===========================================================
Ubuntu Security Notice USN-739-1 March 17, 2009
amarok vulnerabilities
CVE-2009-0135, CVE-2009-0136
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 7.10:
amarok 2:1.4.7-0ubuntu3.2
Ubuntu 8.04 LTS:
amarok 2:1.4.9.1-0ubuntu3.2
Ubuntu 8.10:
amarok 2:1.4.10-0ubuntu3.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that Amarok did not correctly handle certain malformed
tags in Audible Audio (.aa) files. If a user were tricked into opening a
crafted Audible Audio file, an attacker could execute arbitrary code with
the privileges of the user invoking the program.
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2.diff.gz
Size/MD5: 257112 c9e74edffcb691c16e1128aa887c1bfd
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2.dsc
Size/MD5: 1066 e0d1dd2ce612be33f143bdaac11e3959
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7.orig.tar.gz
Size/MD5: 16103569 74cd355c6d4838695a8d5b914a5b7d77
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_amd64.deb
Size/MD5: 62660 f88ae4c42572936a5ea969f42535b0b9
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_amd64.deb
Size/MD5: 10060154 e93c8ffb9db8004cbd1d702cadaaec28
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_amd64.deb
Size/MD5: 880 3bd14c1eed61be2a4992f3282bc6b0a4
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_i386.deb
Size/MD5: 56632 ebf26ee4dd076e54782cf276a3cc888c
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_i386.deb
Size/MD5: 9848998 b22ddae4b1ef24a58c42a65a0cb17c49
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_i386.deb
Size/MD5: 882 037d4a5a94a88f3f09a25c0e7de86baf
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_lpia.deb
Size/MD5: 56376 d22b49f1bd640bed50d86ce8b630515b
http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_lpia.deb
Size/MD5: 9840226 4bc0d7e4e7e0791d2af94e53f106a9c2
http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_lpia.deb
Size/MD5: 880 7a48684acb8056df94e9ae04dbcb18e8
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_powerpc.deb
Size/MD5: 62376 ba074f1110dc982df3a0d89321407dfc
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_powerpc.deb
Size/MD5: 10058400 40ebc6949db67a6d169f03400e73f0bb
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_powerpc.deb
Size/MD5: 884 17d6eb924c7960391e9192e92c7715f3
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.7-0ubuntu3.2_sparc.deb
Size/MD5: 56966 54091e39c8cf0bc1d15335bfd760730a
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.7-0ubuntu3.2_sparc.deb
Size/MD5: 9941278 7549394f977da613ced46cb06569c970
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.7-0ubuntu3.2_sparc.deb
Size/MD5: 882 b07d32a7a9b65eba984692ff89281361
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2.diff.gz
Size/MD5: 35541 ae027294b9ecd0cfef274bd7821e55d8
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2.dsc
Size/MD5: 1236 963e00d25ce78cea1cb687653382ffac
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1.orig.tar.gz
Size/MD5: 16055681 a4365f559f0d42a0a09c3e9a17f9a140
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_amd64.deb
Size/MD5: 61972 e22ebf1259d6efc8df04a63c5f1f239b
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_amd64.deb
Size/MD5: 9852912 749c0955241f580f604ec3cf737e29ba
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_amd64.deb
Size/MD5: 892 8935cf386c89808423b31a971b8ba8f5
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_i386.deb
Size/MD5: 55162 a708e7f15c28a78dbde8b0760a3c51e9
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_i386.deb
Size/MD5: 9613228 7ad352acc25cb075a86a712b9dc9cde7
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_i386.deb
Size/MD5: 894 327a4fab283176840a5c19c20da82a60
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_lpia.deb
Size/MD5: 55434 7e3ec4dd258b53d229e2a62f10f24ee0
http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_lpia.deb
Size/MD5: 9634246 00939b00ed248dcb20ba48cb0f7d4e85
http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_lpia.deb
Size/MD5: 892 08de17b51f8dc7e1718a538354793d96
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_powerpc.deb
Size/MD5: 60480 78a345b9355403c9e15fc40b2060729a
http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_powerpc.deb
Size/MD5: 9814058 c455622225259b65b52190de1ac2f411
http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_powerpc.deb
Size/MD5: 894 21fee2e334c017d67035c1a855a76232
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/amarok/amarok-xine_1.4.9.1-0ubuntu3.2_sparc.deb
Size/MD5: 55462 b7b35cb1a49407c5b1744e75be35be96
http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.9.1-0ubuntu3.2_sparc.deb
Size/MD5: 9703894 cbbc84b5f72149a1e6b77e2a3767b32a
http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engines_1.4.9.1-0ubuntu3.2_sparc.deb
Size/MD5: 894 ec9b2171cfa95bb7d5f5eb00234a29c7
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1.diff.gz
Size/MD5: 122128 dfa7f91f4b47877f2ae0ad628cd1cb34
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1.dsc
Size/MD5: 1692 85e473b48ec7618853a7ef4ec9f676f3
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10.orig.tar.gz
Size/MD5: 16207150 3d0670537b74e929909aa9fa5dc98ccf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-common_1.4.10-0ubuntu3.1_all.deb
Size/MD5: 7189098 14810af1ad0beaceaa6d4ffdef262303
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engines_1.4.10-0ubuntu3.1_all.deb
Size/MD5: 20876 5e4197198c821aa5ba7b4bf4aa880c48
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_amd64.deb
Size/MD5: 11263374 3cd56f5c0137f627c7a1b6cf4da65b8f
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_amd64.deb
Size/MD5: 77300 ec981ba68cfd40da2c0d1bcc732bb6ad
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_amd64.deb
Size/MD5: 2555918 aa8ca60da603dde4ad17abf9a3f9413c
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_amd64.deb
Size/MD5: 44786 19864173750f5e0cfecb9cd0e5ecb93c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_i386.deb
Size/MD5: 11214674 209fb4b55cccb46924b49aa311cd7fd2
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_i386.deb
Size/MD5: 73120 ac2195787b0f20e49f0f2c4600af8e0a
http://security.ubuntu.com/ubuntu/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_i386.deb
Size/MD5: 2455166 10a4d45271de505b27335b03e63e65e7
http://security.ubuntu.com/ubuntu/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_i386.deb
Size/MD5: 42068 27fda4967f148fae1cc9368c2a864580
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_lpia.deb
Size/MD5: 11001132 58d91d53551248da242004538f8cf4e1
http://ports.ubuntu.com/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_lpia.deb
Size/MD5: 72996 700366415eb1979682355bf3321116eb
http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_lpia.deb
Size/MD5: 2466854 1e8371a2ecd057dd132b734dd90123ae
http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_lpia.deb
Size/MD5: 42324 46e91ba8d21b8a07bb55908baa31ff36
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_powerpc.deb
Size/MD5: 11630608 f396b5277dae7a48eb99f96d0286f5ef
http://ports.ubuntu.com/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_powerpc.deb
Size/MD5: 77218 14a66ad0995715007e05ae0c4391ee36
http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_powerpc.deb
Size/MD5: 2553480 8b214c82fd0facc88be1784c4cf72c0c
http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_powerpc.deb
Size/MD5: 46030 fcdb0545bd8a26124a2bb70604e3ac18
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/amarok/amarok-dbg_1.4.10-0ubuntu3.1_sparc.deb
Size/MD5: 11005590 628b0d7d4425387d5aaf37a3ea983964
http://ports.ubuntu.com/pool/main/a/amarok/amarok-engine-xine_1.4.10-0ubuntu3.1_sparc.deb
Size/MD5: 72268 c8b1b20037f189d7237cbdad98756147
http://ports.ubuntu.com/pool/main/a/amarok/amarok_1.4.10-0ubuntu3.1_sparc.deb
Size/MD5: 2398662 ee7c646f35ddc367817de4e0922a36d7
http://ports.ubuntu.com/pool/universe/a/amarok/amarok-engine-yauap_1.4.10-0ubuntu3.1_sparc.deb
Size/MD5: 41892 f5579da5c9e5da9a312dd61e13d1d6e2
--=-3OLCXLRcPLlNVNdoK40p
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAkm/3fIACgkQLMAs/0C4zNoUcQCgpPM20WXeVEhZgBqCchRbBTSA
l28AniHy7fLz8IbUh/G7zPsNuwZg4HYc
=RNkQ
-----END PGP SIGNATURE-----
--=-3OLCXLRcPLlNVNdoK40p--
From - Tue Mar 17 15:51:15 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006a9e
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39780-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 0415BED961
for <lists@securityspace.com>; Tue, 17 Mar 2009 15:42:48 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id EB43B1439FB; Tue, 17 Mar 2009 12:23:51 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 16075 invoked from network); 17 Mar 2009 16:07:46 -0000
Date: 17 Mar 2009 16:08:20 -0000
Message-ID: <20090317160820.15557.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: vuln@e-rdc.org
To: bugtraq@securityfocus.com
Subject: [ECHO_ADV_106$2009] FireAnt <= 1.3 Critical File Disclosure
Vulnerability
Status:
ECHO_ADV_106$2009
-----------------------------------------------------------------------------------------
[ECHO_ADV_106$2009] FireAnt <= 1.3 Critical File Disclosure Vulnerability
-----------------------------------------------------------------------------------------
Author : K-159
Date : March, 16 th 2009
Location : Jakarta, Indonesia
Web :
http://e-rdc.org/v1/news.php?readmore�0
Critical Lvl : Moderate
Impact : Exposure of sensitive information
Where : From Remote
---------------------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : FireAnt
version : <= 1.3
Vendor :
http://chaozz.nl/software/fireant/
Description :
FireAnt is a Bug Tracking System (BTS) without the fancy bells �n whistles. It�s very small (about 30 kb) and easy to install/maintain (no MYSQL needed).
It�s a really straight forward simple BTS, initially made to support the FreeWebshop.org project.
--------------------------------------------------------------------------
Vulnerability:
~~~~~~~~~~~~~~
Critical user.tsv file in db's folder are vulnerable to direct access to view 'critical' information about username and md5hash password from users.
Poc/Exploit:
~~~~~~~~~
http://www.example.com/[FireAnt_path]/db/user.tsv
Dork:
~~~~~
Google : "Powered by FireAnt v1.3 and chaozzDB v1.2"
Solution:
~~~~~~~
- add .htaccess in folder db.
Timeline:
~~~~~~~~~
- 14 - 03 - 2009 bug found
- 14 - 03 - 2009 vendor contacted
- 15 - 03 - 2009 vendor response
- 16 - 03 - 2009 advisory release
---------------------------------------------------------------------------
Shoutz:
~~~~~
~ ping - my dearest wife, zizou - my beloved son, i-eyes - my beloved daughter.
~ y3dips,the_day,Negatif,moby,comex,z3r0byt3,c-a-s-e,S`to,lirva32,pushm0v,az001,
the_hydra,neng chika, str0ke
~ scanners [at] SCAN-NUSANTARA and SCAN-ASSOCIATES
~ SK,Abond,pokley,cybertank, super_temon,whatsoever,b120t0,inggar,fachri,adi,rahmat,indra
~ masterpop3,maSter-oP,Lieur-Euy,Mr_ny3m,bithedz,murp,sakitjiwa,x16,cyb3rh3b,cR4SH3R,ogeb,bagan,devsheed
~ dr188le,cow_1seng,poniman_coy,paman_gembul,ketut,rizal,ghostblup,shamus,
kuntua, stev_manado,nofry,k1tk4t,0pt1c,k1ngk0ng
~ newbie_hacker@yahoogroups.com
~ milw0rm.com, macaholic.info, unitiga.com, mac.web.id, indowebster.com
~ #aikmel #e-c-h-o @irc.dal.net
---------------------------------------------------------------------------
Contact:
~~~~~~
K-159 || echo|staff || adv[at]e-rdc[dot]org
Homepage:
http://www.e-rdc.org/
-------------------------------- [ EOF ] ----------------------------------
From - Tue Mar 17 15:51:16 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006a9f
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39781-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id B3B2EED932
for <lists@securityspace.com>; Tue, 17 Mar 2009 15:48:03 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 44BC8143A08; Tue, 17 Mar 2009 12:24:05 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 16196 invoked from network); 17 Mar 2009 16:09:23 -0000
Date: 17 Mar 2009 16:09:58 -0000
Message-ID: <20090317160958.15700.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: vuln@e-rdc.org
To: bugtraq@securityfocus.com
Subject: [ECHO_ADV_107$2009] FubarForum <= 1.6 Critical File Disclosure
Vulnerability
Status:
ECHO_ADV_107$2009
-----------------------------------------------------------------------------------------
[ECHO_ADV_107$2009] FubarForum <= 1.6 Critical File Disclosure Vulnerability
-----------------------------------------------------------------------------------------
Author : K-159
Date : March, 16 th 2009
Location : Jakarta, Indonesia
Web :
http://e-rdc.org/v1/news.php?readmore�1
Critical Lvl : Moderate
Impact : Exposure of sensitive information
Where : From Remote
---------------------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : FubarForum
version : <= 1.6
Vendor :
http://chaozz.nl/software/fubarforum/
Description :
FubarForum is a tiny flatfile (no MYSQL needed) messageboard / forum that is easy to install and use. It�s small (compressed around 60kb), but has all the features you might expect from a forum
--------------------------------------------------------------------------
Vulnerability:
~~~~~~~~~~~~~~
Critical user.tsv file in db's folder are vulnerable to direct access to view 'critical' information about username and md5hash password from users.
Poc/Exploit:
~~~~~~~~~
http://www.example.com/[fubarforum_path]/db/user.tsv
Dork:
~~~~~
Google : "Powered by FubarForum v1.6 and chaozzDB v1.2"
Solution:
~~~~~~~
- add .htaccess in folder db.
Timeline:
~~~~~~~~~
- 14 - 03 - 2009 bug found
- 14 - 03 - 2009 vendor contacted
- 15 - 03 - 2009 vendor response
- 16 - 03 - 2009 advisory release
---------------------------------------------------------------------------
Shoutz:
~~~~~
~ ping - my dearest wife, zizou - my beloved son, i-eyes - my beloved daughter.
~ y3dips,the_day,Negatif,moby,comex,z3r0byt3,c-a-s-e,S`to,lirva32,pushm0v,az001,
the_hydra,neng chika, str0ke
~ scanners [at] SCAN-NUSANTARA and SCAN-ASSOCIATES
~ SK,Abond,pokley,cybertank, super_temon,whatsoever,b120t0,inggar,fachri,adi,rahmat,indra
~ masterpop3,maSter-oP,Lieur-Euy,Mr_ny3m,bithedz,murp,sakitjiwa,x16,cyb3rh3b,cR4SH3R,ogeb,bagan,devsheed
~ dr188le,cow_1seng,poniman_coy,paman_gembul,ketut,rizal,ghostblup,shamus,
kuntua, stev_manado,nofry,k1tk4t,0pt1c,k1ngk0ng
~ newbie_hacker@yahoogroups.com
~ milw0rm.com, macaholic.info, unitiga.com, mac.web.id, indowebster.com
~ #aikmel #e-c-h-o @irc.dal.net
---------------------------------------------------------------------------
Contact:
~~~~~~
K-159 || echo|staff || adv[at]e-rdc[dot]org
Homepage:
http://www.e-rdc.org/
-------------------------------- [ EOF ] ----------------------------------
From - Tue Mar 17 16:01:16 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006aa1
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39783-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id DE6A3ED942
for <lists@securityspace.com>; Tue, 17 Mar 2009 16:00:35 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 725A3143873; Tue, 17 Mar 2009 12:26:40 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 20794 invoked from network); 17 Mar 2009 17:17:30 -0000
X-Authentication-Warning: smtp0.thebunker.net: Host 78-105-4-70.zone3.bethere.co.uk [78.105.4.70] claimed to be [10.241.6.194]
Message-ID: <49BFDB3A.5000908@pirate-radio.org>
Date: Tue, 17 Mar 2009 17:17:46 +0000
From: Major Malfunction <majormal@pirate-radio.org>
User-Agent: Thunderbird 2.0.0.19 (X11/20090105)
MIME-Version: 1.0
To: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: DEFCON London DC4420 March meeting - Thursday 19th March
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV 0.94.2/9121/Tue Mar 17 14:50:06 2009 on livid.thebunker.net
X-Virus-Status: Clean
X-Spam-Status: No, score=-1.2 required=5.0 tests=AWL,BAYES_00,RDNS_DYNAMIC
autolearn=no version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on livid.thebunker.net
Status:
Yes it's that time of the month already! We need to meet in west London
and drink beer! Errr... I mean talk about techy hacky stuff...
This month we've got Dominic giving us an update on his Bluetooth Foo,
and, in an attempt to encourage some more speakers to come forward, the
rest of the session will be devoted only to lightning talks, starting
with a Dradis overview by etd.
So, if you've got an idea, or a germ of an idea, a few slides or no
slides at all, come and tell us about it and get some genuine feedback,
expressions of interest, offers of collaboration, or just shock and awe,
depending on how leet your shizzle is... :)
Location is, as usual, upstairs at The Glassblower in Soho
42 Glasshouse St, Piccadilly, W1B 5JY
http://maps.google.com/maps?f=q&hl=en&geocode=&q=W1B+5DL&ie=UTF8&llQ.510625,-0.136878&spn=0.00629,0.021415&z�&iwloc�dr
They do good food and real ales, and we have the bar exclusively to
ourselves until kicking out time...
Talks start at 19:30.
See you there!
cheers,
MM
--
"In DEFCON, we have no names..." errr... well, we do... but silly ones...
From - Tue Mar 17 16:51:16 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006aa3
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39779-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 9339DED8A6
for <lists@securityspace.com>; Tue, 17 Mar 2009 16:48:26 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 0D04E1437E8; Tue, 17 Mar 2009 12:23:34 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 15893 invoked from network); 17 Mar 2009 16:05:57 -0000
Date: 17 Mar 2009 16:06:32 -0000
Message-ID: <20090317160632.15345.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: vuln@e-rdc.org
To: bugtraq@securityfocus.com
Subject: [ECHO_ADV_105$2009] chaozzDB <= 1.2 Critical File Disclosure
Vulnerability
Status:
ECHO_ADV_105$2009
-----------------------------------------------------------------------------------------
[ECHO_ADV_105$2009] chaozzDB <= 1.2 Critical File Disclosure Vulnerability
-----------------------------------------------------------------------------------------
Author : K-159
Date : March, 16 th 2009
Location : Jakarta, Indonesia
Web :
http://e-rdc.org/v1/news.php?readmore�9
Critical Lvl : Moderate
Impact : Exposure of sensitive information
Where : From Remote
---------------------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : chaozzDB
version : <= 1.2
Vendor :
http://chaozz.nl/software/chaozzdb/
Description :
chaozzDB is a flatfile database system, which is small and fast. It supports most of the normal SQL-like statements
(it can insert, delete, update, open and search). It comes with clear and full documentation and a PHP example.
--------------------------------------------------------------------------
Vulnerability:
~~~~~~~~~~~~~~
Critical user.tsv file in db's folder are vulnerable to direct access to view 'critical' information about username and md5hash password from users.
Poc/Exploit:
~~~~~~~~~
http://www.example.com/[chaozzDB_path]/db/user.tsv
Dork:
~~~~~
Google : "chaozzDB 1.2"
Solution:
~~~~~~~
- add .htaccess in db's folder.
Timeline:
~~~~~~~~~
- 14 - 03 - 2009 bug found
- 14 - 03 - 2009 vendor contacted
- 15 - 03 - 2009 vendor response
- 16 - 03 - 2009 advisory release
---------------------------------------------------------------------------
Shoutz:
~~~~~
~ ping - my dearest wife, zizou - my beloved son, i-eyes - my beloved daughter.
~ y3dips,the_day,Negatif,moby,comex,z3r0byt3,c-a-s-e,S`to,lirva32,pushm0v,az001,
the_hydra,neng chika, str0ke
~ scanners [at] SCAN-NUSANTARA and SCAN-ASSOCIATES
~ SK,Abond,pokley,cybertank, super_temon,whatsoever,b120t0,inggar,fachri,adi,rahmat,indra
~ masterpop3,maSter-oP,Lieur-Euy,Mr_ny3m,bithedz,murp,sakitjiwa,x16,cyb3rh3b,cR4SH3R,ogeb,bagan,devsheed
~ dr188le,cow_1seng,poniman_coy,paman_gembul,ketut,rizal,ghostblup,shamus,
kuntua, stev_manado,nofry,k1tk4t,0pt1c,k1ngk0ng
~ newbie_hacker@yahoogroups.com
~ milw0rm.com, macaholic.info, unitiga.com, mac.web.id, indowebster.com
~ #aikmel #e-c-h-o @irc.dal.net
---------------------------------------------------------------------------
Contact:
~~~~~~
K-159 || echo|staff || adv[at]e-rdc[dot]org
Homepage:
http://www.e-rdc.org/
-------------------------------- [ EOF ] ----------------------------------
From - Wed Mar 18 11:21:46 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006ac1
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39787-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 89295EDA19
for <lists@securityspace.com>; Wed, 18 Mar 2009 11:17:36 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 5DB2214383E; Wed, 18 Mar 2009 08:12:17 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 1440 invoked from network); 17 Mar 2009 21:56:20 -0000
Message-ID: <49C01C44.70101@idefense.com>
Date: Tue, 17 Mar 2009 16:55:16 -0500
From: iDefense Labs <labs-no-reply@idefense.com>
User-Agent: Thunderbird 2.0.0.19 (Windows/20081209)
MIME-Version: 1.0
To: vulnwatch@vulnwatch.org, full-disclosure@lists.grok.org.uk,
bugtraq@securityfocus.com
Subject: iDefense Security Advisory 03.17.09: Autonomy KeyView Word Perfect
File Parsing Buffer Overflow Vulnerability
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Status:
iDefense Security Advisory 03.17.09
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 17, 2009
I. BACKGROUND
Autonomy KeyView SDK is a commercial SDK that provides many file format
parsing libraries. It supports a large number of different document
formats, one of which is the Word Perfect Document (WPD) format. It is
used by several popular vendors for processing documents. For more
information, visit the URL below.
http://www.autonomy.com/
II. DESCRIPTION
Remote exploitation of a stack-based buffer overflow in Autonomy Inc's
KeyView SDK allows attackers to execute arbitrary code with the
privileges of the current user.
This vulnerability exists within the "wp6sr.dll" which implements the
processing of Word Perfect Documents. When processing certain records,
data is copied from the file into a fixed-size stack buffer without
ensuring that enough space is available. By overflowing the buffer, an
attacker can overwrite control flow structures stored on the stack.
III. ANALYSIS
Exploitation allows attackers to execute arbitrary code with the
privileges of the user. In order to exploit this vulnerability, an
attacker must cause a specially crafted Word Perfect Document to be
processed by an application using the Autonmoy KeyView SDK.
In cases such as Lotus Notes, this requires that an attacker convince a
user to view an e-mail attachment. However, in other cases processing
may take place automatically as a document is examined.
IV. DETECTION
iDefense confirmed that this vulnerability exists within Lotus Notes 8
installed on a Windows XP SP3 machine. All applications which utilize
the Autonomy KeyView SDK to process Word Perfect Documents are
suspected to be vulnerable.
V. WORKAROUND
For Lotus Notes, it is possible to disable the processing of WPD files
by removing, or commenting out, the line referencing "wp6sr.dll" from
the "KeyView.ini" file within the Lotus Notes program directory.
Deleting "wp6sr.dll" from the affected system will also prevent
exploitation.
For Symantec Mail Security, disabling "content filtering" will prevent
exploitation.
Additional workarounds are available from the individual vendors'
advisories referenced below.
VI. VENDOR RESPONSE
IBM Support has released workarounds and a patch which addresses this
issue. For more information, consult their advisory at the following
URL:
http://www-01.ibm.com/support/docview.wss?rsF3&uid=swg21377573
Symantec has released patches which addresses this issue. For more
information, consult their advisory at the following URL:
http://www.symantec.com/avcenter/security/Content/2009.03.17a.html
Autonomy has released a patch which addresses this issue. For more
information, consult their advisory at the following URL:
https://customers.autonomy.com/support/secure/docs/Updates/Keyview/Filter%20SDK/10.4/kv_update_nti40_10.4.zip.readme.html
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2008-4564 to this issue. This is a candidate for inclusion in
the CVE list (
http://cve.mitre.org/), which standardizes names for
security problems.
VIII. DISCLOSURE TIMELINE
01/14/2008 to IBM & Symantec - 1st notice
11/24/2008 to Autonomy - 1st notice
12/04/2008 From Autonomy - 1st response
12/04/2008 to Autonomy - 2nd notice
12/05/2008 From Autonomy - PoC Request
12/08/2008 to Autonomy - PoC sent
12/09/2008 From Autonomy - PoC Resend Request
12/09/2008 to Autonomy - PoC Resend sent
12/11/2008 From Autonomy - PoC Clarification Request
12/11/2008 to Autonomy - PoC Clarification reply
01/14/2009 From Autonomy - Reset tentative disclosure / patch date
01/14/2009 From Symantec - 1st response
01/19/2009 From IBM - 1st response & PoC Request
01/21/2009 From Autonomy - New proposed tentative disclosure date - End
of February 2009
01/21/2009 From Symantec - Proposed tentative disclosure date -
February 24, 2009
01/30/2009 Multiple vendor coordination status sent
01/30/2009 to IBM - PoC resent
02/05/2009 From IBM - clarification request
02/12/2009 From IBM - clarification request
02/13/2009 to IBM - clarification response
02/18/2009 From IBM - requests PoC clarification
02/19/2009 to IBM - PoC clarification sent
02/23/2009 From Symantec - cross-vendor status request
02/23/2009 to Symantec - cross-vendor status sent
02/27/2009 From IBM - progress report received
02/27/2009 From Symantec - cross-vendor status request
03/02/2009 From IBM - vulnerability confirmed, patch ready
03/10/2009 All vendors agree on March 17, 2009
03/10/2009 From IBM - Proposed tentative date be a Tuesday or Wednesday
03/10/2009 From Symantec - cross-vendor status request
03/10/2009 From Symantec - cross-vendor status request
03/10/2009 Multiple vendor coordination status sent - proposed March
17, 2009 release
03/10/2009 To Symantec - status report sent
03/17/2009 Coordinated Public Disclosure
IX. CREDIT
The discoverer of this vulnerability wishes to remain anonymous.
Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events
http://labs.idefense.com/
X. LEGAL NOTICES
Copyright � 2009 iDefense, Inc.
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically,
please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information.
From - Wed Mar 18 11:31:46 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006ac3
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39791-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 03758ECDD5
for <lists@securityspace.com>; Wed, 18 Mar 2009 11:29:22 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 7A4E414395E; Wed, 18 Mar 2009 08:21:14 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 2594 invoked from network); 17 Mar 2009 22:37:55 -0000
Date: Tue, 17 Mar 2009 16:38:05 -0600
Message-Id: <200903172238.n2HMc5rS008726@www3.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: security.assurance@nab.com.au
To: bugtraq@securityfocus.com
Subject: Sitecore .NET 5.3.x - web service information disclosure
Status:
Title:
Sitecore web service information disclosure
CVE Identifier:
____________
Credit:
National Australia Bank's Security Assurance Team.
The vendor was advised of this vulnerability prior to its public release. National Australia Bank adheres to the �Guidelines for Security Vulnerability Reporting and Response V2.0� document when issuing security advisories.
Class:
Information Disclosure
Privilege Escalation
Remote:
Yes
Local:
Yes
Vulnerable:
Sitecore.NET 5.3.1 (rev. 071114) � other versions may also be vulnerable.
Not Vulnerable:
Vendor:
Sitecore
Discussion:
National Australia Bank's Security Assurance Team have identified a vulnerability in the Visual Sitecore Service, part of the Sitecore CMS application, that allows low privileged users to gain access to administrative and other users� credentials.
Exploit:
No exploit code provided. Simple SOAP/XML queries are all that is required.
Solution:
Apply patch V5.3.2 rev. 090212
References:
Vendor Advisory
http://sdn5.sitecore.net/Products/Sitecore%20V5/Sitecore%20CMS%205,-d-,3/ReleaseNotes/V5,-d-,3,-d-,2/ChangeLog.aspx
From - Wed Mar 18 11:41:46 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006ac4
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39789-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 8C40DEDA1C
for <lists@securityspace.com>; Wed, 18 Mar 2009 11:34:34 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 0A15F143937; Wed, 18 Mar 2009 08:16:04 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 9201 invoked from network); 18 Mar 2009 04:38:41 -0000
Date: Tue, 17 Mar 2009 22:38:52 -0600
Message-Id: <200903180438.n2I4cqWT022177@www3.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: dh@layereddefense.com
To: bugtraq@securityfocus.com
Subject: Layered Defense Research Advisory: Format String Vulnerablity in
Symantec PcAnywhere v10-12.5
Status:
=================================================Layered Defense Research Advisory 17 March 2009
=================================================1) Affected Product
Symantec PcAnywhere version 10 � 12.5
=================================================2) Severity Rating: Low
=================================================3) Description of Vulnerability
A local format string vulnerability was discovered within Symantec PcAnywhere version 10 thru 12.5 .The vulnerability is due to improper processing of format strings within (.CHF) remote control file names or associated file path . When special crafted format strings are entered as the file name (%s%s%s%s%s.chf) or within the path of the CHF file the format string vulnerability is triggered. Making it possible to read/write arbitrary memory and at a minimum cause a denial of service condition.
=================================================4) Solution : Upgrade to version 12.5 SP1
=================================================5) Time Table:
01/06/2009 Reported Vulnerability to Vendor.
01/08/2008 Vendor acknowledged the vulnerability
03/17/2008 Vendor published fix
=================================================6) Credits Discovered by Deral Heiland, www.LayeredDefense.com
=================================================7) Reference
http://www.symantec.com/avcenter/security/Content/2009.03.17.html
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0538
=================================================8) About Layered Defense Layered Defense, Is a group of security professionals that work together on ethical Research, Testing and Training within the information security arena.
http://www.layereddefense.com
=================================================
From - Wed Mar 18 11:51:48 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006ac5
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39785-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id AD5F2ED730
for <lists@securityspace.com>; Wed, 18 Mar 2009 11:46:23 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 3A9BF1436E7; Wed, 18 Mar 2009 08:11:31 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 1651 invoked from network); 17 Mar 2009 22:10:47 -0000
Date: Tue, 17 Mar 2009 17:11:30 -0500
From: Jamie Strandboge <jamie@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: [USN-740-1] NSS vulnerability
Message-ID: <20090317221130.GD6143@severus.strandboge.com>
Reply-To: Jamie Strandboge <jamie@canonical.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="NtwzykIc2mflq5ck"
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
Status:
--NtwzykIc2mflq5ck
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================Ubuntu Security Notice USN-740-1 March 17, 2009
nss, firefox vulnerability
CVE-2004-2761
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libnss3 1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2
Ubuntu 7.10:
libnss3-0d 3.11.5-3ubuntu0.7.10.2
Ubuntu 8.04 LTS:
libnss3-0d 3.12.0.3-0ubuntu0.8.04.5
libnss3-1d 3.12.0.3-0ubuntu0.8.04.5
Ubuntu 8.10:
libnss3-1d 3.12.0.3-0ubuntu5.8.10.1
After a standard system upgrade you need to restart your session to
effect the necessary changes.
Details follow:
The MD5 algorithm is known not to be collision resistant. This update
blacklists the proof of concept rogue certificate authority as discussed
in
http://www.win.tue.nl/hashclash/rogue-ca/.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2.diff.gz
Size/MD5: 188837 84bf6c0e34576e50daab0284028533bb
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2.dsc
Size/MD5: 2389 abbe8becc260777f55315eb565f8d732
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k.orig.tar.gz
Size/MD5: 48504132 171958941a2ca0562039add097278245
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_all.deb
Size/MD5: 53898 025eab1318c7a90e48fb0a927bbbd433
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_all.deb
Size/MD5: 53014 87135a54ac04ea95a0a3c7dccb8a4d4e
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
Size/MD5: 47681092 19a313089bf1da267950c8f5b8d2d2df
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
Size/MD5: 2859292 f6a4b48f0e0e3250d83f0bf4183836f7
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
Size/MD5: 86270 0bd3983f76c7474d37018f26eee721f4
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
Size/MD5: 9494334 91c75d6baf740531224bed258c6622b9
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
Size/MD5: 222572 2779237df4dc1c30d8d2c01623eef1e3
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
Size/MD5: 166118 862f4a02164840c1d94228a396c2688c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
Size/MD5: 248116 183208d5e43c3ddc117d6cbefc54a472
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
Size/MD5: 826574 2ff813a52cac4b3392f056b145129821
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
Size/MD5: 218858 2fcc1d909f4fdafaced1b1f737f83bf1
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
Size/MD5: 44228668 5a244b5b731d0d703cb573e2db10b74b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
Size/MD5: 2859256 274033babbff1131a391ca71c19a6e6b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
Size/MD5: 78600 3e86ec8d1b73b8f7b822f12aaa56451a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
Size/MD5: 7997718 56cb9f85d34aa86721dcc36414b8f0e9
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
Size/MD5: 222564 14edfb722d08b49930b901114b841c81
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
Size/MD5: 150606 fa56606c4d002559ee41e965299b523a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
Size/MD5: 248106 58139d67e47359f9cb056ad29292d06d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
Size/MD5: 717824 ce294179ee0e0fcdea589e751548f04e
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
Size/MD5: 212058 b3874b6f769aeafedce238b9a15e7b09
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
Size/MD5: 49085684 a4ea3920e8120e9dc7138cf8e8595aa4
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
Size/MD5: 2859352 dac458ed9e848ba8c64d0e18071149f8
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
Size/MD5: 81686 228d420fc876cb95b6edad70d58c2c48
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
Size/MD5: 9113232 7ba2b92dad312ca9d2186dac6380d638
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
Size/MD5: 222564 9e89e2cc261f1c1b43e0b765e140d3d5
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
Size/MD5: 163310 3ddb28abafbffe0943e25f48267df5f1
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
Size/MD5: 248128 94da18de9bba74798a5ae257e85d882b
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
Size/MD5: 817522 eb53d37dea9fce55780abda44b94ca89
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
Size/MD5: 215556 779f90ccb4534487d2274536ac9279dd
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
Size/MD5: 45629214 b30a5365e327c4366ae3ea2b393e1d78
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
Size/MD5: 2859296 c7f225dc39717d6156b9163c7a8ddda0
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
Size/MD5: 80180 51ca826844fa46702feb9bbeb5c6e999
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
Size/MD5: 8499070 ee1fd111aa113ac50e5ea42dc85e1e77
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
Size/MD5: 222590 6a5621015d57ffbd93f92a8552d98e54
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
Size/MD5: 153210 b7c4a9074a678fcaf70a4db7bcb8fd5d
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
Size/MD5: 248150 1273ab06f98bf861e4e66985add8685a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
Size/MD5: 728698 cd5ba0f693710a604274d327d4724c88
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
Size/MD5: 213030 fe7a017cd7f4a8a9064372e51f903263
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5-3ubuntu0.7.10.2.diff.gz
Size/MD5: 23735 2c3b55fe3f316790d2174a56709723ad
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5-3ubuntu0.7.10.2.dsc
Size/MD5: 1925 9d9a2fa42ff8dcb452761d66e3238ef6
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5.orig.tar.gz
Size/MD5: 3696893 1add44e6a41dbf5091cfd000f19ad6b9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_amd64.deb
Size/MD5: 3143890 dad0155f293aff8a59d42086cef022c3
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_amd64.deb
Size/MD5: 799588 70d491944efd2ce20cb839da11030b0e
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_amd64.deb
Size/MD5: 241342 567c357ea31e0e1729db4738822aa7b0
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_amd64.deb
Size/MD5: 656372 a6868f642b5c295236c7df01dbc3f2d9
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_i386.deb
Size/MD5: 2995870 d4ea291de433c1768148f35a4f40e596
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_i386.deb
Size/MD5: 723166 81b970c37e37b2bfe13bf8edf8b8c2df
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_i386.deb
Size/MD5: 238436 a901d3b0431faa6bfd4d8b732fc6b8ed
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_i386.deb
Size/MD5: 605568 f7a02ba6c2e65c2e3644f81e2e5add33
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_lpia.deb
Size/MD5: 3213428 32f032e4c5ebc8383d334e2de5b1e0b5
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_lpia.deb
Size/MD5: 709556 606d9ee62127ecad6620ce6ee2a351c1
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_lpia.deb
Size/MD5: 237148 526eb9b27871cee224d480ce8483d015
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_lpia.deb
Size/MD5: 596394 35c4ef7f97a6934947760236b119d1f1
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_powerpc.deb
Size/MD5: 3168400 13560d02da9c481147177504476a3f21
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_powerpc.deb
Size/MD5: 807892 5a0232d184bb4d87811974d61a902e17
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_powerpc.deb
Size/MD5: 240514 9cfb4b3bace2f033b7c55ba571d0c4a1
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_powerpc.deb
Size/MD5: 645362 ccd118c24941759b0c2e758ae60b4ba5
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_sparc.deb
Size/MD5: 2834042 f884524281d9521e07b60c8bf9aa8074
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_sparc.deb
Size/MD5: 718096 906896f0101a88bd6cb78ffdb103fe0e
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_sparc.deb
Size/MD5: 235222 f679c8d076c15860a41c1e16b1d69ded
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_sparc.deb
Size/MD5: 576390 75811d5dc9ddd1eca108bc50ffe3e911
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu0.8.04.5.diff.gz
Size/MD5: 38918 6fda80e067b0f84e323b3556b5f9dd18
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu0.8.04.5.dsc
Size/MD5: 2001 e9365c71192c0e568d5dd9891708e436
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3.orig.tar.gz
Size/MD5: 5161407 9e96418400e073f982e83c235718c4e9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_amd64.deb
Size/MD5: 17910 7933180f37ce55969719730463fef4cb
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_amd64.deb
Size/MD5: 4511304 1a241985ee6673075b8610bbb2be2902
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_amd64.deb
Size/MD5: 1135226 fcc9b7555aac5a0ef0260aa639b7421a
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_amd64.deb
Size/MD5: 256738 992898a7cce94822e29a3e0d5d318e46
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_amd64.deb
Size/MD5: 813730 542b82a7837b4a43191fd5862a97699e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_i386.deb
Size/MD5: 17894 3ea3554784b1242ce89f96bb631d0c4d
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_i386.deb
Size/MD5: 4294520 d7eb7d334bd821d887e24d76d8e2804f
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_i386.deb
Size/MD5: 1017710 7afd17b32bc5ce80babf2405488997e8
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_i386.deb
Size/MD5: 253724 f7f8ad3723f384a657907016b8476c35
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_i386.deb
Size/MD5: 741278 ed53c68732f059a90a35310b68c4be88
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_lpia.deb
Size/MD5: 17874 5e1a506010c923ba8a41129fef693344
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_lpia.deb
Size/MD5: 4322188 cd5765f42aaffa32e20b0ac0510d9b6c
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_lpia.deb
Size/MD5: 993934 313d088bd4a0a44fe05b762e33ef927d
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_lpia.deb
Size/MD5: 252500 dcaf82868eaa0e3162a6a49fb6f512be
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_lpia.deb
Size/MD5: 719648 8e422c9ee3dd5a062f547d36d6e2725c
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb
Size/MD5: 20352 144b270c8fc23407e1da27112151c952
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb
Size/MD5: 4440132 f89a7f34a199abd8e0d840bb011ca5bf
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb
Size/MD5: 1115852 d88c0295406e468f7ac1c087edb661dd
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb
Size/MD5: 255446 4eef63577fbaa5b611b0d9064c47ac6c
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb
Size/MD5: 777064 83ad19b301d2c1eceef6682cbad5a00d
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_sparc.deb
Size/MD5: 17976 c763ceebcc3bf6371477809a8589cebf
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_sparc.deb
Size/MD5: 4038136 bbb4ff75f73844f33727fada2ca730b4
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_sparc.deb
Size/MD5: 995598 2785d368bbb6665eee586ac3fc3e453e
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_sparc.deb
Size/MD5: 250450 a972e1131466d149480a574a57537c37
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_sparc.deb
Size/MD5: 702432 d16a1353ba80d7104820f97c4f712334
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu5.8.10.1.diff.gz
Size/MD5: 38881 8be9f8eb187a657a743e115f58dbb58b
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu5.8.10.1.dsc
Size/MD5: 2001 88381f73650cd5c2c369f387638ec40d
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3.orig.tar.gz
Size/MD5: 5161407 9e96418400e073f982e83c235718c4e9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_amd64.deb
Size/MD5: 4696732 5e2844909ee8896f71548c37f7ab711f
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_amd64.deb
Size/MD5: 1182642 6f73554c7970e2c0e3da7dcddf8d4d7f
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_amd64.deb
Size/MD5: 256520 808f5ff374081b1fd7f981699e267828
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_amd64.deb
Size/MD5: 17962 63411a0d50d9fa340f688c7a5cec33ae
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_amd64.deb
Size/MD5: 824382 367bbe2bf29f17c4fa5b085142e0bc8f
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_i386.deb
Size/MD5: 4450042 bb8560c5208a6f4d2a121a93d7ff7bac
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_i386.deb
Size/MD5: 1054914 1f7cbdc5e0776b8c2fc92241776bd96e
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_i386.deb
Size/MD5: 253554 c1cc8fff73ef7b34dadc6fea411bc7db
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_i386.deb
Size/MD5: 17940 b3577f334ed9f5a95c6fdbdd4de83ef4
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_i386.deb
Size/MD5: 752462 703f7bd356efc312f216e361209ef3a7
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_lpia.deb
Size/MD5: 4482980 c27f13a5f5aba10c93b2dda917c1ba31
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_lpia.deb
Size/MD5: 1029092 3b2805f79d61b595907187846da18a54
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_lpia.deb
Size/MD5: 252140 06b18884a6e275a5fc9a73abd1464875
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_lpia.deb
Size/MD5: 17914 28d1eeaac6ba2f9c17da9a9a6ea35fdd
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_lpia.deb
Size/MD5: 730786 e1497e0cbdf8d7c3ac4c6e80e86837bf
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb
Size/MD5: 4659468 ceb162226c93c950c71d2f0236b9d53e
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb
Size/MD5: 1137358 f61287d145339ece156686d86a971480
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb
Size/MD5: 255312 d7787174c0d6b25467b0f1262306be06
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb
Size/MD5: 20352 082622bc3e21161a1085695bd4f8f961
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb
Size/MD5: 775316 78ca70e113bd97d42f62e19e0ac8fdb1
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_sparc.deb
Size/MD5: 4168250 b9f3c0b8eab76476c9bb057b43d9df40
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_sparc.deb
Size/MD5: 1015340 5dd83c288df733b6a84247b48d945647
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_sparc.deb
Size/MD5: 250138 f6a1dd454cc44a4684ab288e9eadde56
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_sparc.deb
Size/MD5: 18068 27f0453909db6eda6d8ffd3ef35454c9
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_sparc.deb
Size/MD5: 703524 e87fca0b128626aebf5bce77473ee8e0
