bf powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb Size/MD5: 4659468 ceb162226c93c950c71d2f0236b9d53e http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb Size/MD5: 1137358 f61287d145339ece156686d86a971480 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb Size/MD5: 255312 d7787174c0d6b25467b0f1262306be06 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb Size/MD5: 20352 082622bc3e21161a1085695bd4f8f961 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb Size/MD5: 775316 78ca70e113bd97d42f62e19e0ac8fdb1 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_sparc.deb Size/MD5: 4168250 b9f3c0b8eab76476c9bb057b43d9df40 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_sparc.deb Size/MD5: 1015340 5dd83c288df733b6a84247b48d945647 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_sparc.deb Size/MD5: 250138 f6a1dd454cc44a4684ab288e9eadde56 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_sparc.deb Size/MD5: 18068 27f0453909db6eda6d8ffd3ef35454c9 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_sparc.deb Size/MD5: 703524 e87fca0b128626aebf5bce77473ee8e0
VAR-200812-0531 No CVE COMTREND CT-536 Router Multiple Denial of Service and Information Disclosure Vulnerabilities CVSS V2: 4.9
CVSS V3: -
Severity: MEDIUM
The Comtrend CT-536 is a small ADSL wireless broadband router. CT-536's micro_httpd service program does not properly validate user requests. Non-privileged users can access restricted resources by submitting malicious requests. During the authentication process, the credentials are sent in clear text, and any user can easily read the authentication credentials. CT-536 does not properly filter certain field autos and data, and remote attackers can exploit cross-site scripting and buffer overflow attacks to cause the httpd configuration server to denial of service. COMTREND CT-536 and HG-536 are prone to multiple remote vulnerabilities: - Multiple unauthorized-access vulnerabilities - An information-disclosure vulnerability - Multiple cross-site scripting vulnerabilities - A denial-of-service vulnerability - Multiple buffer-overflow vulnerabilities Attackers can exploit these issues to compromise the affected device, obtain sensitive information, execute arbitrary script code, steal cookie-based authentication credentials, and cause a denial-of-service condition. Other attacks are also possible. The following firmware versions are vulnerable; additional versions may also be affected: CT-536 A101-302JAZ-C01_R05 HG-536+ A101-302JAZ-C01_R05 and A101-302JAZ-C03_R14.A2pB021g.d15h
VAR-200812-0328 CVE-2008-1094 Barracuda Spam Firewall of Account View In the page index.cgi In SQL Injection vulnerability CVSS V2: 6.5
CVSS V3: -
Severity: MEDIUM
SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter. Multiple Barracuda products are prone to multiple input-validation vulnerabilities, including multiple cross-site scripting vulnerabilities, an HTML-injection vulnerability, and an SQL-injection vulnerability. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Versions prior to the following are affected: Barracuda Message Archiver to 1.2.1.002. Barracuda Spam Firewall 3.5.12.007 and prior Barracuda Web Filter 3.3.0.052 and prior Barracuda IM Firewall 3.1.01.017 and prior Barracuda Load Balancer 2.3.024 and prior. Barracuda Spam Firewall is an integrated hardware and software spam solution for protecting mail servers. ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Barracuda Products Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA33164 VERIFY ADVISORY: http://secunia.com/advisories/33164/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: Barracuda Spam Firewall http://secunia.com/advisories/product/4639/ Barracuda IM Firewall http://secunia.com/advisories/product/20790/ Barracuda Load Balancer http://secunia.com/advisories/product/20791/ Barracuda Message Archiver http://secunia.com/advisories/product/20788/ Barracuda Web Filter http://secunia.com/advisories/product/20789/ DESCRIPTION: Dr. Input passed to various parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Update to the latest version. Marian Ventuneac, Data Communications Security Laboratory, University of Limerick ORIGINAL ADVISORY: Barracuda Networks: http://www.barracudanetworks.com/ns/support/tech_alert.php Dr. Marian Ventuneac: http://dcsl.ul.ie/advisories/02.htm http://dcsl.ul.ie/advisories/03.htm ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200812-0243 CVE-2008-0971 plural Barracuda Product index.cgi Vulnerable to cross-site scripting CVSS V2: 3.5
CVSS V3: -
Severity: LOW
Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow remote attackers to inject arbitrary web script or HTML via (1) the Policy Name field in Search Based Retention Policy in Message Archiver; unspecified parameters in the (2) IP Configuration, (3) Administration, (4) Journal Accounts, (5) Retention Policy, and (6) GroupWise Sync components in Message Archiver; (7) input to search operations in Web Filter; and (8) input used in error messages and (9) hidden INPUT elements in (a) Spam Firewall, (b) IM Firewall, and (c) Web Filter. plural Barracuda Product index.cgi Contains a cross-site scripting vulnerability.By any third party through the following process Web Script or HTML May be inserted. Multiple Barracuda products are prone to multiple input-validation vulnerabilities, including multiple cross-site scripting vulnerabilities, an HTML-injection vulnerability, and an SQL-injection vulnerability. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Versions prior to the following are affected: Barracuda Message Archiver to 1.2.1.002. Barracuda Spam Firewall 3.5.12.007 and prior Barracuda Web Filter 3.3.0.052 and prior Barracuda IM Firewall 3.1.01.017 and prior Barracuda Load Balancer 2.3.024 and prior. Barracuda Spam Firewall is an integrated hardware and software spam solution for protecting mail servers. ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Barracuda Products Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA33164 VERIFY ADVISORY: http://secunia.com/advisories/33164/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: Barracuda Spam Firewall http://secunia.com/advisories/product/4639/ Barracuda IM Firewall http://secunia.com/advisories/product/20790/ Barracuda Load Balancer http://secunia.com/advisories/product/20791/ Barracuda Message Archiver http://secunia.com/advisories/product/20788/ Barracuda Web Filter http://secunia.com/advisories/product/20789/ DESCRIPTION: Dr. Input passed to various parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Update to the latest version. Marian Ventuneac, Data Communications Security Laboratory, University of Limerick ORIGINAL ADVISORY: Barracuda Networks: http://www.barracudanetworks.com/ns/support/tech_alert.php Dr. Marian Ventuneac: http://dcsl.ul.ie/advisories/02.htm http://dcsl.ul.ie/advisories/03.htm ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200901-0071 CVE-2008-5882 Citrix Application Gateway Broadcast Server (BCS) of login.asp In SQL Injection vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Other versions may also be affected. PROVIDED AND/OR DISCOVERED BY: The vendor credits the Vulnerability Research Team of Digital Defense, Inc. ORIGINAL ADVISORY: Citrix: http://support.citrix.com/article/CTX119315 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200812-0096 CVE-2008-5662 Sun Java Wireless Toolkit (WTK) Vulnerable to buffer overflow CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC 2.5.2 and earlier allow downloaded programs to execute arbitrary code via unknown vectors. Sun Java Wireless Toolkit for CDLC is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the toolkit. Failed attacks will likely cause denial-of-service conditions. Sun Java Wireless Toolkit 2.5.2 and prior versions are vulnerable. ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Sun Java Wireless Toolkit for CLDC Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA33159 VERIFY ADVISORY: http://secunia.com/advisories/33159/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: Sun Java Wireless Toolkit for CLDC 2.x http://secunia.com/advisories/product/20784/ DESCRIPTION: Some vulnerabilities have been reported in Sun Java Wireless Toolkit for CLDC, which can be exploited by malicious people to bypass certain security restrictions. http://java.sun.com/products/sjwtoolkit/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-66-247566-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200812-0363 CVE-2008-4219 Apple Mac OS X of Kernel Service disruption in (DoS) Vulnerabilities CVSS V2: 4.9
CVSS V3: -
Severity: MEDIUM
The kernel in Apple Mac OS X before 10.5.6 allows local users to cause a denial of service (infinite loop and system halt) by running an application that is dynamically linked to libraries on an NFS server, related to occurrence of an exception in this application. Attackers can leverage this issue to cause denial-of-service conditions. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-008. The security update addresses a total of 10 new vulnerabilities that affect the Apple Type Services, BOM, kernel, Libsystem, Managed Client, natd, and Podcast Producer components of Mac OS X. The advisory also contains security updates for 10 previously reported issues. This BID is being retired. The following individual records have been created to better document the issues: 32870 Apple Podcast Producer Authentication-Bypass Vulnerability 32872 Apple Mac OS X UDF ISO File Handling Denial of Service Vulnerability 32873 Apple Mac OS X NFS Mounted Executable Exception Remote Denial of Service Vulnerability 32874 Apple Mac OS X 'natd' Remote Denial of Service Vulnerability 32875 Apple Mac OS X Type Services PDF File Remote Denial of Service Vulnerability 32876 Apple Mac OS X BOM CPIO Header Stack Buffer Overflow Vulnerability 32877 Apple Mac OS X 'inet_net_pton' API Integer Overflow Vulnerability 32879 Apple Mac OS X 'i386_set_ldt' and '1386_get_ldt' Multiple Integer Overflow Vulnerabilities 32880 Apple Mac OS X Managed Client Screen Saver Lock Bypass Vulnerability 32881 Apple Mac OS X 'strptime' API Memory Corruption Vulnerability. 1) An infinite loop when processing certain embedded fonts in PDF files within the Apple Type Services server can be exploited to cause a DoS (Denial of Service) by e.g. tricking a user into opening a malicious PDF file. 2) A signedness error when handling certain CPIO archive headers exists within BOM. This can be exploited to execute arbitrary code by e.g. downloading or viewing a specially crafted CPIO archive. 3) An error within the processing of color spaces within CoreGraphics can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into viewing a specially crafted image. Successful exploitation may allow the execution of arbitrary code. 4) Some security issues and vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, conduct cross-site scripting attacks, or disclose sensitive information. For more information: SA32270 5) Multiple integer overflows exist within the "i386_set_ldt()" and "i386_get_ldt()" system calls, which can be exploited by malicious, local users to execute arbitrary code with system privileges. Note: This does not affect PowerPC systems. 7) An integer overflow error exists in the "inet_net_pton()" API of Libsystem. This can potentially be exploited to e.g. compromise an application using the vulnerable function. 8) An unspecified error when processing certain input within the "strptime()" API of Libsystem can be exploited to cause a memory corruption and potentially execute arbitrary code by e.g. passing a specially crafted date string to an application using the vulnerable function. 9) The "Managed Client" functionality does not always apply the managed screen saver settings correctly, potentially resulting in e.g. the screen saver lock not working as intended. 10) An infinite loop when processing certain TCP packets exists in natd, which can be exploited to cause a DoS by sending specially crafted TCP packets to a vulnerable system. Successful exploitation requires that Internet Sharing is enabled. 11) An unspecified error within the Podcast Producer server can be exploited to bypass the authentication mechanism and access administrative functions. 12) An unspecified error within the handling of malformed UDF volumes can be exploited to cause a system shutdown by e.g. opening a specially crafted ISO file. Additionally, this update enhances the CoreTypes "Download Validation" capability to detect and warn about more potentially dangerous file types. http://www.apple.com/support/downloads/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Michael Samarin and Mikko Vihonen, Futurice Ltd 2, 3, 8) Reported by the vendor. 5) The vendor credits Richard Vaneeden, IOActive, Inc 6) The vendor credits Ben Loer, Princeton University 9) The vendor credits John Barnes of ESRI and Trevor Lalish-Menagh of Tamman Technologies, Inc 10) The vendor credits Alex Rosenberg of Ohmantics and Gary Teter of Paizo Publishing 12) The vendor credits Mauro Notarianni of PCAX Solutions ORIGINAL ADVISORY: http://support.apple.com/kb/HT3338 OTHER REFERENCES: SA32270: http://secunia.com/advisories/32270/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . I. II. Impact The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA08-350A Feedback VU#901332" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History December 15, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSUbT5nIHljM+H4irAQLfMggAvH7VNoR3th5dBLhuq/f43ka1G5cecyAK g4gucF6+frxTfsVz2FGbawFdD/sAxAb/CnASFIkbuHItPwI526uy8MjXOmi/kYm2 ESZgD8U0OBtb2mqQRfhURz9sF97yVFhvHAZS3VOOCH85d1R6dr4ncxIWMGn2cgon Cjlll1WTx2BuMZO/AFn2UM7OooV9VVXtMht9D48X7i9bCWoU2W0mFSCHr+bJPE3d fI8v9+kyCQnjB3R9J+eGxmFClXl9PeMxOvsjPh/bQ8PpmAYMCH1Qp7vaSjjqSlVE ljRuyK8e6TIirse/RoK0YOwqBWudpgyJZvsV89ft9v55+a0l+2UlJw== =yvkk -----END PGP SIGNATURE-----
VAR-200812-0364 CVE-2008-4220 Apple Mac OS X inet_net_pton API Integer overflow vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by SecurityReason on 20080822; however, as of 20081216, there are insufficient details to be sure. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-008. The security update addresses a total of 10 new vulnerabilities that affect the Apple Type Services, BOM, kernel, Libsystem, Managed Client, natd, and Podcast Producer components of Mac OS X. The advisory also contains security updates for 10 previously reported issues. This BID is being retired. 1) An infinite loop when processing certain embedded fonts in PDF files within the Apple Type Services server can be exploited to cause a DoS (Denial of Service) by e.g. tricking a user into opening a malicious PDF file. 2) A signedness error when handling certain CPIO archive headers exists within BOM. This can be exploited to execute arbitrary code by e.g. downloading or viewing a specially crafted CPIO archive. 3) An error within the processing of color spaces within CoreGraphics can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into viewing a specially crafted image. Successful exploitation may allow the execution of arbitrary code. 4) Some security issues and vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, conduct cross-site scripting attacks, or disclose sensitive information. For more information: SA32270 5) Multiple integer overflows exist within the "i386_set_ldt()" and "i386_get_ldt()" system calls, which can be exploited by malicious, local users to execute arbitrary code with system privileges. Note: This does not affect PowerPC systems. 6) An infinite loop when handling exceptions in an application linked to libraries on an NFS share can be exploited to cause a system shutdown. 7) An integer overflow error exists in the "inet_net_pton()" API of Libsystem. This can potentially be exploited to e.g. compromise an application using the vulnerable function. passing a specially crafted date string to an application using the vulnerable function. 9) The "Managed Client" functionality does not always apply the managed screen saver settings correctly, potentially resulting in e.g. the screen saver lock not working as intended. 10) An infinite loop when processing certain TCP packets exists in natd, which can be exploited to cause a DoS by sending specially crafted TCP packets to a vulnerable system. Successful exploitation requires that Internet Sharing is enabled. 11) An unspecified error within the Podcast Producer server can be exploited to bypass the authentication mechanism and access administrative functions. 12) An unspecified error within the handling of malformed UDF volumes can be exploited to cause a system shutdown by e.g. opening a specially crafted ISO file. Additionally, this update enhances the CoreTypes "Download Validation" capability to detect and warn about more potentially dangerous file types. http://www.apple.com/support/downloads/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Michael Samarin and Mikko Vihonen, Futurice Ltd 2, 3, 8) Reported by the vendor. 5) The vendor credits Richard Vaneeden, IOActive, Inc 6) The vendor credits Ben Loer, Princeton University 9) The vendor credits John Barnes of ESRI and Trevor Lalish-Menagh of Tamman Technologies, Inc 10) The vendor credits Alex Rosenberg of Ohmantics and Gary Teter of Paizo Publishing 12) The vendor credits Mauro Notarianni of PCAX Solutions ORIGINAL ADVISORY: http://support.apple.com/kb/HT3338 OTHER REFERENCES: SA32270: http://secunia.com/advisories/32270/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . I. II. Impact The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA08-350A Feedback VU#901332" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History December 15, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSUbT5nIHljM+H4irAQLfMggAvH7VNoR3th5dBLhuq/f43ka1G5cecyAK g4gucF6+frxTfsVz2FGbawFdD/sAxAb/CnASFIkbuHItPwI526uy8MjXOmi/kYm2 ESZgD8U0OBtb2mqQRfhURz9sF97yVFhvHAZS3VOOCH85d1R6dr4ncxIWMGn2cgon Cjlll1WTx2BuMZO/AFn2UM7OooV9VVXtMht9D48X7i9bCWoU2W0mFSCHr+bJPE3d fI8v9+kyCQnjB3R9J+eGxmFClXl9PeMxOvsjPh/bQ8PpmAYMCH1Qp7vaSjjqSlVE ljRuyK8e6TIirse/RoK0YOwqBWudpgyJZvsV89ft9v55+a0l+2UlJw== =yvkk -----END PGP SIGNATURE-----