English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

===========================================================
Ubuntu Security Notice USN-757-1             April 15, 2009
ghostscript, gs-esp, gs-gpl vulnerabilities
CVE-2007-6725, CVE-2008-6679, CVE-2009-0196, CVE-2009-0583,
CVE-2009-0584, CVE-2009-0792
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  gs-esp                          8.15.2.dfsg.0ubuntu1-0ubuntu1.2
  gs-gpl                          8.15-4ubuntu3.3

Ubuntu 8.04 LTS:
  libgs8                          8.61.dfsg.1-1ubuntu3.2

Ubuntu 8.10:
  libgs8                          8.63.dfsg.1-0ubuntu6.4

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that Ghostscript contained a buffer underflow in its
CCITTFax decoding filter. If a user or automated system were tricked into
opening a crafted PDF file, an attacker could cause a denial of service or
execute arbitrary code with privileges of the user invoking the program.
(CVE-2007-6725)

It was discovered that Ghostscript contained a buffer overflow in the
BaseFont writer module. If a user or automated system were tricked into
opening a crafted Postscript file, an attacker could cause a denial of
service or execute arbitrary code with privileges of the user invoking the
program. (CVE-2008-6679)

It was discovered that Ghostscript contained additional integer overflows
in its ICC color management library. If a user or automated system were
tricked into opening a crafted Postscript or PDF file, an attacker could
cause a denial of service or execute arbitrary code with privileges of the
user invoking the program. (CVE-2009-0792)

Alin Rad Pop discovered that Ghostscript contained a buffer overflow in the
jbig2dec library. If a user or automated system were tricked into opening a
crafted PDF file, an attacker could cause a denial of service or execute
arbitrary code with privileges of the user invoking the program.
(CVE-2009-0196)

USN-743-1 provided updated ghostscript and gs-gpl packages to fix two
security vulnerabilities. This update corrects the same vulnerabilities in
the gs-esp package.

Original advisory details:
 It was discovered that Ghostscript contained multiple integer overflows in
 its ICC color management library. If a user or automated system were
 tricked into opening a crafted Postscript file, an attacker could cause a
 denial of service or execute arbitrary code with privileges of the user
 invoking the program. (CVE-2009-0583)

 It was discovered that Ghostscript did not properly perform bounds
 checking in its ICC color management library. If a user or automated
 system were tricked into opening a crafted Postscript file, an attacker
 could cause a denial of service or execute arbitrary code with privileges
 of the user invoking the program. (CVE-2009-0584)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gs-esp/gs-esp_8.15.2.dfsg.0ubuntu1-0ubuntu1.2.diff.gz
      Size/MD5:    88475 888a5e36bcd499e1c0a6104c2f2c32b2
    http://security.ubuntu.com/ubuntu/pool/main/g/gs-esp/gs-esp_8.15.2.dfsg.0ubuntu1-0ubuntu1.2.dsc
      Size/MD5:      904 0b4f1a1e2255ffcfa870adee0c933eba
    http://security.ubuntu.com/ubuntu/pool/main/g/gs-esp/gs-esp_8.15.2.dfsg.0ubuntu1.orig.tar.gz
      Size/MD5:  7318074 cf386d9cdbf447f292128aa3bf17a94c
    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.15-4ubuntu3.3.diff.gz
      Size/MD5:    45642 04b7f413b90ef9a01ee7b78bb06f4b0c
    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.15-4ubuntu3.3.dsc
      Size/MD5:      864 5c03cef56ec50634d6bde7ac4e8d154b
    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.15.orig.tar.gz
      Size/MD5:  6382514 f2e0e6355d4b64e6f636b62a2220ad47

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs_8.15-4ubuntu3.3_all.deb
      Size/MD5:    14958 786b4e5e659958f80fb2f6ebba60131c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gs-esp/gs-esp_8.15.2.dfsg.0ubuntu1-0ubuntu1.2_amd64.deb
      Size/MD5:  3086720 e56a942a70491403b044492228b9e60c
    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.15-4ubuntu3.3_amd64.deb
      Size/MD5:  2768130 8974dd28ce222b8f9b9170121f7f4565

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gs-esp/gs-esp_8.15.2.dfsg.0ubuntu1-0ubuntu1.2_i386.deb
      Size/MD5:  2879706 364962f1d6445fecbc777ff3eba3e71f
    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.15-4ubuntu3.3_i386.deb
      Size/MD5:  2590888 d454d8ebe63b6ac2f8ea5148ab7d79be

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/g/gs-esp/gs-esp_8.15.2.dfsg.0ubuntu1-0ubuntu1.2_powerpc.deb
      Size/MD5:  3069114 75807469a620426a9fae5a0d9ed5effc
    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.15-4ubuntu3.3_powerpc.deb
      Size/MD5:  2751418 195cc55e06eb108d38e7183d4ef93f2a

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/g/gs-esp/gs-esp_8.15.2.dfsg.0ubuntu1-0ubuntu1.2_sparc.deb
      Size/MD5:  2912480 f902f75395b7bf7e1bdb0a8f0e31072d
    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.15-4ubuntu3.3_sparc.deb
      Size/MD5:  2616726 f8204c3caad01b832d309cb307e87c99

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1ubuntu3.2.diff.gz
      Size/MD5:   110434 dcdeaf75d04bfeb1c7e2beefea977753
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1ubuntu3.2.dsc
      Size/MD5:     1206 3f0396e784c1fa07b6e3e3728072faf8
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1.orig.tar.gz
      Size/MD5: 12199544 4669884352d6967153a13a1d413f26b2

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-doc_8.61.dfsg.1-1ubuntu3.2_all.deb
      Size/MD5:  2725280 2d9fb6d5078f95de159f6e4ac25b5889
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs-gpl_8.61.dfsg.1-1ubuntu3.2_all.deb
      Size/MD5:    27934 42619ea5765adf1bce524f7a7de5060c
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs_8.61.dfsg.1-1ubuntu3.2_all.deb
      Size/MD5:    27930 3f720ae67557ae5956a5a19f512bd10c
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-esp-dev_8.61.dfsg.1-1ubuntu3.2_all.deb
      Size/MD5:    27942 a3ee0e4007848f6778e3e0cc433baab8
    http://security.ubuntu.com/ubuntu/pool/multiverse/g/ghostscript/gs-aladdin_8.61.dfsg.1-1ubuntu3.2_all.deb
      Size/MD5:    27936 3e45a07defaab03b9af973f565973deb
    http://security.ubuntu.com/ubuntu/pool/universe/g/ghostscript/gs-common_8.61.dfsg.1-1ubuntu3.2_all.deb
      Size/MD5:    27934 1e1fafc614dc563ef5db46744ebb2d65
    http://security.ubuntu.com/ubuntu/pool/universe/g/ghostscript/gs-esp-x_8.61.dfsg.1-1ubuntu3.2_all.deb
      Size/MD5:    27928 56e3d854d67b738c9ee1d3eac68ec62a
    http://security.ubuntu.com/ubuntu/pool/universe/g/ghostscript/gs-esp_8.61.dfsg.1-1ubuntu3.2_all.deb
      Size/MD5:    27920 334312a6225c76d69fe5e259500ac36e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1-1ubuntu3.2_amd64.deb
      Size/MD5:    61914 e1a0b0675481193dc941db3a15af365f
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1ubuntu3.2_amd64.deb
      Size/MD5:   739836 28ef7752ce30d66573e95be97a91f557
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1-1ubuntu3.2_amd64.deb
      Size/MD5:    15092 718ea138e8711314fde1a1ab5bd326d7
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.61.dfsg.1-1ubuntu3.2_amd64.deb
      Size/MD5:  2302114 4b12f56ad2e3665b7c7ff705e1a37988

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1-1ubuntu3.2_i386.deb
      Size/MD5:    60248 6eb4e669b1aaa8fc33c1aec44f9aef70
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1ubuntu3.2_i386.deb
      Size/MD5:   739930 235fdf708d0addb8c641234dcc46c8dc
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1-1ubuntu3.2_i386.deb
      Size/MD5:    15094 3594e6e2fee08c35c2732908a72f8531
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.61.dfsg.1-1ubuntu3.2_i386.deb
      Size/MD5:  2216730 5fcbbbab7bd0be7706498d2a4e64a261

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1-1ubuntu3.2_lpia.deb
      Size/MD5:    59840 7664a2ac830360aa3a26191265e7b49b
    http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1ubuntu3.2_lpia.deb
      Size/MD5:   739536 08441356acaed8c8a17622dc9fdda7e1
    http://ports.ubuntu.com/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1-1ubuntu3.2_lpia.deb
      Size/MD5:    15096 4d93a542ae9b1b595723e95e483b2277
    http://ports.ubuntu.com/pool/main/g/ghostscript/libgs8_8.61.dfsg.1-1ubuntu3.2_lpia.deb
      Size/MD5:  2209744 efa4db8adfd22b58f36c930792b0ebe6

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1-1ubuntu3.2_powerpc.deb
      Size/MD5:    64960 e44bdeb6d982fe85df33919221742bf8
    http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1ubuntu3.2_powerpc.deb
      Size/MD5:   742288 cd314807d66f2eef4a8ec9e8b622e7c4
    http://ports.ubuntu.com/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1-1ubuntu3.2_powerpc.deb
      Size/MD5:    15102 fb1604ae54eda89546cfd0931e7a340e
    http://ports.ubuntu.com/pool/main/g/ghostscript/libgs8_8.61.dfsg.1-1ubuntu3.2_powerpc.deb
      Size/MD5:  2395884 3d454d68d26ab7dd25f79d0cff8f79fc

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1-1ubuntu3.2_sparc.deb
      Size/MD5:    59152 3db40124236ca66dbe6771ed97944a89
    http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1ubuntu3.2_sparc.deb
      Size/MD5:   739734 12aab96c1c44665fd35cf6871dbca3e8
    http://ports.ubuntu.com/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1-1ubuntu3.2_sparc.deb
      Size/MD5:    15092 e709b95bfe603f5e5ce512ec1ef0ea87
    http://ports.ubuntu.com/pool/main/g/ghostscript/libgs8_8.61.dfsg.1-1ubuntu3.2_sparc.deb
      Size/MD5:  2184148 ae618f8fd60ff53259d9009fd4525286

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1-0ubuntu6.4.diff.gz
      Size/MD5:   117152 e861a0b6261b876ea8638fdb774f550a
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1-0ubuntu6.4.dsc
      Size/MD5:     1648 3af1ae64f055cceffdd2489e9a69b6f5
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1.orig.tar.gz
      Size/MD5: 13446723 0f019ca7041f892255600abf58aa1eec

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-doc_8.63.dfsg.1-0ubuntu6.4_all.deb
      Size/MD5:  2843940 9bbfc9b09deebac55a53c463729771c1
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs-common_8.63.dfsg.1-0ubuntu6.4_all.deb
      Size/MD5:    30562 3d72c15e83c920ce72bfbbd47436e704
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs-gpl_8.63.dfsg.1-0ubuntu6.4_all.deb
      Size/MD5:    30562 2fdec106a3170a9899faea032d3527bb
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs_8.63.dfsg.1-0ubuntu6.4_all.deb
      Size/MD5:    30556 bfd7af84ef3aca682a17a8db6446b7dd
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-esp-dev_8.63.dfsg.1-0ubuntu6.4_all.deb
      Size/MD5:    30100 cb2a62d828fe463c5ddc92fff6184c17
    http://security.ubuntu.com/ubuntu/pool/multiverse/g/ghostscript/gs-aladdin_8.63.dfsg.1-0ubuntu6.4_all.deb
      Size/MD5:    30560 1ef502dc69f6a2cfda973ea7b0f9091f
    http://security.ubuntu.com/ubuntu/pool/universe/g/ghostscript/gs-esp-x_8.63.dfsg.1-0ubuntu6.4_all.deb
      Size/MD5:    30088 0645862bdecf9bdcb651cd672d441e89
    http://security.ubuntu.com/ubuntu/pool/universe/g/ghostscript/gs-esp_8.63.dfsg.1-0ubuntu6.4_all.deb
      Size/MD5:    30548 48cf5e56c4c06d460aaf6b1a4243a3a0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.63.dfsg.1-0ubuntu6.4_amd64.deb
      Size/MD5:    64372 63421de9c9f3bb16f639b11213ed4ad7
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1-0ubuntu6.4_amd64.deb
      Size/MD5:   795550 3d2c08a01de9b91667fcd06c253960e0
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.63.dfsg.1-0ubuntu6.4_amd64.deb
      Size/MD5:    15094 cae2da14946aad2e3d158e1db7aca624
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.63.dfsg.1-0ubuntu6.4_amd64.deb
      Size/MD5:  2386192 5e3ebd7b79309db1c7359558a97aeb18

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.63.dfsg.1-0ubuntu6.4_i386.deb
      Size/MD5:    63022 82a47c879af21d1e3d2ff7ffef449553
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1-0ubuntu6.4_i386.deb
      Size/MD5:   795030 30c0c3fd8d606c73d365adf901653dfe
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.63.dfsg.1-0ubuntu6.4_i386.deb
      Size/MD5:    15090 bef1ea9161f55bf760b166b428663354
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.63.dfsg.1-0ubuntu6.4_i386.deb
      Size/MD5:  2291468 fdb4d25935f5271a415c041e7503464b

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript-x_8.63.dfsg.1-0ubuntu6.4_lpia.deb
      Size/MD5:    62470 ac2789a870bfce68e9ac683d80c2257d
    http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1-0ubuntu6.4_lpia.deb
      Size/MD5:   795022 f4dab53c3f01fdca8d0c399940e170af
    http://ports.ubuntu.com/pool/main/g/ghostscript/libgs-dev_8.63.dfsg.1-0ubuntu6.4_lpia.deb
      Size/MD5:    15088 55b3c9182a964f7c58a8380bfec0eba2
    http://ports.ubuntu.com/pool/main/g/ghostscript/libgs8_8.63.dfsg.1-0ubuntu6.4_lpia.deb
      Size/MD5:  2273562 b87ce70cd757823653b3404ed1fa8560

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript-x_8.63.dfsg.1-0ubuntu6.4_powerpc.deb
      Size/MD5:    67086 84567c0401077e0f742c9ba2e611e4fe
    http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1-0ubuntu6.4_powerpc.deb
      Size/MD5:   798252 d4f700d96229bfbd2688d2e0fa1eeb30
    http://ports.ubuntu.com/pool/main/g/ghostscript/libgs-dev_8.63.dfsg.1-0ubuntu6.4_powerpc.deb
      Size/MD5:    15100 0be215b3317c43abd5d5e137f929fe3a
    http://ports.ubuntu.com/pool/main/g/ghostscript/libgs8_8.63.dfsg.1-0ubuntu6.4_powerpc.deb
      Size/MD5:  2472500 2392467d6f113f08fa23dc6d2a6595a7

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript-x_8.63.dfsg.1-0ubuntu6.4_sparc.deb
      Size/MD5:    61480 ba8052bd2ebc5542f4d442f4681a8652
    http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1-0ubuntu6.4_sparc.deb
      Size/MD5:   795456 8ee9db74e81cc58fbcddfdc7628c2935
    http://ports.ubuntu.com/pool/main/g/ghostscript/libgs-dev_8.63.dfsg.1-0ubuntu6.4_sparc.deb
      Size/MD5:    15100 09be0f187e6edda02ce73e0dafa715e9
    http://ports.ubuntu.com/pool/main/g/ghostscript/libgs8_8.63.dfsg.1-0ubuntu6.4_sparc.deb
      Size/MD5:  2232010 b3e6a3507a906cad5ad6d24fb77e57df



--=-kwYKGfs/PBLep11q50ct
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAknl8ZEACgkQLMAs/0C4zNozEwCeOYIab5aqbpDMDo1YJdy4iNAH
BZgAnjQmdmpNk3VCpNAHo7FXDzjth5Yr
=AxN2
-----END PGP SIGNATURE-----

--=-kwYKGfs/PBLep11q50ct--

From - Wed Apr 15 12:14:46 2009
X-Account-Key: account7
X-UIDL: 4909bb8c000071cc
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-40035-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 18C13EC11F
for <lists@securityspace.com>; Wed, 15 Apr 2009 12:10:45 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 5CE17143A2E; Wed, 15 Apr 2009 08:57:14 -0600 (MDT)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 12116 invoked from network); 15 Apr 2009 09:50:46 -0000
Date: Wed, 15 Apr 2009 11:54:11 +0200
Message-Id: <200904150954.n3F9sBJl013250@ca.secunia.com>
To: bugtraq@securityfocus.com
Subject: Secunia Research: Oracle BEA WebLogic Server Plug-ins Integer Overflow
From: Secunia Research <remove-vuln@secunia.com>
Status:   

=====================================================================
                     Secunia Research 15/04/2009

      - Oracle BEA WebLogic Server Plug-ins Integer Overflow -

=====================================================================Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

=====================================================================1) Affected Software 

* Oracle BEA WebLogic Server Plug-ins version 1.0.1166189.

NOTE: Other versions may also be affected.

=====================================================================2) Severity 

Rating: Highly critical
Impact: System access
Where:  From Remote

=====================================================================3) Vendor's Description of Software 

"... the world's best application server for building and deploying
enterprise applications and services ...".

Product Link:
http://www.oracle.com/technology/products/weblogic/index.html

=====================================================================4) Description of Vulnerability

Secunia Research has discovered a vulnerability in the Oracle BEA
WebLogic Server plug-ins for web servers, which can be exploited by
malicious people to compromise a vulnerable system.

The Oracle BEA WebLogic Server can be configured to receive requests
via an Apache, Sun, or IIS web server. In this case, a plug-in is
installed in the Internet-facing web server that passes the request to
a WebLogic server. An integer overflow when parsing HTTP requests can 
be exploited to cause a heap-based buffer overflow.

Successful exploitation may allow execution of arbitrary code.

=====================================================================5) Solution 

Apply patches released by the vendor.

=====================================================================6) Time Table 

01/03/2009 - Vendor notified.
06/03/2009 - Vendor response requesting more information.
06/03/2009 - Sent PoC to vendor.
10/03/2009 - Vendor confirms vulnerability.
12/03/2009 - Vendor requests more information.
15/03/2009 - Supplemental information sent to vendor.
17/03/2009 - Vendor confirms and provides preliminary patch. 
15/04/2009 - Public disclosure.

=====================================================================7) Credits 

Discovered by Dyon Balding, Secunia Research.

=====================================================================8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned 
CVE-2009-0189 for the vulnerability.

=====================================================================9) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://secunia.com/advisories/business_solutions/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private 
individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the 
security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/corporate/jobs/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/advisories/mailing_lists/

=====================================================================10) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2009-22/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

=====================================================================
From - Wed Apr 15 12:24:47 2009
X-Account-Key: account7
X-UIDL: 4909bb8c000071cf
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-40033-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id AB6C1EC11F
for <lists@securityspace.com>; Wed, 15 Apr 2009 12:23:03 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 837E0143C3F; Wed, 15 Apr 2009 08:56:02 -0600 (MDT)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 9962 invoked from network); 15 Apr 2009 07:33:49 -0000
Date: Wed, 15 Apr 2009 09:37:15 +0200
Message-Id: <200904150737.n3F7bFNN031777@ca.secunia.com>
To: bugtraq@securityfocus.com
Subject: Secunia Research: DivX Web Player Stream Format Chunk Buffer Overflow
From: Secunia Research <remove-vuln@secunia.com>
Status:   

=====================================================================
                     Secunia Research 15/04/2009

       - DivX Web Player Stream Format Chunk Buffer Overflow -

=====================================================================Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

=====================================================================1) Affected Software 

* DivX Web Player version 1.4.2.7

NOTE: Other versions may also be affected.

=====================================================================2) Severity 

Rating: Highly critical 
Impact: System access
Where:  Remote

=====================================================================3) Vendor's Description of Software 

"DivX Web Player lets you play up to HD-quality DivX� video in your 
web browser. You can also use DivX Web Player to easily embed DivX 
videos onto your website or blog."

Product Link:
http://www.divx.com/en/web-player-windows

=====================================================================4) Description of Vulnerability

Secunia Research has discovered a vulnerability in DivX Web Player, 
which can be exploited by malicious people to compromise a user's 
system.

The vulnerability is caused due to a signedness error in the 
processing of "STRF" (Stream Format) chunks. This can be exploited to
cause a heap-based buffer overflow via a specially crafted DivX file.

Successful exploitation may allow execution of arbitrary code by 
tricking a user into visiting a malicious website.

=====================================================================5) Solution 

Update to version 1.4.3.4, included in an updated DivX bundle.

=====================================================================6) Time Table 

17/12/2008 - Vendor notified.
18/12/2008 - Vendor response.
11/03/2009 - DivX Web Player 1.4.3 released in a bundle update.
15/04/2009 - Public disclosure.

=====================================================================7) Credits 

Discovered by Alin Rad Pop, Secunia Research.

=====================================================================8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2008-5259 for the vulnerability.

=====================================================================9) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://secunia.com/advisories/business_solutions/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private 
individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the 
security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/corporate/jobs/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/advisories/mailing_lists/

=====================================================================10) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2008-57/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

=====================================================================
From - Wed Apr 15 12:54:46 2009
X-Account-Key: account7
X-UIDL: 4909bb8c000071d5
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-40037-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 53782EC11F
for <lists@securityspace.com>; Wed, 15 Apr 2009 12:49:01 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id D9373143B78; Wed, 15 Apr 2009 08:58:26 -0600 (MDT)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 15661 invoked from network); 15 Apr 2009 13:56:17 -0000
Subject: SEC Consult SA-20090415-0 :: Multiple Vulnerabilities in Novell
 Teaming
From: Bernhard Mueller <research@sec-consult.com>
To: Full Disclosure <full-disclosure@lists.grok.org.uk>,
Bugtraq <bugtraq@securityfocus.com>
Content-Type: text/plain
Date: Wed, 15 Apr 2009 14:02:23 +0000
Message-ID: <1239804143.6664.35.camel@b4byl0n>
MIME-Version: 1.0
X-Mailer: Evolution 2.24.3 
Content-Transfer-Encoding: 7bit
Status:   

SEC Consult Security Advisory < 20090415-0 >
=========================================================================              title: Novell Teaming Multiple Vulnerabilities
                     * Username Enumeration
                     * Multiple Cross Site Scripting
                     * Includes vulnerable Liferay portal
            program: Novell Teaming
 vulnerable version: 1.0.3
           homepage: http://www.novell.com/products/teaming/
              found: February 2009
                 by: Michael Kirchner, SEC Consult Vulnerability Lab
               link:
https://www.sec-consult.com/files/20090415-0-novell-teaming.txt
=========================================================================
Vendor description:
-------------------

Web conferencing software from Novell. Teaming and conferencing offers a
number of solutions to improve productivity for enterprises, with web
conferencing just one of those solutions.

[source: http://www.novell.com/products/teaming/]


Vulnerability overview:
-----------------------

Multiple vulnerabilities have been identified in Novell Teaming. These
include enumeration of usernames, information disclosure, and cross site
scripting flaws. An attacker could leverage these vulnerabilities to
collect information about the system and its users and conduct effective
(XSS supported) hybrid phishing attacks.


Vulnerability description:
-------------------------

1. Username enumeration:

User authentication takes place via a login form at:

https://teaming.example.com/c/portal/login

The web application reacts differently for valid and invalid usernames
("Please enter a valid login" / "Auhtentication failed"). This allows an
attacker to deduce wether a spedific username exists. The attacker could
use this flaw to generate a list of usernames for dictionary- or
bruteforce-attacks.

2. Cross site scripting:

The parameters p_p_state and p_p_mode are not validated or escaped by
the web application. Script code can be injected into these parameters,
allowing for cross site scripting attacks. Example:

https://teaming.example.com/web/guest/home?p_p_id�&p_p_action=1&p_p_state=%3Cscript%3Ealert('xss+vulnerability')%3C/script%3E&p_p_mode=view&p_p_col_id=column-2&p_p_col_pos=1&p_p_col_count=2&_82_struts_action=%2Flanguage%2Fview&_82_languageId�_DE

3. Vulnerable Liferay portal:

Novell Teaming includes a version of Liferay portal with known
vulnerabilities (two cross site scripting flaws):

* Liferay Portal "login" Cross-Site Scripting Vulnerability
  http://secunia.com/advisories/27537/
* Liferay Portal "emailAddress" Cross-Site Scripting
  http://secunia.com/advisories/27821/

-

Proof of concept:
-----------------

No special exploit code is required to exploit this vulnerabilities.


Vulnerable versions:
--------------------

Version 1.0.3 of Novell Teaming is vulnerable to the issues described.
Prior versions are most likely also vulnerable.


Vendor contact timeline:
------------------------

2009-02-19: Vendor informed about vulnerabilities
2009-04-14: Patches available


Patch:
------

The vendor has provided fixes for the issues described. In addition, two
Technical Information Documents containing update instructions have been
released. These can be found at the following URLs:

* TID 7002997
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalIdp02997&sliceId=1&docTypeID=DT_TID_1_1&dialogID3090060&stateId=1%200%2033084737

* TID 7002999
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalIdp02999&sliceId=1&docTypeID=DT_TID_1_1&dialogID3090060&stateId=1%200%2033084737

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SEC Consult Unternehmensberatung GmbH

Office Vienna
Mooslackengasse 17
A-1190 Vienna
Austria

Tel.: +43 / 1 / 890 30 43 - 0
Fax.: +43 / 1 / 890 30 43 - 25
Mail: research at sec-consult dot com
www.sec-consult.com

EOF SEC Consult Vulnerability Lab / @2009

From - Wed Apr 15 12:54:47 2009
X-Account-Key: account7
X-UIDL: 4909bb8c000071d6
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-40032-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 5AFCCEC11F
for <lists@securityspace.com>; Wed, 15 Apr 2009 12:52:22 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 19A71143B8D; Wed, 15 Apr 2009 08:54:16 -0600 (MDT)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 6626 invoked from network); 15 Apr 2009 03:57:54 -0000
X-Spam-Status: No, hits=-4.4 required=5.0
X-Spam-Report: SA TESTS
 -1.8 ALL_TRUSTED            Passed through trusted hosts only via SMTP
 -2.6 BAYES_00               BODY: Bayesian spam probability is 0 to 1%
                             [score: 0.0000]
X-Antivirus-INTERUNIX-Mail-From: prabu@hackinthebox.org via prometheus.interunix.net
X-Antivirus-INTERUNIX: 1.25-st-qms (Clear:RC:0(202.190.74.58):SA:0(-4.4/5.0):. Processed in 3.62372 secs Process 99193)
Message-ID: <49E55C82.7080905@hackinthebox.org>
Date: Wed, 15 Apr 2009 12:03:14 +0800
From: "S. Praburaajan" <prabu@hackinthebox.org>
User-Agent: Thunderbird 2.0.0.21 (Macintosh/20090302)
MIME-Version: 1.0
To: dailydave@lists.immunityinc.com, securityjobs@securityfocus.com,
voipsec@voipsa.org, bugtraq@securityfocus.com
Subject: HITBSecConf2009 - Malaysia: Call for Papers
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Status:   

The Call for Papers for HITB Security Conference 2009 Malaysia is now open!

Talks that are more technical or that discuss new and never before seen
attack methods are of more interest than a subject that has been covered
several times before. Summaries not exceeding 1250 words should be
submitted (in plain text format) to cfp -at- hackinthebox.org for review
and possible inclusion in the programme.

Submissions are due no later than 31st July 2009

TOPICS

Topics of interest include, but are not limited to the following:

# 3G/4G Cellular Networks
# Apple / OS X security vulnerabilities
# SS7/Backbone telephony networks
# VoIP security
# Firewall technologies
# Intrusion detection
# Data Recovery, Forensics and Incident Response
# HSDPA and CDMA Security
# WIMAX Security
# Identification and Entity Authentication
# Network Protocol and Analysis
# Smart Card and Physical Security
# Virus and Worms
# WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
# Analysis of malicious code
# Applications of cryptographic techniques
# Analysis of attacks against networks and machines
# File system security
# Security of Embedded Devices
# Side Channel Analysis of Hardware Devices

PLEASE NOTE:

We do not accept product or vendor related pitches. If your talk
involves an advertisement for a new product or service your company is
offering, please do not submit.

Your submission should include:

# Name, title, address, email and phone/contact number
# Short biography, qualification, occupation (limit 250 words)
# Summary or abstract for your presentation (limit 1250 words)
# Technical requirements (video, internet, wireless, audio, etc.)

Each non-resident speaker will receive accommodation for 2 nights/3
days. For each non-resident speaker, HITB will cover travel expenses up
to USD 1,200.00.

HITBSecConf2009 - Malaysia
http://conference.hackinthebox.org/hitbsecconf2009kl/

From - Wed Apr 15 13:04:46 2009
X-Account-Key: account7
X-UIDL: 4909bb8c000071d7
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-40036-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 6ED95EC11F
for <lists@securityspace.com>; Wed, 15 Apr 2009 13:04:39 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 1E535143B4D; Wed, 15 Apr 2009 08:57:41 -0600 (MDT)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 12164 invoked from network); 15 Apr 2009 09:54:06 -0000
Date: Wed, 15 Apr 2009 11:57:34 +0200
Message-Id: <200904150957.n3F9vYYM013555@ca.secunia.com>
To: bugtraq@securityfocus.com
Subject: Secunia Research: Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow
From: Secunia Research <remove-vuln@secunia.com>
Status:   

=====================================================================
                     Secunia Research 15/04/2009

 - Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow -

=====================================================================Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

=====================================================================1) Affected Software 

* Oracle BEA WebLogic Server Plug-ins version 1.0.1166189.

NOTE: Other versions may also be affected.

=====================================================================2) Severity 

Rating: Highly critical
Impact: System access
Where:  From Remote

=====================================================================3) Vendor's Description of Software 

"... the world's best application server for building and deploying
enterprise applications and services ...".

Product Link:
http://www.oracle.com/technology/products/weblogic/index.html

=====================================================================4) Description of Vulnerability

Secunia Research has discovered a vulnerability in the Oracle BEA
WebLogic Server plug-ins for web servers, which can be exploited by
malicious people to compromise a vulnerable system.

The Oracle BEA WebLogic Server can be configured to receive requests
via an Apache web server. In this case, a plug-in is installed in the
Internet-facing web server that passes the request to a WebLogic
server. 

The Apache web server may be configured to accept SSL connections and
forward the request to the WebLogic server along with any SSL-related
information. If the SSL client supplies a certificate (and the Apache
server is configured to accept it), then the certificate is passed to
the WebLogic plug-in via an environment variable.

The vulnerability is caused by a boundary error when parsing 
certificates and can be exploited to cause a stack-based buffer 
overflow by supplying a specially crafted certificate.

Successful exploitation may allow execution of arbitrary code.

=====================================================================5) Solution 

Apply patches released by the vendor.

=====================================================================6) Time Table 

01/03/2009 - Vendor notified.
06/03/2009 - Vendor confirms vulnerability.
17/03/2009 - Vendor provides preliminary patch. 
15/04/2009 - Public disclosure.

=====================================================================7) Credits 

Discovered by Dyon Balding, Secunia Research.

=====================================================================8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned 
CVE-2009-0190 for the vulnerability.

=====================================================================9) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://secunia.com/advisories/business_solutions/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private 
individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the 
security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/corporate/jobs/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/advisories/mailing_lists/

=====================================================================10) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2009-23/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

=====================================================================
From - Wed Apr 15 13:24:46 2009
X-Account-Key: account7
X-UIDL: 4909bb8c000071d8
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-40040-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id DF223EC11F
for <lists@securityspace.com>; Wed, 15 Apr 2009 13:17:22 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id ED17E237383; Wed, 15 Apr 2009 11:07:11 -0600 (MDT)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 21988 invoked from network); 15 Apr 2009 16:05:32 -0000
Date: Wed, 15 Apr 2009 10:11:39 -0600
Message-Id: <200904151611.n3FGBdHn013971@www5.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: antonia.goodwin@procheckup.com
To: bugtraq@securityfocus.com
Subject: XSS with mod_perl perl_status utility
Status:   

Vulnerability found: 28th February 2009

Vendor informed: 1st March 2009

Advisory last updated: 1st March 2009 

Severity: Medium/High

Credits: Richard Brain of ProCheckUp Ltd (www.procheckup.com)
 
CVE reference: CVE-2009-0796 
BID: 34383

Many thanks to Torsten Foertsch for his kind assistance in fixing the bug.

Description: 

There is a Cross-site Scripting vulnerability on Mod_perl's, perl-status utility. The perl-status utility on request displays the current status of the Mod_perl server, and some configuration information. Perl-status when configured to allow any viewers, presents an information disclosure risk,
Procheckup has found by making a malformed request to perl-status, that additionally a vanilla cross site scripting (XSS) attack is possible.


Proof of concept:

Submitting the following string to an unpatched server "server".
http://server:80/perl-status/APR::SockAddr::port/%22%3E%3Cscript%3Ealert(1)%3C/script%3E


The following is returned:-
<p><a href="/perl-status/APR::SockAddr::port/"><script>alert(1)</script>?env">Environment</a><br />
<a href="/perl-status/APR::SockAddr::port/"><script>alert(1)</script>?inc">Loaded Modules</a><br />
<a href="/perl-status/APR::SockAddr::port/"><script>alert(1)</script>?inh_tree">Inheritance Tree</a><br />
<a href="/perl-status/APR::SockAddr::port/"><script>alert(1)</script>?isa_tree">ISA Tree</a><br />
<a href="/perl-status/APR::SockAddr::port/"><script>alert(1)</script>?myconfig">Perl Configuration</a><br />
<a href="/perl-status/APR::SockAddr::port/"><script>alert(1)</script>?rgysubs">Compiled Registry Scripts</a><br />
<a href="/perl-status/APR::SockAddr::port/"><script>alert(1)</script>?script">PerlRequire'd Files</a><br />
<a href="/perl-status/APR::SockAddr::port/"><script>alert(1)</script>?sig">Signal Handlers</a><br />
<a href="/perl-status/APR::SockAddr::port/"><script>alert(1)</script>?symdump">Symbol Table Dump</a><br />
</p></body></html>


An attacker may be able to cause execution of malicious scripting code in the browser of a user who clicks on a link or visits a malicious webpage. The malicious code would run in the security context of the vulnerable website.

This type of attack can result in non-persistent defacement of the target site, or the redirection of confidential information (i.e.: passwords or session IDs) to unauthorised third parties.


Fix:


http://perl.apache.org/


Legal:

Copyright 2009 Procheckup Ltd. All rights reserved.

Permission is granted for copying and circulating this Bulletin to the Internet community for the purpose of alerting them to problems, if and only if, the Bulletin is not edited or changed in any way, is attributed to Procheckup, and provided such reproduction and/or distribution is performed for non-commercial purposes.

Any other use of this information is prohibited. Procheckup is not liable for any misuse  of this information by any third party.

From - Wed Apr 15 13:34:46 2009
X-Account-Key: account7
X-UIDL: 4909bb8c000071d9
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-40041-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 5D9E9EC11F
for <lists@securityspace.com>; Wed, 15 Apr 2009 13:29:52 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 78494237418; Wed, 15 Apr 2009 11:07:19 -0600 (MDT)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 26094 invoked from network); 15 Apr 2009 17:02:06 -0000
Date: Wed, 15 Apr 2009 10:07:41 -0700
From: Kees Cook <kees@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: [USN-758-1] udev vulnerabilities
Message-ID: <20090415170741.GM7904@outflux.net>
Reply-To: Ubuntu Security <security@ubuntu.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="L+ofChggJdETEG3Y"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.316 $
X-HELO: www.outflux.net
X-Scanned-By: MIMEDefang 2.64 on 10.2.0.1
Status:   


--L+ofChggJdETEG3Y
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================Ubuntu Security Notice USN-758-1             April 15, 2009
udev vulnerabilities
CVE-2009-1185, CVE-2009-1186
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  udev                            079-0ubuntu35.1

Ubuntu 7.10:
  udev                            113-0ubuntu17.2

Ubuntu 8.04 LTS:
  udev                            117-8ubuntu0.2

Ubuntu 8.10:
  udev                            124-9ubuntu0.2

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

Sebastian Krahmer discovered that udev did not correctly validate netlink
message senders.  A local attacker could send specially crafted messages
to udev in order to gain root privileges. (CVE-2009-1185)

Sebastian Krahmer discovered a buffer overflow in the path encoding routines
in udev.  A local attacker could exploit this to crash udev, leading to a
denial of service. (CVE-2009-1186)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_079-0ubuntu35.1.diff.gz
      Size/MD5:    51122 c7d3b676db9a83db24f422a285438ca7
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_079-0ubuntu35.1.dsc
      Size/MD5:      670 7cbaeaa0f9888994397d3d7cf90e3658
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_079.orig.tar.gz
      Size/MD5:   281803 2b34fbddeadee3728ffe28121d6c1ebd

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev-udeb_079-0ubuntu35.1_amd64.udeb
      Size/MD5:   142138 1392a4f575c8acda5672fc62f637b3fb
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_079-0ubuntu35.1_amd64.deb
      Size/MD5:   279030 84f654a125f3e3d0725103cfe68420b0

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev-udeb_079-0ubuntu35.1_i386.udeb
      Size/MD5:   109638 4882b6311f73bef9868881b1c5e8ed41
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_079-0ubuntu35.1_i386.deb
      Size/MD5:   239122 af377acadfffddf3d9040dc23286fc8f

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev-udeb_079-0ubuntu35.1_powerpc.udeb
      Size/MD5:   118100 d792bd2e62989a8d95309aed153e4289
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_079-0ubuntu35.1_powerpc.deb
      Size/MD5:   280766 b306f68f10ff06ca5cd9ee17828d39d5

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev-udeb_079-0ubuntu35.1_sparc.udeb
      Size/MD5:   115618 63bcef9fd2bada2eafe266d7796a84c9
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_079-0ubuntu35.1_sparc.deb
      Size/MD5:   247624 4b80d6ca0c5e076f249087c118962922

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_113-0ubuntu17.2.diff.gz
      Size/MD5:    55913 a7a1ba8a02b2fe905bc71743e5a5c7c0
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_113-0ubuntu17.2.dsc
      Size/MD5:      728 7b6e062975bbe336c2d760e5ff11572a
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_113.orig.tar.gz
      Size/MD5:   239920 be4948d5057ae469de9bea8ae588221e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/u/udev/libvolume-id-dev_113-0ubuntu17.2_amd64.deb
      Size/MD5:    86226 3f5adacc769ddfe17fafd79c54ce81a7
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/libvolume-id0_113-0ubuntu17.2_amd64.deb
      Size/MD5:    81900 edaba987b6002b09d6b4173e156e330e
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev-udeb_113-0ubuntu17.2_amd64.udeb
      Size/MD5:   149804 e601d0c2bc7037a8df133a30d1f76605
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_113-0ubuntu17.2_amd64.deb
      Size/MD5:   304258 7a2173b367fc88bf531bfb706e3e1f8b
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/volumeid_113-0ubuntu17.2_amd64.deb
      Size/MD5:    75160 fd8f032baabb6f0bbfc6f371cec52e1c

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/u/udev/libvolume-id-dev_113-0ubuntu17.2_i386.deb
      Size/MD5:    83892 12a63120228e99b4730f010cd361c244
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/libvolume-id0_113-0ubuntu17.2_i386.deb
      Size/MD5:    80572 6b5994b0eadaaee1f523de159718b408
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev-udeb_113-0ubuntu17.2_i386.udeb
      Size/MD5:   132812 630042b66ab4a4344191fc82ecec0a38
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_113-0ubuntu17.2_i386.deb
      Size/MD5:   288284 986d47c76158ade2a30e6a1948f55082
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/volumeid_113-0ubuntu17.2_i386.deb
      Size/MD5:    74174 902478d959375b71e2b78cf0f0f8d82a

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/u/udev/libvolume-id-dev_113-0ubuntu17.2_lpia.deb
      Size/MD5:    83926 a32df0b3fe432aadfad07d3961e20a7e
    http://ports.ubuntu.com/pool/main/u/udev/libvolume-id0_113-0ubuntu17.2_lpia.deb
      Size/MD5:    80568 0266ced7497651f1bc9996ee0e00d6c5
    http://ports.ubuntu.com/pool/main/u/udev/udev-udeb_113-0ubuntu17.2_lpia.udeb
      Size/MD5:   132732 386aa29c7b1175fac96d231a0e255118
    http://ports.ubuntu.com/pool/main/u/udev/udev_113-0ubuntu17.2_lpia.deb
      Size/MD5:   288604 e05dbb1b8ff89c24b26cf318550442d6
    http://ports.ubuntu.com/pool/main/u/udev/volumeid_113-0ubuntu17.2_lpia.deb
      Size/MD5:    74138 bf4aa952e2d07c0d27fba4e858dcd678

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/u/udev/libvolume-id-dev_113-0ubuntu17.2_powerpc.deb
      Size/MD5:    87538 e0b0ae6ebf9847c5a4141950026b29f2
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/libvolume-id0_113-0ubuntu17.2_powerpc.deb
      Size/MD5:    83398 a4372fb8399d28496fe8ed7a03fe2aab
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev-udeb_113-0ubuntu17.2_powerpc.udeb
      Size/MD5:   149236 99bdb65c79ce39bf881fa56972a7df76
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_113-0ubuntu17.2_powerpc.deb
      Size/MD5:   336274 d575f25a976f8cbd4cd123f47c696305
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/volumeid_113-0ubuntu17.2_powerpc.deb
      Size/MD5:    77432 6c548fabc0ad7861f125de70071cd0d7

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/u/udev/libvolume-id-dev_113-0ubuntu17.2_sparc.deb
      Size/MD5:    87846 a331c703a9b11a20670a160d9bc5a16e
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/libvolume-id0_113-0ubuntu17.2_sparc.deb
      Size/MD5:    83846 6d2a1c58ea38e9b71fba17f841b4a26c
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev-udeb_113-0ubuntu17.2_sparc.udeb
      Size/MD5:   141244 de4f7c09715c900cda38abbf53a6bf0f
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_113-0ubuntu17.2_sparc.deb
      Size/MD5:   294436 4591981586a1d547ea33c3cc8b09b39b
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/volumeid_113-0ubuntu17.2_sparc.deb
      Size/MD5:    74714 cee96bfcea22c72a410644cb812591c0

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_117-8ubuntu0.2.diff.gz
      Size/MD5:    65730 81fffa88d20b553d3957cc5180258028
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_117-8ubuntu0.2.dsc
      Size/MD5:      716 5ce142feffe74504599351ce14f8e79c
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_117.orig.tar.gz
      Size/MD5:   245289 1e2b0a30a39019fc7ef947786102cd22

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/u/udev/libvolume-id-dev_117-8ubuntu0.2_amd64.deb
      Size/MD5:    90008 9b726512e3681753aa17b4c28f5f0c97
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/libvolume-id0_117-8ubuntu0.2_amd64.deb
      Size/MD5:    85680 7b719dd5b310814d742d82e8187936ad
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev-udeb_117-8ubuntu0.2_amd64.udeb
      Size/MD5:   142424 3b3556f38c4751c19e94dfa442378975
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_117-8ubuntu0.2_amd64.deb
      Size/MD5:   275764 a7341d40aaf3886ede818bacdb8f725b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/u/udev/libvolume-id-dev_117-8ubuntu0.2_i386.deb
      Size/MD5:    87874 bba06e76c225f835d4bd5da9cf71cb17
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/libvolume-id0_117-8ubuntu0.2_i386.deb
      Size/MD5:    84476 2aaa0302816eb8d524b4b9eed6cc6664
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev-udeb_117-8ubuntu0.2_i386.udeb
      Size/MD5:   125376 12efe871f550741a6070849ecbf345d8
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_117-8ubuntu0.2_i386.deb
      Size/MD5:   262096 14de9f79f3e92bca2fd087747fe2cbe4

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/u/udev/libvolume-id-dev_117-8ubuntu0.2_lpia.deb
      Size/MD5:    87820 06ae468615109e9693007bbbbd5ab76c
    http://ports.ubuntu.com/pool/main/u/udev/libvolume-id0_117-8ubuntu0.2_lpia.deb
      Size/MD5:    84344 74698366a89ff79f7da56e1e8081b7f8
    http://ports.ubuntu.com/pool/main/u/udev/udev-udeb_117-8ubuntu0.2_lpia.udeb
      Size/MD5:   125366 24e6abe9d2d71edc59c8fee7c321aac4
    http://ports.ubuntu.com/pool/main/u/udev/udev_117-8ubuntu0.2_lpia.deb
      Size/MD5:   262202 ccd906dc5ba0f8150d2e54560cb506fa

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/u/udev/libvolume-id-dev_117-8ubuntu0.2_powerpc.deb
      Size/MD5:    91184 0244aee4cd0b49b752b60bb69b822e8d
    http://ports.ubuntu.com/pool/main/u/udev/libvolume-id0_117-8ubuntu0.2_powerpc.deb
      Size/MD5:    87282 717d460e52f5208028b8a114c41441d3
    http://ports.ubuntu.com/pool/main/u/udev/udev-udeb_117-8ubuntu0.2_powerpc.udeb
      Size/MD5:   142902 ac0227c34eabb4f40f8011ab810c6774
    http://ports.ubuntu.com/pool/main/u/udev/udev_117-8ubuntu0.2_powerpc.deb
      Size/MD5:   284190 791467a0daac1a186b308a5260998765

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/u/udev/libvolume-id-dev_117-8ubuntu0.2_sparc.deb
      Size/MD5:    91172 5d7f21eb5e8183fd4a3a93a08e71fa9a
    http://ports.ubuntu.com/pool/main/u/udev/libvolume-id0_117-8ubuntu0.2_sparc.deb
      Size/MD5:    87420 5799e495a349dffb947bca5b831e0a59
    http://ports.ubuntu.com/pool/main/u/udev/udev-udeb_117-8ubuntu0.2_sparc.udeb
      Size/MD5:   134148 07f30c5e47363b26a07a695ef208ac39
    http://ports.ubuntu.com/pool/main/u/udev/udev_117-8ubuntu0.2_sparc.deb
      Size/MD5:   268260 81d8d2489b05238c43928ccca028fd97

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_124-9ubuntu0.2.diff.gz
      Size/MD5:    60670 3294d977bf37ae45a66d47b624b60db0
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_124-9ubuntu0.2.dsc
      Size/MD5:     1092 b52e321c7c4c0e0d6d292167cb6019f8
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_124.orig.tar.gz
      Size/MD5:   257418 2ea9229208154229c5d6df6222f74ad7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/u/udev/libvolume-id-dev_124-9ubuntu0.2_amd64.deb
      Size/MD5:    93152 2ae90a4dc2bad933180b03169f021786
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/libvolume-id0_124-9ubuntu0.2_amd64.deb
      Size/MD5:    88906 31e1fc7a2a7546cdb6c26b38df29cab3
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev-udeb_124-9ubuntu0.2_amd64.udeb
      Size/MD5:   140768 bff970a06a6364bec08459be64169da8
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_124-9ubuntu0.2_amd64.deb
      Size/MD5:   280684 09f8b16a2b7b7b5c637e314302ad27b1

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/u/udev/libvolume-id-dev_124-9ubuntu0.2_i386.deb
      Size/MD5:    90866 348a4b3c7ecace17161c156f648ef7f5
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/libvolume-id0_124-9ubuntu0.2_i386.deb
      Size/MD5:    87674 af9f5a9f38ebff8867ea1d6055e33705
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev-udeb_124-9ubuntu0.2_i386.udeb
      Size/MD5:   124664 65a463c6512f87e71b40640809f68245
    http://security.ubuntu.com/ubuntu/pool/main/u/udev/udev_124-9ubuntu0.2_i386.deb
      Size/MD5:   263786 34aa4d7ad23bcd6fe682d5c958c2b176

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/u/udev/libvolume-id-dev_124-9ubuntu0.2_lpia.deb
      Size/MD5:    90952 13a89ac0608a4432f8fe3410798bfc80
    http://ports.ubuntu.com/pool/main/u/udev/libvolume-id0_124-9ubuntu0.2_lpia.deb
      Size/MD5:    87526 c62d3f557da0f00a683dd2affab3ac18
    http://ports.ubuntu.com/pool/main/u/udev/udev-udeb_124-9ubuntu0.2_lpia.udeb
      Size/MD5:   124596 227b5495edd9e8164030ec9e3445206f
    http://ports.ubuntu.com/pool/main/u/udev/udev_124-9ubuntu0.2_lpia.deb
      Size/MD5:   263960 55a49a09202c83919fc7966e9cb4f0e9

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/u/udev/libvolume-id-dev_124-9ubuntu0.2_powerpc.deb
      Size/MD5:    94720 9f705767aec000389c4a0ac5547e4b08
    http://ports.ubuntu.com/pool/main/u/udev/libvolume-id0_124-9ubuntu0.2_powerpc.deb
      Size/MD5:    90490 0a821585e04ab4a3ae43fba609d15bad
    http://ports.ubuntu.com/pool/main/u/udev/udev-udeb_124-9ubuntu0.2_powerpc.udeb
      Size/MD5:   136420 a13c982f31bb35caf8bdfa0230d6bf25
    http://ports.ubuntu.com/pool/main/u/udev/udev_124-9ubuntu0.2_powerpc.deb
      Size/MD5:   283654 27a1278de0e01ecd84806b4c52242130

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/u/udev/libvolume-id-dev_124-9ubuntu0.2_sparc.deb
      Size/MD5:    94552 4ca615812516cb06abbeb05936f60e3c
    http://ports.ubuntu.com/pool/main/u/udev/libvolume-id0_124-9ubuntu0.2_sparc.deb
      Size/MD5:    90856 7c2cbb37e564258dcf75f2f0a85ebe51
    http://ports.ubuntu.com/pool/main/u/udev/udev-udeb_124-9ubuntu0.2_sparc.udeb
      Size/MD5:   136020 0f478380b3c641b037818ed607eea594
    http://ports.ubuntu.com/pool/main/u/udev/udev_124-9ubuntu0.2_sparc.deb
      Size/MD5:   274892 2f392b3a4d9d271db107930adc81e8e4



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.