From sec-adv at secunia.com Mon Nov 2 09:18:06 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 2 Nov 2009 18:18:06 +0100 Subject: [SEC] [SA37221] IBM WebSphere Application Server for z/OS Multiple Vulnerabilities Message-ID: <200911021718.nA2HI6aA028617@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: IBM WebSphere Application Server for z/OS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA37221 VERIFY ADVISORY: http://secunia.com/advisories/37221/ DESCRIPTION: Some vulnerabilities have been reported in IBM WebSphere Application Server for z/OS, which can be exploited by malicious people to potentially disclose sensitive information, conduct cross-site request forgery attacks, or cause a DoS (Denial of Service). 1) Some vulnerabilities in APR-util can be exploited by malicious users and malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). For more information: SA35284 2) An unspecified error in the "Apr_xml_*" interface can be exploited to cause a DoS. 3) The administrative console allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform normally restricted actions if a logged-in user visits a malicious web site. 4) An error in the included web server can be exploited to e.g. cause a high CPU load via specially crafted HTTP requests. For more information: SA35781 The vulnerabilities are reported in WebSphere Application Server version 7.0 for z/OS. Other versions may also be affected. SOLUTION: Apply APARs PK99478, PK99477, and PK99480. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (PK88341, PK88342): http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478 IBM (PK87176): http://www-01.ibm.com/support/docview.wss?uid=swg1PK99477 IBM (PK91361): http://www-01.ibm.com/support/docview.wss?uid=swg1PK99480 OTHER REFERENCES: SA35284: http://secunia.com/advisories/35284/ SA35781: http://secunia.com/advisories/35781/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 09:52:19 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 2 Nov 2009 18:52:19 +0100 Subject: [SEC] [SA37210] IBM Runtimes for Java Technology XML4J Unspecified Vulnerability Message-ID: <200911021752.nA2HqJ7K015563@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: IBM Runtimes for Java Technology XML4J Unspecified Vulnerability SECUNIA ADVISORY ID: SA37210 VERIFY ADVISORY: http://secunia.com/advisories/37210/ DESCRIPTION: A vulnerability with an unknown impact has been reported in IBM Runtimes for Java Technology. The vulnerability is caused due to an error in the XML4J component when parsing XML code. No further information is available. The vulnerability is reported in version 5.0. Other versions may also be affected. SOLUTION: Install build 20090626 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www-01.ibm.com/support/docview.wss?uid=swg1IZ63920 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 10:18:18 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 2 Nov 2009 19:18:18 +0100 Subject: [SEC] [SA37225] Joomla Jumi Component Backdoor Security Issue Message-ID: <200911021818.nA2IIIco002460@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Joomla Jumi Component Backdoor Security Issue SECUNIA ADVISORY ID: SA37225 VERIFY ADVISORY: http://secunia.com/advisories/37225/ DESCRIPTION: A security issue has been reported in the Jumi component for Joomla!, which can be exploited by malicious people to potentially compromise a vulnerable system. The security issue is caused due to a backdoor in the application and can be exploited to potentially execute arbitrary PHP code. Note: Successful exploitation requires the knowledge of a secret key. SOLUTION: The vendor has released clean installation files. PROVIDED AND/OR DISCOVERED BY: Jan van Niekerk ORIGINAL ADVISORY: http://code.google.com/p/jumi/issues/detail?id=45 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 10:52:21 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 2 Nov 2009 19:52:21 +0100 Subject: [SEC] [SA37205] PSArt "id" SQL Injection Vulnerability Message-ID: <200911021852.nA2IqLcX021854@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: PSArt "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA37205 VERIFY ADVISORY: http://secunia.com/advisories/37205/ DESCRIPTION: A vulnerability has been reported in PSArt, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "id" parameter in news.asp is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 1.2.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Securitylab Security Research Team ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 11:18:25 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 2 Nov 2009 20:18:25 +0100 Subject: [SEC] [SA37204] Twilight CMS "calendar" Cross-Site Scripting Vulnerability Message-ID: <200911021918.nA2JIPo3008773@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Twilight CMS "calendar" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA37204 VERIFY ADVISORY: http://secunia.com/advisories/37204/ DESCRIPTION: Vladimir Vorontsov has reported a vulnerability in Twilight CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "calendar" parameter to /news/ is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Update to version 4.1. PROVIDED AND/OR DISCOVERED BY: Vladimir Vorontsov ORIGINAL ADVISORY: http://onsec.ru/vuln?id=10 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 11:52:25 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 2 Nov 2009 20:52:25 +0100 Subject: [SEC] [SA37218] Debian update for mahara Message-ID: <200911021952.nA2JqPWl028144@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Debian update for mahara SECUNIA ADVISORY ID: SA37218 VERIFY ADVISORY: http://secunia.com/advisories/37218/ DESCRIPTION: Debian has issued an update for mahara. This fixes some vulnerabilities, which can be exploited by malicious users to gain escalated privileges and by malicious people to conduct cross-site scripting attacks. For more information: SA37217 SOLUTION: Apply updated packages. -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny4.dsc Size/MD5 checksum: 1304 a89de002e60d1435fe9c7375cdd353b3 http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4.orig.tar.gz Size/MD5 checksum: 2383079 cf1158e4fe3cdba14fb1b71657bf8cc9 http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny4.diff.gz Size/MD5 checksum: 40473 61fa7821c6637801a3f7a22ed5993233 Architecture independent packages: http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1.0.4-4+lenny4_all.deb Size/MD5 checksum: 7908 ce0748a7b83729e5f987529b871f9428 http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny4_all.deb Size/MD5 checksum: 1637754 cf0bdb218c9fbd5723f1be19ac4b84a6 ORIGINAL ADVISORY: DSA-1924-1: http://www.us.debian.org/security/2009/dsa-1924 OTHER REFERENCES: SA37217: http://secunia.com/advisories/37217/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 12:21:40 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 2 Nov 2009 21:21:40 +0100 Subject: [SEC] [SA37222] Ubuntu update for firefox and xulrunner Message-ID: <200911022021.nA2KLe8a015084@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Ubuntu update for firefox and xulrunner SECUNIA ADVISORY ID: SA37222 VERIFY ADVISORY: http://secunia.com/advisories/37222/ DESCRIPTION: Ubuntu has issued an update for firefox and xulrunner. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, manipulate certain data, or compromise a user's system. For more information: SA36649 SA36711 SOLUTION: Apply updated packages. -- Ubuntu 8.04 LTS -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.15+nobinonly-0ubuntu0.8.04.1.diff.gz Size/MD5: 106314 5705de8eacb2271b4704b3a456227d85 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.15+nobinonly-0ubuntu0.8.04.1.dsc Size/MD5: 2732 87deeeecc44882f56d6f0b86b220d567 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.15+nobinonly.orig.tar.gz Size/MD5: 11627656 5d238a2e0ba1f6fbec5d40f1239840a6 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.15+nobinonly-0ubuntu0.8.04.1.diff.gz Size/MD5: 79445 5dc738d84a62365f5482e34e04453d8c http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.15+nobinonly-0ubuntu0.8.04.1.dsc Size/MD5: 2783 84818b8054ad47e12789f5e3776bc898 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.15+nobinonly.orig.tar.gz Size/MD5: 40751836 b9bfd76fae07b34be42fca0ef6db34ec Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.0.15+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66396 dff2bc7224706812a4764b1f5eb8d21f http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.0.15+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66406 e6e1dac2c70d3f28e50772e6dd7db429 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-granparadiso-dev_3.0.15+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66372 37aa687049c0907e8045a6d454a50f77 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-trunk-dev_3.0.15+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66358 3d45490d47ea2254d141d27e4445865e http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.0.15+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66506 0b3af90c48b358a22cb26106612a34c8 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-dom-inspector_3.0.15+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66424 e98d0cc8d9f02a4edf5cd11bb4fd216b http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-venkman_3.0.15+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66362 47a2aa9a108eee5a27c63f106c3897f5 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-dom-inspector_3.0.15+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 8976 3b789894c19ce7d35f5c3bad17a6dc09 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-dom-inspector_3.0.15+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 8958 ab5eff131dc69135a2f2de27c6567178 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-gnome-support_3.0.15+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66390 08e931911e2a12be868e5f3c3d52fdee http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso_3.0.15+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66356 a44f31071c9c955cdad80f5846b244a1 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-libthai_3.0.15+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66350 2571ae7f86cb3abbbb482f3659a70686 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-dom-inspector_3.0.15+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 8946 6f14cfaded3928c4337bed691cbd0ab2 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-gnome-support_3.0.15+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66372 0aa7caf04942920c994f1d5ab352b802 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-venkman_3.0.15+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 8938 0cfd1dda39f6ed7701bae6754f19ac6c http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk_3.0.15+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66338 aa1b1c8f1530cee15a8cdfc5d42b0de5 http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-dom-inspector_1.9.0.15+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 125954 4eebc3dde0be0c1c17eec8acd20cf415 http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-venkman_1.9.0.15+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 235964 cde76d23cd952f30f09ca762a0f470e7 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.15+nobinonly-0ubuntu0.8.04.1_amd64.deb Size/MD5: 9024 dde277a329dda4d1904a9c620d0be8b2 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.15+nobinonly-0ubuntu0.8.04.1_amd64.deb Size/MD5: 29584 ad6b85cfbf9f20ed903e053fe214519b http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.15+nobinonly-0ubuntu0.8.04.1_amd64.deb Size/MD5: 1092334 7e90c3fe4691c9b729ff9d43939c4fb9 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.15+nobinonly-0ubuntu0.8.04.1_amd64.deb Size/MD5: 4647306 f647f5c2ff09c4f4872558fb31592ed3 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.15+nobinonly-0ubuntu0.8.04.1_amd64.deb Size/MD5: 48650 95a4e0dde648c064177a19036e224c18 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.15+nobinonly-0ubuntu0.8.04.1_amd64.deb Size/MD5: 9085778 109f3e5aa682c47cf1a7b9c40c0e5cc1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.15+nobinonly-0ubuntu0.8.04.1_i386.deb Size/MD5: 9024 f6ae83aa42174a8f67f4a8e953a84d5a http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.15+nobinonly-0ubuntu0.8.04.1_i386.deb Size/MD5: 25728 a28f7e519284af5c7806a2ac6b195d53 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.15+nobinonly-0ubuntu0.8.04.1_i386.deb Size/MD5: 1071412 13f096672744864409aab57b64fe7dee http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.15+nobinonly-0ubuntu0.8.04.1_i386.deb Size/MD5: 4623658 35049aba5bf35c512859d0ec5ecdc33e http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.15+nobinonly-0ubuntu0.8.04.1_i386.deb Size/MD5: 38514 1dd97bb57d8b7152fb09e95f1b71670a http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.15+nobinonly-0ubuntu0.8.04.1_i386.deb Size/MD5: 7813136 883aa64f8ca7c711fab5c1469f591d8a lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.15+nobinonly-0ubuntu0.8.04.1_lpia.deb Size/MD5: 9026 f479af46755aec9b3371d757783d7705 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.15+nobinonly-0ubuntu0.8.04.1_lpia.deb Size/MD5: 25342 843e800bb88ef030406d0a6fc492c63a http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.15+nobinonly-0ubuntu0.8.04.1_lpia.deb Size/MD5: 1068070 6ce9348959f3bfac9ab935b598f69de2 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.15+nobinonly-0ubuntu0.8.04.1_lpia.deb Size/MD5: 4619186 f03958973abbb5b148ec3783e7f4da6e http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.15+nobinonly-0ubuntu0.8.04.1_lpia.deb Size/MD5: 37604 3a4d044d8edaecf09b8ae381d3149fde http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.15+nobinonly-0ubuntu0.8.04.1_lpia.deb Size/MD5: 7700428 f55de61c6d5b7adb150e7b3ef95fb668 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.15+nobinonly-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 9032 e88492418a0413b3b9d74b0e653028fe http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.15+nobinonly-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 27508 f4b849c196275fe215aefed477dc369d http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.15+nobinonly-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 1085406 93afbe04b45809bf75253d5801c41602 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.15+nobinonly-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 4615126 425cfb479093d4d7e491dbe756aa4e86 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.15+nobinonly-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 43668 4830136ef1102433aaa362975df47ae7 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.15+nobinonly-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 8663760 4548373a1d72e4b65b78dfe9f2d79ca2 -- Ubuntu 8.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.15+nobinonly-0ubuntu0.8.10.1.diff.gz Size/MD5: 124142 b47fc547db8d74df2591604a21db64f3 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.15+nobinonly-0ubuntu0.8.10.1.dsc Size/MD5: 2787 1f500be588ff719e9530a94929be8837 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.15+nobinonly.orig.tar.gz Size/MD5: 11627656 5d238a2e0ba1f6fbec5d40f1239840a6 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.15+nobinonly-0ubuntu0.8.10.1.diff.gz Size/MD5: 251317 75993b68b70b48d424260e517bd4e034 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.15+nobinonly-0ubuntu0.8.10.1.dsc Size/MD5: 2801 ff4eed794aef2d6198baf13d247d5838 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.15+nobinonly.orig.tar.gz Size/MD5: 40751836 b9bfd76fae07b34be42fca0ef6db34ec Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser_3.0.15+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69258 e82c82013718e0ed40b893db28988085 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.0.15+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69154 0f8787bb8ae46ab37e03cc111e89d410 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.0.15+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69166 388f2886da27a322902e7cf77828b131 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-granparadiso-dev_3.0.15+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69132 9f823fe4de0d11e219605abb1bd62029 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-trunk-dev_3.0.15+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69114 7f58f472e957c685d3e16356c2df1d17 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.0.15+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69250 18ec520bca2457cbe2f673fd8a3f1d79 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-dom-inspector_3.0.15+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69184 53e4522dc0717941e7ec8b87b30bf5ce http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-venkman_3.0.15+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69126 fd72601171e61b3affbfba8347db1918 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-dom-inspector_3.0.15+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 8974 c7e813afe5623c1aa10970f66fc9dd32 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-dom-inspector_3.0.15+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 8962 b83a8d10144cc5e56a4c45e161a13fe7 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-gnome-support_3.0.15+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69154 280c1e33198a49e5e47439e56f9f9495 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso_3.0.15+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69116 8c373713cd581b7fbb96a34fd5c9870a http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-libthai_3.0.15+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69114 0921b64c592917919e6347e204c7c6e4 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-dom-inspector_3.0.15+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 8946 b0b1e8939293c2a694e109cf7285605c http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-gnome-support_3.0.15+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69132 8f5de509d110294727f5d35881d4fced http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-venkman_3.0.15+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 8938 0e0fcd7ff05e92b16c2bfebc55a97690 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk_3.0.15+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69102 ebbc63136fcf86b0ff0bcda2aac8f601 http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-dom-inspector_1.9.0.15+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 127938 0167ff7483fdca0afc7d7e6dd9446657 http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-venkman_1.9.0.15+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 237694 0be5a9afc80ad039c69fc2a6eec5f7d2 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.15+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 203878 bd4bf50a3f8d61e79cecdb34cfe99822 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.15+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 202300 91117ebf5ecce434b2de2d8ce8687932 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.15+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 69208 d6a39b9a7ab18fda1dbef36ecf62f573 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.15+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 88636 06aad77f9216c4287ff5a117e39fb99e http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.15+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 905358 1065ce83d9ed23474a165e21ec85ceff http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.15+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 4565998 1a1ca50480ccd4f71f317613d04b12b8 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.15+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 47104 74aabc25c0582dd048af0ab6551b7b5f http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.15+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 8732748 c5c06c623ba19638b825b0b28cd3fff3 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.15+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 22886 887f9d5666a347ba7b5883e2c2e0fc14 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.15+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 203888 b303e167a1a24137412fd52bbc09f45f http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.15+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 202304 20c2bc88f7058c762743e21a5fb305b8 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.15+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 69214 cbe42378a7c5bff7f03fdce331eec83b http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.15+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 84706 5f3c329e2c736ba28457823f2c13394d http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.15+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 887714 82d53d1833e9aa58af57e52c29de2371 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.15+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 4542406 78960dac678fc622c58eeffbdff27b97 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.15+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 39372 9168276c4c3aff90541a49648eafacd3 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.15+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 7562454 8d87b9e03a8565c668a0df59a7def1af http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.15+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 22884 52b756d56a1d596730e09122e2d23030 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.15+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 203888 38f22e953dbe2238b225ce2ae318fd8b http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.15+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 202296 0bdaba176b81cca1363fe6ab1fdef92d http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.15+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 69218 870c5a9f9b9cd0ae1b2510bd92d4523b http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.15+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 84104 785067fdd214f43ca4edd46e4ff33eaa http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.15+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 884932 9efca4aebc60e1a318ce51f2283812c8 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.15+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 4538726 ab554c07d7f6a32738cee8e0a10965ab http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.15+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 38406 90e31cbcff598dc18700b292c228d2e4 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.15+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 7457474 34624ebfe9af7efdd9c20c935d117cf6 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.15+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 22878 22afbdbc62ee03895f5db77b53d20411 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.15+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 203884 44afbb6ca13a77b671af1361d7700100 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.15+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 202300 f7495587631a0c43c1494b6bb70981a9 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.15+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 69216 92f6e7b0b241e1a659830b5211dee0c0 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.15+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 86086 655bdde20746e3177bc3dfe117d4b92c http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.15+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 899132 f48698dff1e5617ce57b524032fbc402 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.15+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 4532770 884abcb1082d43779536eb199285df75 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.15+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 42406 c918407dea92b14eb85711dc5e43d841 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.15+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 8299820 1e261f1e4d158f7856390c31f2405b1c http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.15+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 22884 18b982803d9add9072a3fee1b0f2c7bb -- Ubuntu 9.04 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.15+nobinonly-0ubuntu0.9.04.1.diff.gz Size/MD5: 124337 d7851e8ca75b8682d1e3eb93a1a0fafe http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.15+nobinonly-0ubuntu0.9.04.1.dsc Size/MD5: 2787 b915bfa3eb700d61af587dbabf7a7203 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.15+nobinonly.orig.tar.gz Size/MD5: 11627656 5d238a2e0ba1f6fbec5d40f1239840a6 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.15+nobinonly-0ubuntu0.9.04.1.diff.gz Size/MD5: 252043 1a10ae99d57c96670d13bf54497bddb1 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.15+nobinonly-0ubuntu0.9.04.1.dsc Size/MD5: 2801 9aabcba4400c8840b06ec1ba457036b3 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.15+nobinonly.orig.tar.gz Size/MD5: 40751836 b9bfd76fae07b34be42fca0ef6db34ec Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser_3.0.15+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69454 1a8e1dfac9a62ace574d77d7343d7cfa http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.0.15+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69360 30216d5be9e0dd318593b65379265876 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.0.15+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69370 4ff8fd47c4b415e53da1ea02210f8dad http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-granparadiso-dev_3.0.15+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69332 57fb2c52fd55e437d760e9a9c34a862c http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-trunk-dev_3.0.15+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69322 5d9f513c563636e9cc4b9c19f11dc70e http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.0.15+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69448 52cddadd53ee9bccbb5b9db73821d523 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-dom-inspector_3.0.15+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69382 62ce0dbbc23e7d877ccfd087e7e48387 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-venkman_3.0.15+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69336 5e02c786b9c64f3194c248d312a49da3 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-dom-inspector_3.0.15+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 8972 2fd0cf8d7a8a61355ebb087d9af18981 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-dom-inspector_3.0.15+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 8964 8230c82edaf2c9c15bfa5b3de092af4e http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-gnome-support_3.0.15+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69354 53289f71448e01750a4d119ee7e91675 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso_3.0.15+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69320 eb5979e3c2898d7465946fc24343beb5 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-libthai_3.0.15+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69312 ebca9ac7fea58656a93360823963d2f5 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-dom-inspector_3.0.15+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 8944 d794280cefc159511b3a9f32413517f7 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-gnome-support_3.0.15+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69336 e761bad26b5be0356dafb7097699cee2 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-venkman_3.0.15+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 8940 9c68d8b4e3dc2e1bca51e3a14774d0ce http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk_3.0.15+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69304 03520212fca02a7877b610e72a3a074a http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-dom-inspector_1.9.0.15+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 128294 9b9cb05135235214233a3b9bafdc299a http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-venkman_1.9.0.15+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 238136 9159fb699eafb95c92868968226514fc amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.15+nobinonly-0ubuntu0.9.04.1_amd64.deb Size/MD5: 204022 bdb7fddfa2533bbbb4f71e03bc5ba128 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.15+nobinonly-0ubuntu0.9.04.1_amd64.deb Size/MD5: 202510 3e2a4855592f96af21a00080188eccac http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.15+nobinonly-0ubuntu0.9.04.1_amd64.deb Size/MD5: 69420 b72832357890c336846eaf72720588e6 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.15+nobinonly-0ubuntu0.9.04.1_amd64.deb Size/MD5: 88850 b9d36c5d3f66d1d4c85878d2221632a7 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.15+nobinonly-0ubuntu0.9.04.1_amd64.deb Size/MD5: 905352 0047f0edf48e69f928592bc659051468 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.15+nobinonly-0ubuntu0.9.04.1_amd64.deb Size/MD5: 4565812 128c309117e9d06ab2484b53d4dde46d http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.15+nobinonly-0ubuntu0.9.04.1_amd64.deb Size/MD5: 47114 c2e78a7a7407a554105125f0d42d86f5 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.15+nobinonly-0ubuntu0.9.04.1_amd64.deb Size/MD5: 8733580 9595a439793f2ac83f88c0d956eb3ab5 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.15+nobinonly-0ubuntu0.9.04.1_amd64.deb Size/MD5: 23162 e47fcaeae05eed4bed1f779b60c19d82 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.15+nobinonly-0ubuntu0.9.04.1_i386.deb Size/MD5: 204032 049c20c68ff7243ccb446f4be29cb864 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.15+nobinonly-0ubuntu0.9.04.1_i386.deb Size/MD5: 202522 fc8335390f2a9f031655a0da0ac5b8ab http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.15+nobinonly-0ubuntu0.9.04.1_i386.deb Size/MD5: 69420 b70715e42adec05b204cf24fe5cb1a1b http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.15+nobinonly-0ubuntu0.9.04.1_i386.deb Size/MD5: 84914 4360fac3907dd6cf3f852851a797a5a8 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.15+nobinonly-0ubuntu0.9.04.1_i386.deb Size/MD5: 887712 f6186ad7f2cf98ae84af2dc4451b1d06 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.15+nobinonly-0ubuntu0.9.04.1_i386.deb Size/MD5: 4542604 a386b6c750d0efdbeafbe92922ef8617 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.15+nobinonly-0ubuntu0.9.04.1_i386.deb Size/MD5: 39374 5edf350841de3d1330384cdddd121c88 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.15+nobinonly-0ubuntu0.9.04.1_i386.deb Size/MD5: 7563652 18542b36b92378320149f8e2fe2f31f1 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.15+nobinonly-0ubuntu0.9.04.1_i386.deb Size/MD5: 23158 9b22f6ac1779781d75faffa46926e742 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.15+nobinonly-0ubuntu0.9.04.1_lpia.deb Size/MD5: 204022 16dbe6ce70e30919762c7e564c381ba8 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.15+nobinonly-0ubuntu0.9.04.1_lpia.deb Size/MD5: 202518 acc6ca725c05970519a63bcbf39cbed5 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.15+nobinonly-0ubuntu0.9.04.1_lpia.deb Size/MD5: 69414 df1009da0cac3c6c9cc8210d0cf62ca9 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.15+nobinonly-0ubuntu0.9.04.1_lpia.deb Size/MD5: 84306 1b92b6687c68f3240a7387c89acecd35 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.15+nobinonly-0ubuntu0.9.04.1_lpia.deb Size/MD5: 884844 4299f54c89799a5b21465aa389d29c03 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.15+nobinonly-0ubuntu0.9.04.1_lpia.deb Size/MD5: 4538536 449fce8c437a738ce104bb052402d834 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.15+nobinonly-0ubuntu0.9.04.1_lpia.deb Size/MD5: 38386 370368caa1e924eef603b70a03fbd851 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.15+nobinonly-0ubuntu0.9.04.1_lpia.deb Size/MD5: 7458522 1e9fafaffc9e3add3a29994240d9ea2d http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.15+nobinonly-0ubuntu0.9.04.1_lpia.deb Size/MD5: 23158 f0f4aa36178d76332f53e8ff6e0e40d9 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.15+nobinonly-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 204038 43fb08d0b11bbace9fbb0df07f3c17fc http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.15+nobinonly-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 202506 6d60bcf6e5d48384a0c087f667add1cb http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.15+nobinonly-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 69424 8752c10af7e37fd999ea6565407a3364 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.15+nobinonly-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 86304 30409a5e9eb84d22fa34e377caec65d9 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.15+nobinonly-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 899120 d52e578e493e6c4c1fd6521f520b9c07 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.15+nobinonly-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 4532518 6ff6faf1b426d771ebcf2d4d36a90151 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.15+nobinonly-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 42408 1faf4185ad7ac1521494111ffa587075 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.15+nobinonly-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 8300108 16b23a32f84973da26d523ab4e3c6224 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.15+nobinonly-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 23162 96d41650fcc99051c29b909caba0e1b6 -- Ubuntu 9.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5_3.5.4+nobinonly-0ubuntu0.9.10.1.diff.gz Size/MD5: 128482 9dc82d562eb81d9b5d1ed06aef8adc60 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5_3.5.4+nobinonly-0ubuntu0.9.10.1.dsc Size/MD5: 2940 e3c8303ef16c400dd03caa5b21a8f54c http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5_3.5.4+nobinonly.orig.tar.gz Size/MD5: 44918649 cbc9f1e8dc3701e24afbadcaf4cab6b6 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1_1.9.1.4+nobinonly-0ubuntu0.9.10.1.diff.gz Size/MD5: 64079 f3146f071bba9ec923ce5c3692ee56a0 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1_1.9.1.4+nobinonly-0ubuntu0.9.10.1.dsc Size/MD5: 2910 a914c8c8d98b04dcc4d20577deb77dcc http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1_1.9.1.4+nobinonly.orig.tar.gz Size/MD5: 44052132 a15d6074d33b6afb6a6aad4df2ef746c Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/abrowser_3.5.4+nobinonly-0ubuntu0.9.10.1_all.deb Size/MD5: 73218 536af67b220dbbcf384325436484f825 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.0-dev_3.5.4+nobinonly-0ubuntu0.9.10.1_all.deb Size/MD5: 73080 be270ba695fdb5072063af12aa1bb886 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.1-dbg_3.5.4+nobinonly-0ubuntu0.9.10.1_all.deb Size/MD5: 73072 7869862cfe58e65920f11f18816015d7 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.1-dev_3.5.4+nobinonly-0ubuntu0.9.10.1_all.deb Size/MD5: 73072 949278e4bb9db1ba2bb7e5a9e52fea3f http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-gnome-support_3.5.4+nobinonly-0ubuntu0.9.10.1_all.deb Size/MD5: 73128 0215c8b95814ef84ee888a56a58e4d62 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox_3.5.4+nobinonly-0ubuntu0.9.10.1_all.deb Size/MD5: 73234 244cf7ef75b96c7d78a40b59689e824a http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.0-branding_3.5.4+nobinonly-0ubuntu0.9.10.1_all.deb Size/MD5: 73090 dc14ee4aeba38f966ded3d407f0073db http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.0_3.5.4+nobinonly-0ubuntu0.9.10.1_all.deb Size/MD5: 8934 c2ebd6c0036da54ffb999cef63909cbc http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.1-branding_3.5.4+nobinonly-0ubuntu0.9.10.1_all.deb Size/MD5: 73092 01ef7feef2787abc5c87768d7e0eca49 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.1_3.5.4+nobinonly-0ubuntu0.9.10.1_all.deb Size/MD5: 8930 2bec1ec6d55595b9993698fccad1a923 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/abrowser-3.5_3.5.4+nobinonly-0ubuntu0.9.10.1_all.deb Size/MD5: 73274 88f0db8e573711ec1892281364bce194 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0-branding_3.5.4+nobinonly-0ubuntu0.9.10.1_all.deb Size/MD5: 73082 4869ecaef066055a19357a14437a10a8 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0-dom-inspector_3.5.4+nobinonly-0ubuntu0.9.10.1_all.deb Size/MD5: 73092 eaf9997d3a3eb3196f91a46d01db10c9 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0-gnome-support_3.5.4+nobinonly-0ubuntu0.9.10.1_all.deb Size/MD5: 73094 3162559dfca143a28afb57e284287907 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0-venkman_3.5.4+nobinonly-0ubuntu0.9.10.1_all.deb Size/MD5: 73076 df3311636dbba9e7be32939a710f2d6a http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.0_3.5.4+nobinonly-0ubuntu0.9.10.1_all.deb Size/MD5: 73058 16a3f529e471d4c340c887545fcb6024 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.1-branding_3.5.4+nobinonly-0ubuntu0.9.10.1_all.deb Size/MD5: 73080 ee67498e07de5f1fc2a748139fd6af85 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.1-gnome-support_3.5.4+nobinonly-0ubuntu0.9.10.1_all.deb Size/MD5: 73092 0f620f6511e9f3f1fd4fb8a74739f5a0 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-3.1_3.5.4+nobinonly-0ubuntu0.9.10.1_all.deb Size/MD5: 73062 a9b84d1f0c9508b6500d5a96d4c177df http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.5/firefox-dom-inspector_3.5.4+nobinonly-0ubuntu0.9.10.1_all.deb Size/MD5: 73078 9788ec96a6bd5bf10a65686f08000678 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/abrowser-3.5-branding_3.5.4+nobinonly-0ubuntu0.9.10.1_amd64.deb Size/MD5: 207638 66eedcddf7b9f647d503c75d87f43c5c http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-branding_3.5.4+nobinonly-0ubuntu0.9.10.1_amd64.deb Size/MD5: 206242 1d42c590c86e6921e54106f6655d8341 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-dbg_3.5.4+nobinonly-0ubuntu0.9.10.1_amd64.deb Size/MD5: 469750 0621c0fa860e65d59a3c2eb278324431 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-dev_3.5.4+nobinonly-0ubuntu0.9.10.1_amd64.deb Size/MD5: 73156 f78b4b4122e0193049649333c5e711f0 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-gnome-support_3.5.4+nobinonly-0ubuntu0.9.10.1_amd64.deb Size/MD5: 93380 199491869c0d67fa5b67c8def882d55a http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5_3.5.4+nobinonly-0ubuntu0.9.10.1_amd64.deb Size/MD5: 960098 17d24c00e04ffe03b796daf46e6d931d http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-dbg_1.9.1.4+nobinonly-0ubuntu0.9.10.1_amd64.deb Size/MD5: 59812336 5a8c5ff6a4ade6dea314d42d45c71294 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-dev_1.9.1.4+nobinonly-0ubuntu0.9.10.1_amd64.deb Size/MD5: 4783806 82c966fba4bef36d62fb62a617fd0c9c http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-gnome-support_1.9.1.4+nobinonly-0ubuntu0.9.10.1_amd64.deb Size/MD5: 47774 c97bd0d874084076392f50624a5ce1ef http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-testsuite-dev_1.9.1.4+nobinonly-0ubuntu0.9.10.1_amd64.deb Size/MD5: 70368 ec247a99c01322f4f556afd5ba034aee http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1_1.9.1.4+nobinonly-0ubuntu0.9.10.1_amd64.deb Size/MD5: 9095902 6ef686e38a00f5be030562b2137a0c71 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-dev_1.9.1.4+nobinonly-0ubuntu0.9.10.1_amd64.deb Size/MD5: 26602 1f204b43ba5817c50ba8aab88ee6a0fe http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9.1/xulrunner-1.9.1-testsuite_1.9.1.4+nobinonly-0ubuntu0.9.10.1_amd64.deb Size/MD5: 5586690 e6c957c1cae47f10ebde56cdc2c2a51c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/abrowser-3.5-branding_3.5.4+nobinonly-0ubuntu0.9.10.1_i386.deb Size/MD5: 207636 a342a6640445e4ed56b0e9ba83f2d6aa http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-branding_3.5.4+nobinonly-0ubuntu0.9.10.1_i386.deb Size/MD5: 206230 2beee0e64ab3de2a3dd0514859d5145f http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-dbg_3.5.4+nobinonly-0ubuntu0.9.10.1_i386.deb Size/MD5: 465294 b0caee3de369326841a21e34d3aa16fa http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-dev_3.5.4+nobinonly-0ubuntu0.9.10.1_i386.deb Size/MD5: 73156 19f0d3bd57e9d26ad6bd8b1d0866dbb5 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5-gnome-support_3.5.4+nobinonly-0ubuntu0.9.10.1_i386.deb Size/MD5: 89818 ed10a50370583dfc66e59ca5f8436c85 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.5/firefox-3.5_3.5.4+nobinonly-0ubuntu0.9.10.1_i386.deb Size/MD5: 942138 8b2441104be43f293773aa49196b1a06 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-dbg_1.9.1.4+nobinonly-0ubuntu0.9.10.1_i386.deb Size/MD5: 60223286 292f477e957505248ac555c10c985726 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-dev_1.9.1.4+nobinonly-0ubuntu0.9.10.1_i386.deb Size/MD5: 4804696 4993e80462b9b66585ebf3f96ff9fc91 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-gnome-support_1.9.1.4+nobinonly-0ubuntu0.9.10.1_i386.deb Size/MD5: 40552 442a0044090c267c6d3dc9832fb6127f http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-testsuite-dev_1.9.1.4+nobinonly-0ubuntu0.9.10.1_i386.deb Size/MD5: 70374 44a2b94936da9d60acd6437e0ed2dd12 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1_1.9.1.4+nobinonly-0ubuntu0.9.10.1_i386.deb Size/MD5: 7991918 a1e40ac38ddd50a1d59e954c8aaa687f http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9.1/xulrunner-dev_1.9.1.4+nobinonly-0ubuntu0.9.10.1_i386.deb Size/MD5: 26600 a7ef32f55586d3f302d29fbf78e6f9d3 http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9.1/xulrunner-1.9.1-testsuite_1.9.1.4+nobinonly-0ubuntu0.9.10.1_i386.deb Size/MD5: 5422668 4329ff7bf3119a6a8193bfc3557dfba0 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/firefox-3.5/abrowser-3.5-branding_3.5.4+nobinonly-0ubuntu0.9.10.1_lpia.deb Size/MD5: 207636 663c4e1008888ca371b32a15706bf98f http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5-branding_3.5.4+nobinonly-0ubuntu0.9.10.1_lpia.deb Size/MD5: 206238 ba6e88423994168325c4b8eda0e7cb42 http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5-dbg_3.5.4+nobinonly-0ubuntu0.9.10.1_lpia.deb Size/MD5: 464836 a7ffc72eb618c2de540bc0eaa0dd81a0 http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5-dev_3.5.4+nobinonly-0ubuntu0.9.10.1_lpia.deb Size/MD5: 73158 ea922f740d68a4224fb8625698d2e334 http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5-gnome-support_3.5.4+nobinonly-0ubuntu0.9.10.1_lpia.deb Size/MD5: 89262 9f767b6df7808fbd4cb2dde4b0350ba4 http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5_3.5.4+nobinonly-0ubuntu0.9.10.1_lpia.deb Size/MD5: 939994 8f23d2912141914ff2503a4b213277c6 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-dbg_1.9.1.4+nobinonly-0ubuntu0.9.10.1_lpia.deb Size/MD5: 60249380 53815d805eaf4a420253be53ad7786a0 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-dev_1.9.1.4+nobinonly-0ubuntu0.9.10.1_lpia.deb Size/MD5: 4800492 689c8046beee606ea7b2839c34f290f9 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-gnome-support_1.9.1.4+nobinonly-0ubuntu0.9.10.1_lpia.deb Size/MD5: 39714 d0960abc13910a095e4031ad9a46e51f http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-testsuite-dev_1.9.1.4+nobinonly-0ubuntu0.9.10.1_lpia.deb Size/MD5: 70368 20653ffc05fbf78075fea1237826a94f http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1_1.9.1.4+nobinonly-0ubuntu0.9.10.1_lpia.deb Size/MD5: 7882192 387fb3c986a0d61444413a7e86cf1165 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-dev_1.9.1.4+nobinonly-0ubuntu0.9.10.1_lpia.deb Size/MD5: 26598 4c8eda0cbde2eecde1175f5a4c9a3f83 http://ports.ubuntu.com/pool/universe/x/xulrunner-1.9.1/xulrunner-1.9.1-testsuite_1.9.1.4+nobinonly-0ubuntu0.9.10.1_lpia.deb Size/MD5: 5411018 f164d5ce13b56fa0d1afdc86ce727bb3 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/firefox-3.5/abrowser-3.5-branding_3.5.4+nobinonly-0ubuntu0.9.10.1_powerpc.deb Size/MD5: 207638 7537b172c805814a786d1c46da82b8e2 http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5-branding_3.5.4+nobinonly-0ubuntu0.9.10.1_powerpc.deb Size/MD5: 206248 f4610d010aa29b3752d10158a0ef79b9 http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5-dbg_3.5.4+nobinonly-0ubuntu0.9.10.1_powerpc.deb Size/MD5: 483774 caca7816bd4f3182290febbea40417c7 http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5-dev_3.5.4+nobinonly-0ubuntu0.9.10.1_powerpc.deb Size/MD5: 73162 3ae75f042dac76abed3c50f8f5ada071 http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5-gnome-support_3.5.4+nobinonly-0ubuntu0.9.10.1_powerpc.deb Size/MD5: 92816 aeb396d203e987ae41796d5563f925c7 http://ports.ubuntu.com/pool/main/f/firefox-3.5/firefox-3.5_3.5.4+nobinonly-0ubuntu0.9.10.1_powerpc.deb Size/MD5: 963084 89bbf226469bd1d816e22d623e136b26 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-dbg_1.9.1.4+nobinonly-0ubuntu0.9.10.1_powerpc.deb Size/MD5: 64972696 70af1f127e73adf95a506a28b0c7d380 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-dev_1.9.1.4+nobinonly-0ubuntu0.9.10.1_powerpc.deb Size/MD5: 4789450 9ee4dbe5e299f1c438b23c7155286d02 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-gnome-support_1.9.1.4+nobinonly-0ubuntu0.9.10.1_powerpc.deb Size/MD5: 47224 e9d0dc69ee5ade5df3a461e100779b02 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1-testsuite-dev_1.9.1.4+nobinonly-0ubuntu0.9.10.1_powerpc.deb Size/MD5: 70368 62be9cb6637255690ff26182e1985ef5 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-1.9.1_1.9.1.4+nobinonly-0ubuntu0.9.10.1_powerpc.deb Size/MD5: 9729268 84a6a31da565483181171a4da1a4a6bd http://ports.ubuntu.com/pool/main/x/xulrunner-1.9.1/xulrunner-dev_1.9.1.4+nobinonly-0ubuntu0.9.10.1_powerpc.deb Size/MD5: 26606 76a142cd009e148d1a7b945d78285992 http://ports.ubuntu.com/pool/universe/x/xulrunner-1.9.1/xulrunner-1.9.1-testsuite_1.9.1.4+nobinonly-0ubuntu0.9.10.1_powerpc.deb Size/MD5: 5678750 60a0de6fce3554d8c9b613a8a11a3dd5 ORIGINAL ADVISORY: USN-853-1: http://www.ubuntu.com/usn/USN-853-1 OTHER REFERENCES: SA36649: http://secunia.com/advisories/36649/ SA36711: http://secunia.com/advisories/36711/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 12:52:24 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 2 Nov 2009 21:52:24 +0100 Subject: [SEC] [SA37219] Debian update for proftpd-dfsg Message-ID: <200911022052.nA2KqOpj001989@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Debian update for proftpd-dfsg SECUNIA ADVISORY ID: SA37219 VERIFY ADVISORY: http://secunia.com/advisories/37219/ DESCRIPTION: Debian has issued an update for proftpd-dfsg. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks. For more information: SA37131 SOLUTION: Apply updated packages: -- Debian GNU/Linux 4.0 alias etch -- Source archives: http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.0-19etch3.tar.gz Size/MD5 checksum: 1905969 38528feb0ffb9bd88db6f175d6020b8d http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.0-19etch3.dsc Size/MD5 checksum: 872 0bd9359e5bf664360be0c144225649b2 Architecture independent packages: http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mysql_1.3.0-19etch3_all.deb Size/MD5 checksum: 162748 5608f61ea367720d306635309b85d6bc http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-ldap_1.3.0-19etch3_all.deb Size/MD5 checksum: 162748 e16562c92cdc0f0c344ded50f5916d36 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-pgsql_1.3.0-19etch3_all.deb Size/MD5 checksum: 162752 98b538acf18e6c6a7fedfcaab1a35dee http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-doc_1.3.0-19etch3_all.deb Size/MD5 checksum: 492828 eb6950dbd7f5a48fea262fa373224d01 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_alpha.deb Size/MD5 checksum: 997748 b6db8df62a1a19529b8a75cd3965c61c arm architecture (ARM) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_arm.deb Size/MD5 checksum: 803396 01f586c57a9df10f764b1250182aaf4a hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_hppa.deb Size/MD5 checksum: 936038 662b6032362df105994979458344e4c5 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_i386.deb Size/MD5 checksum: 798022 44f0f80e230c4f86e12daf20129ec636 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_ia64.deb Size/MD5 checksum: 1188390 9e68db2aa07f4f477e050f961e766bd5 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_mips.deb Size/MD5 checksum: 856696 0a9f117d838b1b612d05c88ac76caed4 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_mipsel.deb Size/MD5 checksum: 856038 3b04229098a901c9b4de298443af7aff sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_sparc.deb Size/MD5 checksum: 830844 08971c1104010e23c01d52b343b11f56 -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1-17lenny4.dsc Size/MD5 checksum: 1349 825576201541f76cbc1dcab44bae9e61 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1-17lenny4.diff.gz Size/MD5 checksum: 103691 8b4252ad95f772b66b7dd06d60a1bfa6 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1.orig.tar.gz Size/MD5 checksum: 2662056 da40b14c5b8ec5467505c98b4ee4b7b9 Architecture independent packages: http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-doc_1.3.1-17lenny4_all.deb Size/MD5 checksum: 1256500 001a1754365940758a4ec97ead34fb34 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.1-17lenny4_all.deb Size/MD5 checksum: 195088 1951485bf96a4a688495c5ebfa050749 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny4_alpha.deb Size/MD5 checksum: 215366 e95e97a49984acf80828d18da59c72e9 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny4_alpha.deb Size/MD5 checksum: 783554 921f2efef6cc2fc8688bcbb6ca9d8b59 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny4_alpha.deb Size/MD5 checksum: 204746 ab8e55b37a646a496bb122e32d90b067 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny4_alpha.deb Size/MD5 checksum: 204640 5e3dc3781500c2c5a577e39ec4446d75 arm architecture (ARM) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny4_arm.deb Size/MD5 checksum: 214036 187789bcd2eb7d18e6ff207b296011db http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny4_arm.deb Size/MD5 checksum: 203356 c6ac828e324d4cd79675d893b2b9af4c http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny4_arm.deb Size/MD5 checksum: 203202 465de4f3bc6b6532208a22ba96a2a7f9 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny4_arm.deb Size/MD5 checksum: 699814 f463140d95df55d8cd301c567878e397 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny4_armel.deb Size/MD5 checksum: 213884 8b1501c1cfa5a61c6af8ca3c121dddda http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny4_armel.deb Size/MD5 checksum: 705542 f03e97c4a517b1b44af58eeba70d9db3 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny4_armel.deb Size/MD5 checksum: 203634 68c067db2619d26b9544688d1e9e7e8b http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny4_armel.deb Size/MD5 checksum: 203526 43efcc97292d5d0545748c6210a32689 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny4_hppa.deb Size/MD5 checksum: 216732 a718ff67e4b488ef3052e6a1045c89f5 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny4_hppa.deb Size/MD5 checksum: 764824 fe6033f5797b6a163ed8ce552eb7182a http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny4_hppa.deb Size/MD5 checksum: 205296 a675af7ef1807e1e7f8cdacabf28a9c9 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny4_hppa.deb Size/MD5 checksum: 205144 3644789a8d2e181cfdac74a2a80ac85e i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny4_i386.deb Size/MD5 checksum: 203274 aaebf117359a3d9da24ad44d54b92370 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny4_i386.deb Size/MD5 checksum: 203216 0b22db02bddba0d783049e83311526a5 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny4_i386.deb Size/MD5 checksum: 688914 f7088094d696ab673f9e91631adc3bb6 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny4_i386.deb Size/MD5 checksum: 212408 262af8522ecd16b57c11af409db528cb ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny4_ia64.deb Size/MD5 checksum: 980974 8ab9bfd7088b9740a27a54760059b3e9 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny4_ia64.deb Size/MD5 checksum: 222164 3ac1225c263d2678563fe0fa63a37cde http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny4_ia64.deb Size/MD5 checksum: 207428 c2a8edc2d5f2943034ccadf0c6d67c21 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny4_ia64.deb Size/MD5 checksum: 207274 0c4d9685cfe8479fcb24ef7eb86f301d mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny4_mips.deb Size/MD5 checksum: 212246 f90b614ab734af4e75cb15d45d7571bd http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny4_mips.deb Size/MD5 checksum: 691796 c2caa9adce6dd3d44c53a91e6c7b7e88 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny4_mips.deb Size/MD5 checksum: 203262 f4947609b2a1e3b1016ff6a9b7c21d4c http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny4_mips.deb Size/MD5 checksum: 203344 27701f545ffd35ec7fccf456a91a34ce mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny4_mipsel.deb Size/MD5 checksum: 203266 566d885e4619eae83a3986cac1a28ad7 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny4_mipsel.deb Size/MD5 checksum: 203412 62a1ae565c42e326ae2a129add355155 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny4_mipsel.deb Size/MD5 checksum: 689126 f87ca4149400a5ac5bc3e17f149170b8 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny4_mipsel.deb Size/MD5 checksum: 211804 6a32fca4e5b5cb68821670a0f59aa5ad sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny4_sparc.deb Size/MD5 checksum: 203744 e11aedfb13f8c65a7866b3aa35a35780 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny4_sparc.deb Size/MD5 checksum: 701992 1bb07d6070f54a0f84d237bb353c1149 http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny4_sparc.deb Size/MD5 checksum: 203486 583c76972206a115b83c6af5f700727a http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny4_sparc.deb Size/MD5 checksum: 213718 59f82a39914654ba2a32ce50613dc83a ORIGINAL ADVISORY: DSA-1925-1: http://www.us.debian.org/security/2009/dsa-1925 OTHER REFERENCES: SA37131: http://secunia.com/advisories/37131 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 13:18:14 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 2 Nov 2009 22:18:14 +0100 Subject: [SEC] [SA37209] Debian update for libhtml-parser-perl Message-ID: <200911022118.nA2LIE9P021359@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Debian update for libhtml-parser-perl SECUNIA ADVISORY ID: SA37209 VERIFY ADVISORY: http://secunia.com/advisories/37209/ DESCRIPTION: Debian has issued an update for libhtml-parser-perl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA37155 SOLUTION: Apply updated packages. -- Debian GNU/Linux 4.0 alias etch -- Source archives: http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55.orig.tar.gz Size/MD5 checksum: 84746 75eb683f1fb7aa7c0ffa46ded4564b54 http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1.diff.gz Size/MD5 checksum: 6136 8c713a84e3df953ae77d83d9f2cff5bc http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1.dsc Size/MD5 checksum: 882 0f38d699bda26190ea4764aa74eac2c8 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_alpha.deb Size/MD5 checksum: 108540 a6d69a440e25b3d3b4e9c5057f6b6908 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_amd64.deb Size/MD5 checksum: 108168 ddafcee82387004c4d55a39a8ca54eb6 arm architecture (ARM) http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_arm.deb Size/MD5 checksum: 106962 9842d5bc00c6b308d01fae6d20676e9e hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_hppa.deb Size/MD5 checksum: 109602 2d4a2d3ff134cfdd70135e71caf9043a i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_i386.deb Size/MD5 checksum: 108032 b542502d5b1d4fff66c2d730e8c02790 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_ia64.deb Size/MD5 checksum: 117524 ce065d8d05996cdc4c436104b578ed0a mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_mips.deb Size/MD5 checksum: 106518 25feabc68e1aa4aff02b6aff00a2a9df mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_mipsel.deb Size/MD5 checksum: 105742 17a4f0fafa183a3794fad636e4e26ce4 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_powerpc.deb Size/MD5 checksum: 106504 beb784e9d723ba717d207c6e9c58414b s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_s390.deb Size/MD5 checksum: 106630 1de105f77b55dd920dbfccb7712e3dc1 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_sparc.deb Size/MD5 checksum: 106222 bd1cd736644c4f2dceb76cc5192f18d0 -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1.diff.gz Size/MD5 checksum: 6147 18b2407d8b26d6225b82a880b16a0e05 http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1.dsc Size/MD5 checksum: 1316 5a923d6089e2ffddf050ea5b017a7956 http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56.orig.tar.gz Size/MD5 checksum: 86040 bddc432e5ed9df4d4153a62234f04fc2 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_alpha.deb Size/MD5 checksum: 111160 928145a65d633d76bf3db6a42bcf9173 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_amd64.deb Size/MD5 checksum: 111614 9152d47982c212aa1ee9ec8d6293c97e arm architecture (ARM) http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_arm.deb Size/MD5 checksum: 109442 e559abada6a045e2a8d51b1c54a89655 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_armel.deb Size/MD5 checksum: 109388 47e0480a189e752018d27ffb4b19d9e1 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_hppa.deb Size/MD5 checksum: 112026 52d258a94e332f7f1c527ae0c47d77d6 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_i386.deb Size/MD5 checksum: 109680 da9426f29d77127b954a77263a5b7665 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_ia64.deb Size/MD5 checksum: 121744 90933c7e204254b4c308424af76917b2 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_mips.deb Size/MD5 checksum: 109378 f46f9971f7d22fe40a1d15cc224cdc70 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_mipsel.deb Size/MD5 checksum: 109870 af19cea178841be6c1fc658cac4c468d powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_powerpc.deb Size/MD5 checksum: 112450 1a2d490c6120185ec0cbddc2bb73e792 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_s390.deb Size/MD5 checksum: 110958 2f21853d729b141554b39132ecf21f5c sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_sparc.deb Size/MD5 checksum: 108682 a1831a4919f5c7b30eab0def292928b5 ORIGINAL ADVISORY: DSA-1923-1: http://lists.debian.org/debian-security-announce/2009/msg00246.html OTHER REFERENCES: SA37155: http://secunia.com/advisories/37155/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 13:52:03 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 2 Nov 2009 22:52:03 +0100 Subject: [SEC] [SA37194] Mura CMS Multiple Vulnerabilities Message-ID: <200911022152.nA2Lq30L008298@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Mura CMS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA37194 VERIFY ADVISORY: http://secunia.com/advisories/37194/ DESCRIPTION: Vladimir Vorontsov has discovered some vulnerabilities in Mura CMS, which can be exploited by malicious people to disclose sensitive information, and conduct cross-site scripting and script insertion attacks. 1) Input passed to the "txtName" parameter in the comment section of blog entries e.g. go/default/blog/blog-post-with-flash-video/ is not properly sanitised before being used. This can be exploited to display e.g. SQL statements, database structure, installation path by entering values longer than 50 characters. 2) Input passed to the "txtName" and "txtUrl" parameters in the comment section of blog entries e.g. go/default/blog/blog-post-with-flash-video/ is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 3) Input passed to the "link" parameter in default/includes/display_objects/sendtofriend/index.cfm is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) Input passed to the "returnURL" parameter in various pages including go/default/blog/index.cfm is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 5.1.937. Other versions may also be affected. SOLUTION: Update to version 5.1.967. PROVIDED AND/OR DISCOVERED BY: Vladimir Vorontsov CHANGELOG: 2009-11-02: Updated "Solution" and "Original Advisory" sections. ORIGINAL ADVISORY: http://www.getmura.com/index.cfm/blog/mura-cms-xss-vulnerability-fix/ http://onsec.ru/vuln?id=13 http://onsec.ru/vuln?id=14 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 14:29:22 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 2 Nov 2009 23:29:22 +0100 Subject: [SEC] [SA37206] Drupal CCK Comment Reference Module Security Bypass Message-ID: <200911022229.nA2MTMNw027682@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Drupal CCK Comment Reference Module Security Bypass SECUNIA ADVISORY ID: SA37206 VERIFY ADVISORY: http://secunia.com/advisories/37206/ DESCRIPTION: A vulnerability has been reported in the CCK Comment Reference module for Drupal, which can be exploited by malicious users to bypass certain security restrictions. An error in the handling of access permissions can be exploited to access otherwise restricted comments via the autocomplete path. The vulnerability is reported in versions prior to 6.x-1.3 and 5.x-1.2. SOLUTION: CCK Comment Reference 6.x: Update to 6.x-1.3. http://drupal.org/node/615988 CCK Comment Reference 5.x: Update to 5.x-1.2. http://drupal.org/node/616824 PROVIDED AND/OR DISCOVERED BY: The vendor credits Ben Jeavons of Drupal Security Team. ORIGINAL ADVISORY: SA-CONTRIB-2009-083: http://drupal.org/node/617380 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 14:50:16 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 2 Nov 2009 23:50:16 +0100 Subject: [SEC] [SA37208] Red Hat update for pidgin Message-ID: <200911022250.nA2MoGmN014578@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Red Hat update for pidgin SECUNIA ADVISORY ID: SA37208 VERIFY ADVISORY: http://secunia.com/advisories/37208/ DESCRIPTION: Red Hat has issued an update for pidgin. This fixes some weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA36601 SA37072 SOLUTION: Updated packages are available via Red Hat Network. http://rhn.redhat.com ORIGINAL ADVISORY: RHSA-2009:1535-1: http://rhn.redhat.com/errata/RHSA-2009-1535.html OTHER REFERENCES: SA36601: http://secunia.com/advisories/36601/ SA37072: http://secunia.com/advisories/37072/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 15:15:29 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Nov 2009 00:15:29 +0100 Subject: [SEC] [SA37168] Red Hat update for pidgin Message-ID: <200911022315.nA2NFTcV001465@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Red Hat update for pidgin SECUNIA ADVISORY ID: SA37168 VERIFY ADVISORY: http://secunia.com/advisories/37168/ DESCRIPTION: Red Hat has issued an update for pidgin. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA37072 SOLUTION: Updated packages are available via Red Hat Network. http://rhn.redhat.com ORIGINAL ADVISORY: RHSA-2009:1536-1: http://rhn.redhat.com/errata/RHSA-2009-1536.html OTHER REFERENCES: SA37072: http://secunia.com/advisories/37072 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 15:50:10 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Nov 2009 00:50:10 +0100 Subject: [SEC] [SA37203] Drupal Workflow Module Script Insertion Vulnerabilities Message-ID: <200911022350.nA2NoAl1020866@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Drupal Workflow Module Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA37203 VERIFY ADVISORY: http://secunia.com/advisories/37203/ DESCRIPTION: Some vulnerabilities have been reported in the Workflow module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Input passed to workflow names and workflow states is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "administer workflow" permission. The vulnerability is reported in versions prior to 6.x-1.2 and 5.x-2.4. SOLUTION: Workflow 6.x: Update to version 6.x-1.2. http://drupal.org/node/612832 Workflow 5.x: Update to version 5.x-2.4. http://drupal.org/node/612834 PROVIDED AND/OR DISCOVERED BY: The vendor credits Justin Klein Keane. ORIGINAL ADVISORY: SA-CONTRIB-2009-088: http://drupal.org/node/617456 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 16:15:05 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Nov 2009 01:15:05 +0100 Subject: [SEC] [SA37202] Drupal Storm Module Security Bypass Vulnerability Message-ID: <200911030015.nA30F53q007778@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Drupal Storm Module Security Bypass Vulnerability SECUNIA ADVISORY ID: SA37202 VERIFY ADVISORY: http://secunia.com/advisories/37202/ DESCRIPTION: A vulnerability has been reported in the Storm module for Drupal, which can be exploited by malicious users to bypass certain security restrictions. An error in the handling of access permissions of storminvoiceitem nodes can be exploited to access otherwise restricted node titles. The vulnerability is reported in versions prior to 6.x-1.25. SOLUTION: Update to version 6.x-1.25. http://drupal.org/node/617480 PROVIDED AND/OR DISCOVERED BY: The vendor credits Fabio Fabbri. ORIGINAL ADVISORY: SA-CONTRIB-2009-089: http://drupal.org/node/617494 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 16:50:17 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Nov 2009 01:50:17 +0100 Subject: [SEC] [SA37174] PunBB Attachment Plugin "secure_str" SQL Injection Vulnerability Message-ID: <200911030050.nA30oHkc027150@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: PunBB Attachment Plugin "secure_str" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA37174 VERIFY ADVISORY: http://secunia.com/advisories/37174/ DESCRIPTION: A vulnerability has been discovered in the Attachment plugin for PunBB, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "secure_str" parameter to misc.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.0.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Wolves Security Team ORIGINAL ADVISORY: http://bbs.wolvez.org/topic/98/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 17:15:17 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Nov 2009 02:15:17 +0100 Subject: [SEC] [SA37217] Mahara Privilege Escalation and Cross-Site Scripting Message-ID: <200911030115.nA31FHHl014067@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Mahara Privilege Escalation and Cross-Site Scripting SECUNIA ADVISORY ID: SA37217 VERIFY ADVISORY: http://secunia.com/advisories/37217/ DESCRIPTION: Some vulnerabilities have been reported in Mahara, which can be exploited by malicious users to gain escalated privileges and by malicious people to conduct cross-site scripting attacks. 1) Input passed to the "resume blocktype" is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The application does not properly restrict institution administrators from resetting the site administrator's password, which can be exploited to e.g. gain escalated privileges. SOLUTION: Update to version 1.0.13 or 1.1.7. http://eduforge.org/frs/?group_id=176 PROVIDED AND/OR DISCOVERED BY: 1) Sven Vetsch 2) Ruslan Kabalin, Lancaster University Network Services ORIGINAL ADVISORY: 1) http://mahara.org/interaction/forum/topic.php?id=1170 2) http://mahara.org/interaction/forum/topic.php?id=1169 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 17:50:29 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Nov 2009 02:50:29 +0100 Subject: [SEC] [SA37180] Oscailt CMS "obj_id" Local File Inclusion Vulnerability Message-ID: <200911030150.nA31oT8d000968@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Oscailt CMS "obj_id" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA37180 VERIFY ADVISORY: http://secunia.com/advisories/37180/ DESCRIPTION: A vulnerability has been discovered in Oscailt CMS, which can be exploited by malicious people to disclose sensitive information. Input passed to the "obj_id" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 3.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. Enable "magic_quotes_gpc" in php.ini. PROVIDED AND/OR DISCOVERED BY: s4r4d0 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 18:15:18 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Nov 2009 03:15:18 +0100 Subject: [SEC] [SA37183] Cherokee Directory Traversal Vulnerability Message-ID: <200911030215.nA32FIg0020352@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Cherokee Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA37183 VERIFY ADVISORY: http://secunia.com/advisories/37183/ DESCRIPTION: A vulnerability has been discovered in Cherokee, which can be exploited by malicious people to disclose sensitive information. An input sanitation error within the handling of HTTP requests can be exploited to display arbitrary files outside the web root directory via traversal attacks of the form "/\../\../\". The vulnerability is confirmed in version 0.5.4 on Windows XP. Other versions may also be affected. Note: This may only affect systems running Windows. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Dr_IDE ORIGINAL ADVISORY: http://pocoftheday.blogspot.com/2009/10/cherokee-web-server-054-directory.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 18:50:29 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Nov 2009 03:50:29 +0100 Subject: [SEC] [SA37192] F-Secure Products PDF Handling Security Bypass Message-ID: <200911030250.nA32oTFa007295@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: F-Secure Products PDF Handling Security Bypass SECUNIA ADVISORY ID: SA37192 VERIFY ADVISORY: http://secunia.com/advisories/37192/ DESCRIPTION: A weakness has been reported in various F-Secure products, which can be exploited by malware to bypass the scanning functionality. An error in the handling of PDF files can be exploited to bypass the anti-virus scanning functionality via specially crafted PDF files. SOLUTION: Fixes are distributed via the automatic update channel. PROVIDED AND/OR DISCOVERED BY: Thierry Zoller, G-SEC ORIGINAL ADVISORY: F-Secure: http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-3.html G-SEC: http://www.g-sec.lu/fsecure-pdf-bypass.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 19:22:09 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Nov 2009 04:22:09 +0100 Subject: [SEC] [SA37198] Drupal LDAP Integration Module Multiple Vulnerabilities Message-ID: <200911030322.nA33M9aF026986@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Drupal LDAP Integration Module Multiple Vulnerabilities SECUNIA ADVISORY ID: SA37198 VERIFY ADVISORY: http://secunia.com/advisories/37198/ DESCRIPTION: Some vulnerabilities have been reported in the LDAP Integration module for Drupal, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks and bypass certain security restrictions. 1) Certain input passed to user defined server names is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) The module allows users to perform certain actions via HTTP requests without performing any validation checks to verify the requests. This can be exploited to e.g. activate or deactivate an LDAP server. 3) An error in the handling of access permissions of user LDAP data can be exploited to access otherwise restricted content. 4) An error in the handling of access permissions of user management can be exploited to access otherwise restricted content. The vulnerabilities are reported in versions prior to 6.x-1.0-beta2 and 5.x-1.5. SOLUTION: LDAP Integration 6.x: Update to 6.x-1.0-beta2 http://drupal.org/node/615898 LDAP Integration 5.x: Update to 5.x-1.5 http://drupal.org/node/615900 PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Jakub Suchy of the Drupal Security Team. 2) The vendor credits St?phane Corlosquet of the Drupal Security Team. 3) The vendor credits Christian A. Reiter and Matt Vance. 4) The vendor credits Kevin Murphy. ORIGINAL ADVISORY: SA-CONTRIB-2009-084: http://drupal.org/node/617386 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 19:50:24 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Nov 2009 04:50:24 +0100 Subject: [SEC] [SA37201] Drupal FAQ Ask Module Multiple Vulnerabilities Message-ID: <200911030350.nA33oOdu013908@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Drupal FAQ Ask Module Multiple Vulnerabilities SECUNIA ADVISORY ID: SA37201 VERIFY ADVISORY: http://secunia.com/advisories/37201/ DESCRIPTION: Some vulnerabilities have been reported in the FAQ Ask module for Drupal, which can be exploited by malicious users to conduct script insertion attacks, and by malicious people to conduct cross-site request forgery attacks. 1) Certain input passed to unspecified parameters is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) The module allows users to perform certain actions via HTTP requests without performing any validation checks to verify the requests. This can be exploited to e.g. trick an administrator into visiting a malicious site. The vulnerabilities are reported in versions prior to 6.x-2.0. SOLUTION: Update to version 6.x-2.0. http://drupal.org/node/611316 PROVIDED AND/OR DISCOVERED BY: The vendor credits Dylan Wilder-Tack. ORIGINAL ADVISORY: SA-CONTRIB-2009-087: http://drupal.org/node/617444 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 20:15:14 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Nov 2009 05:15:14 +0100 Subject: [SEC] [SA37200] Drupal OpenSocial Shindig-Integrator Script Insertion Vulnerability Message-ID: <200911030415.nA34FEjF000780@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Drupal OpenSocial Shindig-Integrator Script Insertion Vulnerability SECUNIA ADVISORY ID: SA37200 VERIFY ADVISORY: http://secunia.com/advisories/37200/ DESCRIPTION: A vulnerability has been reported in the OpenSocial Shindig-Integrator module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain input passed to unspecified parameters is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "create application" permissions. The vulnerability is reported in versions prior to 6.x-2.1. SOLUTION: Update to version 6.x-2.1. http://drupal.org/node/615584 PROVIDED AND/OR DISCOVERED BY: The vendor credits Tony Mobily. ORIGINAL ADVISORY: SA-CONTRIB-2009-086: http://drupal.org/node/617422 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 20:50:28 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Nov 2009 05:50:28 +0100 Subject: [SEC] [SA37199] Drupal Insert Node Module Script Insertion Vulnerability Message-ID: <200911030450.nA34oSmh020195@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Drupal Insert Node Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA37199 VERIFY ADVISORY: http://secunia.com/advisories/37199/ DESCRIPTION: A vulnerability has been reported in the Insert Node module for Drupal, which an be exploited by malicious users to conduct script insertion attacks. Certain input passed while creating a node is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is reported in versions prior to 5.x-1.2. SOLUTION: Update to version 5.x-1.2. http://drupal.org/node/616546 PROVIDED AND/OR DISCOVERED BY: The vendor credits Konstantin K?fer. ORIGINAL ADVISORY: SA-CONTRIB-2009-085: http://drupal.org/node/617400 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 21:15:24 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Nov 2009 06:15:24 +0100 Subject: [SEC] [SA37189] Open Text Search Server Hummingbird STR Service Buffer Overflow Message-ID: <200911030515.nA35FO7L007108@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Open Text Search Server Hummingbird STR Service Buffer Overflow SECUNIA ADVISORY ID: SA37189 VERIFY ADVISORY: http://secunia.com/advisories/37189/ DESCRIPTION: A vulnerability has been reported in Open Text Search Server, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the STRlib.dll library used by the Hummingbird STR service (STRsvc.exe). This can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 10500. Successful exploitation may allow execution of arbitrary code. SOLUTION: Update to version 6.0 or 6.1 and apply patches. For more information consult Open Text Knowledge Base article 14816981. PROVIDED AND/OR DISCOVERED BY: Stephen Fewer of Harmony Security, reported via ZDI ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-074/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 2 21:50:47 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Nov 2009 06:50:47 +0100 Subject: [SEC] [SA37191] Documentum eRoom Hummingbird STR Service Buffer Overflow Message-ID: <200911030550.nA35olEq026488@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Documentum eRoom Hummingbird STR Service Buffer Overflow SECUNIA ADVISORY ID: SA37191 VERIFY ADVISORY: http://secunia.com/advisories/37191/ DESCRIPTION: A vulnerability has been reported in Documentum eRoom, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA37189 SOLUTION: Update to Documentum eRoom version 7.4.2. For more information see EMC Powerlink (powerlink.emc.com) Knowledge Base article esg99041. PROVIDED AND/OR DISCOVERED BY: Stephen Fewer of Harmony Security, reported via ZDI ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-074/ OTHER REFERENCES: SA37189: http://secunia.com/advisories/37189/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 3 08:29:21 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Nov 2009 17:29:21 +0100 Subject: [SEC] [SA37196] Fedora update for firefox Message-ID: <200911031629.nA3GTL8j018879@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Fedora update for firefox SECUNIA ADVISORY ID: SA37196 VERIFY ADVISORY: http://secunia.com/advisories/37196/ DESCRIPTION: Fedora has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, manipulate certain data, or compromise a user's system. For more information: SA36649 SA36711 SOLUTION: Apply updated packages via the yum utility ("yum update firefox"). ORIGINAL ADVISORY: FEDORA-2009-10878: https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00834.html OTHER REFERENCES: SA36649: http://secunia.com/advisories/36649/ SA36711: http://secunia.com/advisories/36711/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 09:18:48 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Nov 2009 18:18:48 +0100 Subject: [SEC] [SA37254] Fedora update for wireshark Message-ID: <200911041718.nA4HImbG000618@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Fedora update for wireshark SECUNIA ADVISORY ID: SA37254 VERIFY ADVISORY: http://secunia.com/advisories/37254/ DESCRIPTION: Fedora has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA35884 SA36754 SOLUTION: Apply updated packages via the yum utility ("yum update wireshark"). ORIGINAL ADVISORY: FEDORA-2009-9837: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00007.html OTHER REFERENCES: SA35884: http://secunia.com/advisories/35884/ SA36754: http://secunia.com/advisories/36754/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 09:52:23 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Nov 2009 18:52:23 +0100 Subject: [SEC] [SA37212] Fedora update for firefox Message-ID: <200911041752.nA4HqNQ7020028@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Fedora update for firefox SECUNIA ADVISORY ID: SA37212 VERIFY ADVISORY: http://secunia.com/advisories/37212/ DESCRIPTION: Fedora has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, manipulate certain data, or compromise a user's system. For more information: SA36649 SA36711 SOLUTION: Apply updated packages via the yum utility ("yum update firefox"). ORIGINAL ADVISORY: FEDORA-2009-10981: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00116.html OTHER REFERENCES: SA36649: http://secunia.com/advisories/36649/ SA36711: http://secunia.com/advisories/36711/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 10:18:39 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Nov 2009 19:18:39 +0100 Subject: [SEC] [SA37257] SUSE update for MozillaFirefox Message-ID: <200911041818.nA4IIdHY006941@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: SUSE update for MozillaFirefox SECUNIA ADVISORY ID: SA37257 VERIFY ADVISORY: http://secunia.com/advisories/37257/ DESCRIPTION: SUSE has issued an update for MozillaFirefox. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, manipulate certain data, or compromise a user's system. For more information: SA36649 SA36711 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SA:2009:052: http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00001.html OTHER REFERENCES: SA36649: http://secunia.com/advisories/36649/ SA36711: http://secunia.com/advisories/36711/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 10:52:38 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Nov 2009 19:52:38 +0100 Subject: [SEC] [SA37213] Fedora update for xulrunner Message-ID: <200911041852.nA4IqcLE026322@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Fedora update for xulrunner SECUNIA ADVISORY ID: SA37213 VERIFY ADVISORY: http://secunia.com/advisories/37213/ DESCRIPTION: Fedora has issued an update for xulrunner. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, manipulate certain data, or compromise a user's system. For more information: SA36649 SA36711 SOLUTION: Apply updated packages via the yum utility ("yum update xulrunner"). ORIGINAL ADVISORY: FEDORA-2009-10981: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00130.html OTHER REFERENCES: SA36649: http://secunia.com/advisories/36649/ SA36711: http://secunia.com/advisories/36711/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 11:18:34 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Nov 2009 20:18:34 +0100 Subject: [SEC] [SA37234] Fedora update for expat Message-ID: <200911041918.nA4JIYHF013246@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Fedora update for expat SECUNIA ADVISORY ID: SA37234 VERIFY ADVISORY: http://secunia.com/advisories/37234/ DESCRIPTION: Fedora has issued an update for expat. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA36425 SOLUTION: Apply updated packages via the yum utility ("yum update expat"). ORIGINAL ADVISORY: FEDORA-2009-11029: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00174.html FEDORA-2009-10987: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00137.html OTHER REFERENCES: SA36425: http://secunia.com/advisories/36425/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 11:52:25 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Nov 2009 20:52:25 +0100 Subject: [SEC] [SA37245] Fedora update for PyXML Message-ID: <200911041952.nA4JqPDV032614@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Fedora update for PyXML SECUNIA ADVISORY ID: SA37245 VERIFY ADVISORY: http://secunia.com/advisories/37245/ DESCRIPTION: Fedora has issued an update for PyXML. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA36425 SOLUTION: Apply updated packages via the yum utility ("yum update PyXML"). ORIGINAL ADVISORY: FEDORA-2009-10949: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00067.html FEDORA-2009-11030: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00175.html OTHER REFERENCES: SA36425: http://secunia.com/advisories/36425/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 12:18:27 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Nov 2009 21:18:27 +0100 Subject: [SEC] [SA37251] Red Hat update for kernel-rt Message-ID: <200911042018.nA4KIRn8019539@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Red Hat update for kernel-rt SECUNIA ADVISORY ID: SA37251 VERIFY ADVISORY: http://secunia.com/advisories/37251/ DESCRIPTION: Red Hat has issued an update for kernel-rt. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, disclose certain system and potentially sensitive information, cause a DoS (Denial of Service) and potentially gain escalated privileges, and by malicious people to cause a DoS (Denial of Service). For more information: SA35801 SA36265 SA36438 SA36617 SA36707 SA36927 SA37086 SA37121 SA37233 SOLUTION: Updated packages are available via Red Hat Network. http://rhn.redhat.com ORIGINAL ADVISORY: RHSA-2009:1540-1: https://rhn.redhat.com/errata/RHSA-2009-1540.html OTHER REFERENCES: SA35801: http://secunia.com/advisories/35801/ SA36265: http://secunia.com/advisories/36265/ SA36438: http://secunia.com/advisories/36438/ SA36617: http://secunia.com/advisories/36617/ SA36707: http://secunia.com/advisories/36707/ SA36927: http://secunia.com/advisories/36927/ SA37086: http://secunia.com/advisories/37086/ SA37121: http://secunia.com/advisories/37121/ SA37233: http://secunia.com/advisories/37233/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 12:52:24 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Nov 2009 21:52:24 +0100 Subject: [SEC] [SA37227] Remote Files Insecure Default Directory Permissions Message-ID: <200911042052.nA4KqOMe006462@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Remote Files Insecure Default Directory Permissions SECUNIA ADVISORY ID: SA37227 VERIFY ADVISORY: http://secunia.com/advisories/37227/ DESCRIPTION: Francis Provencher has discovered a security issue in Remote Files Server Edition and My Remote Files, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the applications setting insecure default permissions on the installation directory. This can be exploited to gain escalated privileges by replacing application binaries. The security issue is confirmed in Remote Files Server Edition version 2.4.2 and My Remote Files version 2.4.2. Other versions may also be affected. SOLUTION: Remove unprivileged access from the permissions set on the installation directories. PROVIDED AND/OR DISCOVERED BY: Francis Provencher, Protek Research Lab ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 13:18:18 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Nov 2009 22:18:18 +0100 Subject: [SEC] [SA37226] Fedora update for squidGuard Message-ID: <200911042118.nA4LIIXl025832@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Fedora update for squidGuard SECUNIA ADVISORY ID: SA37226 VERIFY ADVISORY: http://secunia.com/advisories/37226/ DESCRIPTION: Fedora has issued an update for squidGuard. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions. For more information see security issue #1 in: SA37107 SOLUTION: Apply updated packages via the yum utility ("yum update squidGuard"). ORIGINAL ADVISORY: FEDORA-2009-10743: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00172.html FEDORA-2009-10780: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00082.html OTHER REFERENCES: SA37107: http://secunia.com/advisories/37107/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 13:52:35 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Nov 2009 22:52:35 +0100 Subject: [SEC] [SA37252] Red Hat update for kernel Message-ID: <200911042152.nA4LqZjf012776@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA37252 VERIFY ADVISORY: http://secunia.com/advisories/37252/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, disclose potentially sensitive information and potentially gain escalated privileges. For more information: SA32510 SA32913 SA34614 SA35265 SA35801 SA35983 SA36438 SA37233 SOLUTION: Updated packages are available via Red Hat Network. http://rhn.redhat.com ORIGINAL ADVISORY: RHSA-2009:1550-1: https://rhn.redhat.com/errata/RHSA-2009-1550.html OTHER REFERENCES: SA32510: http://secunia.com/advisories/32510/ SA32913: http://secunia.com/advisories/32913/ SA34614: http://secunia.com/advisories/34614/ SA35265: http://secunia.com/advisories/35265/ SA35801: http://secunia.com/advisories/35801/ SA35983: http://secunia.com/advisories/35983/ SA36438: http://secunia.com/advisories/36438/ SA37233: http://secunia.com/advisories/37233/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 14:29:32 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Nov 2009 23:29:32 +0100 Subject: [SEC] [SA37223] Red Hat update for kernel Message-ID: <200911042229.nA4MTWVL032156@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA37223 VERIFY ADVISORY: http://secunia.com/advisories/37223/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. For more information: SA37233 SOLUTION: Updated packages are available via Red Hat Network. http://rhn.redhat.com ORIGINAL ADVISORY: RHSA-2009:1541-1: http://rhn.redhat.com/errata/RHSA-2009-1541.html OTHER REFERENCES: SA37233: http://secunia.com/advisories/37233/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 14:50:31 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Nov 2009 23:50:31 +0100 Subject: [SEC] [SA37243] Red Hat update for kernel Message-ID: <200911042250.nA4MoVI1019054@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA37243 VERIFY ADVISORY: http://secunia.com/advisories/37243/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service), gain escalated privileges, and disclose potentially sensitive information. For more information: SA36617 SA37075 SA37233 SOLUTION: Updated packages are available via Red Hat Network. http://rhn.redhat.com ORIGINAL ADVISORY: RHSA-2009:1548-1: https://rhn.redhat.com/errata/RHSA-2009-1548.html OTHER REFERENCES: SA36617: http://secunia.com/advisories/36617/ SA37075: http://secunia.com/advisories/37075/ SA37233: http://secunia.com/advisories/37233/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 15:15:22 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 00:15:22 +0100 Subject: [SEC] [SA37236] Hitachi Cosminexus XML Processor Denial of Service Vulnerability Message-ID: <200911042315.nA4NFMlk005949@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Hitachi Cosminexus XML Processor Denial of Service Vulnerability SECUNIA ADVISORY ID: SA37236 VERIFY ADVISORY: http://secunia.com/advisories/37236/ DESCRIPTION: A vulnerability has been reported in Cosminexus XML Processor, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error when processing certain malformed XML data. This can be exploited by e.g. sending specially crafted SOAP requests to an application using the Cosminexus XML Processor. SOLUTION: Apply patches if available. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-017/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 15:49:54 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 00:49:54 +0100 Subject: [SEC] [SA32534] IBM Tivoli Storage Manager Client Multiple Vulnerabilities Message-ID: <200911042349.nA4Nns8Q025344@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: IBM Tivoli Storage Manager Client Multiple Vulnerabilities SECUNIA ADVISORY ID: SA32534 VERIFY ADVISORY: http://secunia.com/advisories/32534/ DESCRIPTION: Some vulnerabilities have been reported in IBM Tivoli Storage Manager (TSM) Client, which can be exploited by malicious people to bypass certain security restrictions or compromise a vulnerable system. 1) An input validation error in the CAD service can be exploited to cause a stack-based buffer overflow by sending a specially crafted TCP packet. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in Tivoli Storage Manager Express Backup Client Version 5, Release 3, Level 6.2. Other versions may also be affected. 2) A boundary error in the Traditional Scheduler component can be exploited to cause a buffer overflow and potentially execute arbitrary code. 3) An unspecified error exists in the UNIX and Linux backup-archive clients and the OS/400 API client. This can be exploited to bypass access restrictions and read, copy, alter, or delete arbitrary files when the MAILPROG option is specified. SOLUTION: Update to the latest version. NOTE: Updated 6.1, 5.5, and 5.4 Windows and NetWare packages introduce a bug resulting in missed backups. Please see the vendor's advisory for more information. TSM 6.1.0.2 (all platforms): http://www.ibm.com/support/docview.wss?&uid=swg24023937 TSM 5.5.2.2 (AIX, Linux x86, Solaris SPARC, HP-UX, Windows): http://www.ibm.com/support/docview.wss?uid=swg24023022 TSM 5.5.2.3 (Mac): http://www.ibm.com/support/docview.wss?uid=swg24023022 TSM 5.5.2.4 (Linux PPC, Linux zSeries, Linux Itanium, NetWare, Solaris x86/x86_64, z/OS USS): http://www.ibm.com/support/docview.wss?uid=swg24023022 TSM 5.4.3 (all platforms): http://www.ibm.com/support/docview.wss?uid=swg24023757 TSM 5.3.6.7 ("special clients" supported in 5.4 on Windows 2000, Solaris 8, or Linux x86 RHEL 3): http://www.ibm.com/support/docview.wss?uid=swg24019416 TSM 5.3.6.7 (5.3 clients with support extensions on AIX, Linux x86, Solaris SPARC, HP-UX PA-RISC, or Windows x32/x64): http://www.ibm.com/support/docview.wss?uid=swg24021007 TSM Express 5.3.6.7 (Windows x32/x64): ftp://ftp.software.ibm.com/storage/tivoli-storage-management/patches/client/v5r3/Windows/express/v536/ TSM 5.5.2 (OS/400 API): ftp://ftp.software.ibm.com/storage/tivoli-storage-management/maintenance/client/v5r5/OS400/v552/ PROVIDED AND/OR DISCOVERED BY: 1) Dyon Balding, Secunia Research 2, 3) Reported by the vendor. ORIGINAL ADVISORY: IBM (IC54489, IC61036, IC61058): http://www-01.ibm.com/support/docview.wss?uid=swg21405562 Secunia Research: http://secunia.com/secunia_research/2008-51/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 16:14:55 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 01:14:55 +0100 Subject: [SEC] [SA37216] Fedora update for mimetex Message-ID: <200911050014.nA50EtPe012259@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Fedora update for mimetex SECUNIA ADVISORY ID: SA37216 VERIFY ADVISORY: http://secunia.com/advisories/37216/ DESCRIPTION: Fedora has issued an update for mimetex. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information or compromise a vulnerable system. For more information: SA35752 SOLUTION: Apply updated packages via the yum utility ("yum update mimetex"). ORIGINAL ADVISORY: FEDORA-2009-10225: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00084.html FEDORA-2009-10170: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00165.html OTHER REFERENCES: SA35752: http://secunia.com/advisories/35752/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 16:50:15 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 01:50:15 +0100 Subject: [SEC] [SA37244] BlackBerry Desktop Software Lotus Notes Intellisync Arbitrary Code Execution Message-ID: <200911050050.nA50oF8F031631@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: BlackBerry Desktop Software Lotus Notes Intellisync Arbitrary Code Execution SECUNIA ADVISORY ID: SA37244 VERIFY ADVISORY: http://secunia.com/advisories/37244/ DESCRIPTION: A vulnerability has been reported in BlackBerry Desktop Software, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error in the Lotus Notes Intellisync component (lnsresobject.dll). This can be exploited to potentially execute arbitrary code by tricking a user into visiting a malicious website. The vulnerability is reported in versions prior to 5.0.1. SOLUTION: Update to version 5.0.1: https://www.blackberry.com/Downloads/entry.do?code=A8BAA56554F96369AB93E4F3BB068C22 PROVIDED AND/OR DISCOVERED BY: The vendor credits OYXin of Nevis Labs, Aviram Networks, Inc. ORIGINAL ADVISORY: http://blackberry.com/btsc/KB19701 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 17:15:30 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 02:15:30 +0100 Subject: [SEC] [SA37250] Sun Solaris PostgreSQL Privilege Escalation and Denial of Service Message-ID: <200911050115.nA51FUhR018550@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Sun Solaris PostgreSQL Privilege Escalation and Denial of Service SECUNIA ADVISORY ID: SA37250 VERIFY ADVISORY: http://secunia.com/advisories/37250/ DESCRIPTION: Sun has acknowledged some vulnerabilities in PostgreSQL in Solaris, which can be exploited by malicious users to gain escalated privileges and cause a DoS (Denial of Service). For more information: SA36660 The vulnerabilities are reported in Solaris 10 and OpenSolaris on both the SPARC and x86 platforms. SOLUTION: Apply patches. -- SPARC Platform -- Solaris 10 (6/06 or later) with PostgreSQL 8.1: Apply patch 123590-11 or later. Solaris 10 (8/07 or later) with PostgreSQL 8.2: Apply patch 136998-07 or later. Solaris 10 (10/08 or later) with PostgreSQL 8.3: Apply patch 138826-05 or later. OpenSolaris with PostgreSQL 8.2/8.3: Fixed in builds snv_125 and later. -- x86 Platform -- Solaris 10 (6/06 or later) with PostgreSQL 8.1: Apply patch 123591-11 or later. Solaris 10 (8/07 or later) with PostgreSQL 8.2: Apply patch 136999-07 or later. Solaris 10 (10/08 or later) with PostgreSQL 8.3: Apply patch 138827-05 or later. OpenSolaris with PostgreSQL 8.2/8.3: Fixed in builds snv_125 and later. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1 OTHER REFERENCES: SA36660: http://secunia.com/advisories/36660/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 17:50:21 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 02:50:21 +0100 Subject: [SEC] [SA37233] Linux Kernel "fs/pipe.c" Locking Error NULL Pointer Dereference Message-ID: <200911050150.nA51oLnU005476@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Linux Kernel "fs/pipe.c" Locking Error NULL Pointer Dereference SECUNIA ADVISORY ID: SA37233 VERIFY ADVISORY: http://secunia.com/advisories/37233/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. The vulnerability is caused due to a locking error within the "pipe_rdwr_open()", "pipe_write_open()", and "pipe_read_open()" functions in fs/pipe.c. This can be exploited to cause a NULL pointer deference by performing certain pipe operations. SOLUTION: Fixed in version 2.6.32-rc6. PROVIDED AND/OR DISCOVERED BY: Earl Chew ORIGINAL ADVISORY: http://bugzilla.kernel.org/show_bug.cgi?id=14416 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ad3960243e55320d74195fb85c975e0a8cc4466c ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 18:15:17 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 03:15:17 +0100 Subject: [SEC] [SA37235] RoundCube Webmail Cross-Site Request Forgery Vulnerabilities Message-ID: <200911050215.nA52FHVq024843@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: RoundCube Webmail Cross-Site Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA37235 VERIFY ADVISORY: http://secunia.com/advisories/37235/ DESCRIPTION: Some vulnerabilities have been reported in RoundCube Webmail, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change certain information of a logged in user or send arbitrary emails. The vulnerabilities are reported in versions prior to 0.3. SOLUTION: Update to version 0.3. http://sourceforge.net/projects/roundcubemail/files/roundcubemail/0.3-stable/ PROVIDED AND/OR DISCOVERED BY: JVN Credits: * Shuya Ueki * Gaku Mochizuki, Mitsui Bussan Secure Directions ORIGINAL ADVISORY: RoundCube: http://trac.roundcube.net/wiki/Changelog JVN: http://jvn.jp/en/jp/JVN72974205/index.html http://jvn.jp/en/jp/JVN75694913/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 18:49:59 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 03:49:59 +0100 Subject: [SEC] [SA37249] Sun Solaris Sockets Direct Protocol Driver Denial of Service Message-ID: <200911050249.nA52nxvR011792@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Sun Solaris Sockets Direct Protocol Driver Denial of Service SECUNIA ADVISORY ID: SA37249 VERIFY ADVISORY: http://secunia.com/advisories/37249/ DESCRIPTION: A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the Sockets Direct Protocol (SDP) driver (sdp(7D)) and can be exploited to exhaust all available kernel memory. NOTE: Applications bundled with Solaris are reportedly not affected. The vulnerability is reported in Solaris 10 and OpenSolaris on both the SPARC and x86 platforms. SOLUTION: Apply patches. -- SPARC Platform -- Solaris 10: Apply patch 141444-09 or later. OpenSolaris: Fixed in builds snv_95 and later. -- x86 Platform -- Solaris 10: Apply patch 141445-09 or later. OpenSolaris: Fixed in builds snv_95 and later. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-66-264730-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 19:19:58 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 04:19:58 +0100 Subject: [SEC] [SA37237] Shibboleth Identity / Service Provider Cross-Site Scripting and Script Insertion Message-ID: <200911050319.nA53JwNw031428@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Shibboleth Identity / Service Provider Cross-Site Scripting and Script Insertion SECUNIA ADVISORY ID: SA37237 VERIFY ADVISORY: http://secunia.com/advisories/37237/ DESCRIPTION: A vulnerability has been reported in the Shibboleth Identity and Service Provider, which can be exploited by malicious people to conduct cross-site scripting and potentially script insertion attacks. The vulnerability is caused due to an error within the sanitation of certain URLs. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when malicious data is viewed. Successful exploitation within the Identity Provider requires that relying of anonymous parties is enabled (enabled by default in 1.3x and disabled by default in 2.x). SOLUTION: Update to version 1.3.5 or 2.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits Matt Elder. ORIGINAL ADVISORY: http://shibboleth.internet2.edu/secadv/secadv_20091104.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 19:50:12 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 04:50:12 +0100 Subject: [SEC] [SA37247] Sun Solaris Adobe Reader Multiple Vulnerabilities Message-ID: <200911050350.nA53oCTA018359@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Sun Solaris Adobe Reader Multiple Vulnerabilities SECUNIA ADVISORY ID: SA37247 VERIFY ADVISORY: http://secunia.com/advisories/37247/ DESCRIPTION: Sun has acknowledged some vulnerabilities in Adobe Reader in Solaris, which can be exploited by malicious people to compromise a user's system. For more information: SA36983 The vulnerabilities are reported in Solaris 10 for the SPARC platform. SOLUTION: A final resolution is pending completion. Do not process untrusted PDF files. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-66-270669-1 OTHER REFERENCES: SA36983: http://secunia.com/advisories/36983/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 20:15:16 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 05:15:16 +0100 Subject: [SEC] [SA37207] SafeNet SoftRemote Policy File Buffer Overflow Vulnerability Message-ID: <200911050415.nA54FGNV005254@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: SafeNet SoftRemote Policy File Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA37207 VERIFY ADVISORY: http://secunia.com/advisories/37207/ DESCRIPTION: Brett Gervasoni has reported a vulnerability in SafeNet SoftRemote, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in spdedit.exe when processing policy files (".spd"). This can be exploited to cause a stack-based buffer overflow via a policy file containing overly long "TREENAME" or "GROUPNAME" fields. Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into importing a malicious ".spd" file. The vulnerability is reported in version 10.8.5 build 2 and version 10.3.5 build 6. Other versions may also be affected. SOLUTION: Reportedly fixed in version 10.8.9. PROVIDED AND/OR DISCOVERED BY: Brett Gervasoni, SOS Labs ORIGINAL ADVISORY: http://www.senseofsecurity.com.au/advisories/SOS-09-008 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 20:50:13 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 05:50:13 +0100 Subject: [SEC] [SA37240] e-Courier CMS "UserGUID" Cross-Site Scripting Vulnerability Message-ID: <200911050450.nA54oDkm024650@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: e-Courier CMS "UserGUID" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA37240 VERIFY ADVISORY: http://secunia.com/advisories/37240/ DESCRIPTION: A vulnerability has been reported in e-Courier CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "UserGUID" parameter to various pages e.g. /home/index.asp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: BugsNotHugs ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 21:15:20 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 06:15:20 +0100 Subject: [SEC] [SA37248] Sun Solaris XScreenSaver Pop-up Windows Security Bypass Message-ID: <200911050515.nA55FKsS011566@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Sun Solaris XScreenSaver Pop-up Windows Security Bypass SECUNIA ADVISORY ID: SA37248 VERIFY ADVISORY: http://secunia.com/advisories/37248/ DESCRIPTION: A weakness has been reported in Sun Solaris, which can be exploited by malicious people with physical access to the system to potentially bypass certain security restrictions. The problem is that XScreenSaver allows certain pop-up windows to appear when the screen is locked and the accessibility feature is enabled. NOTE: The weakness was introduced in patches 120094-27 and 120095-27. The weakness is reported in Solaris 10 for both the SPARC and x86 platforms. SOLUTION: Apply patches. -- SPARC Platform -- Solaris 10: Apply patch 120094-29 or later. -- x86 Platform -- Solaris 10: Apply patch 120095-29 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-66-268288-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 21:50:07 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 06:50:07 +0100 Subject: [SEC] [SA37215] Red Hat update for wget Message-ID: <200911050550.nA55o7BN030939@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Red Hat update for wget SECUNIA ADVISORY ID: SA37215 VERIFY ADVISORY: http://secunia.com/advisories/37215/ DESCRIPTION: Red Hat has issued an update for wget. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks. For more information: SA36540 SOLUTION: Updated packages are available via Red Hat Network. http://rhn.redhat.com ORIGINAL ADVISORY: RHSA-2009:1549-1: https://rhn.redhat.com/errata/RHSA-2009-1549.html OTHER REFERENCES: SA36540: http://secunia.com/advisories/36540/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 4 22:15:29 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 07:15:29 +0100 Subject: [SEC] [SA37224] Sun Solaris Trusted Extensions XScreenSaver Security Bypass Message-ID: <200911050615.nA56FTvW017854@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Sun Solaris Trusted Extensions XScreenSaver Security Bypass SECUNIA ADVISORY ID: SA37224 VERIFY ADVISORY: http://secunia.com/advisories/37224/ DESCRIPTION: A security issue has been reported in Sun Solaris, which can be exploited by malicious people with physical access to the system to potentially bypass certain security restrictions. The security issue is caused due to the Solaris Trusted Extensions implementation preventing XScreenSaver from running and can be exploited to potentially leave the screen unlocked. The security issue is reported in Solaris 10 with Solaris Trusted Extensions installed and configured. SOLUTION: Apply patches. -- SPARC Platform -- Solaris 10: Apply patch 120094-28 or later. -- x86 Platform -- Solaris 10: Apply patch 120095-28 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-66-270809-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From summary at secunia.com Thu Nov 5 08:59:53 2009 From: summary at secunia.com (Secunia) Date: Thu, 5 Nov 2009 17:59:53 +0100 Subject: [SEC] Secunia Weekly Summary - Issue: 2009-45 Message-ID: <200911051659.nA5GxrjS013638@CRON-IX-2.intnet> ======================================================================== The Secunia Weekly Advisory Summary 2009-10-29 - 2009-11-05 This week: 63 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4..................................................This Week in Numbers ======================================================================== 1) Word From Secunia: Blog: Secunia CSI 3.0 - Final The Public Beta of the Secunia Corporate Software Inspector (CSI) 3.0 has ended in accordance with our previously announced release schedule, and the final version of the Secunia CSI 3.0 is now available for download. A huge thanks goes out to the over 3,000 people who participated in the Secunia CSI 3.0 Public Beta, which compared to last year is extremely great, the public beta of the previous version had 1,600 participants. Read More: http://secunia.com/blog/65/ ======================================================================== 2) This Week in Brief: A vulnerability has been reported in the Symantec Altiris ConsoleUtilities ActiveX control, which can be exploited by malicious people to compromise a user's system. For more information, refer to: http://secunia.com/advisories/37229/ -- A weakness and some vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a user's system. For more information, refer to: http://secunia.com/advisories/37231/ ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA36711] Mozilla Firefox Multiple Vulnerabilities 2. [SA24314] Internet Explorer Charset Inheritance Cross-Site Scripting Vulnerability 3. [SA35948] Adobe Flash Player Multiple Vulnerabilities 4. [SA36983] Adobe Reader/Acrobat Multiple Vulnerabilities 5. [SA37182] Opera Multiple Vulnerabilities 6. [SA34451] Sun Java JDK / JRE Multiple Vulnerabilities 7. [SA37007] Microsoft Products GDI+ Multiple Vulnerabilities 8. [SA20153] Microsoft Word Malformed Object Pointer Vulnerability 9. [SA36979] Microsoft Internet Explorer Multiple Vulnerabilities 10. [SA37186] VMware Products Directory Traversal File Disclosure Vulnerability ======================================================================== 4) This Week in Numbers During the past week 63 Secunia Advisories have been released. All Secunia customers have received immediate notification on the alerts that affect their business. This weeks Secunia Advisories had the following spread across platforms and criticality ratings: Platforms: Windows : 6 Secunia Advisories Unix/Linux : 32 Secunia Advisories Other : 3 Secunia Advisories Cross platform : 22 Secunia Advisories Criticality Ratings: Extremely Critical : 0 Secunia Advisories Highly Critical : 12 Secunia Advisories Moderately Critical : 15 Secunia Advisories Less Critical : 31 Secunia Advisories Not Critical : 5 Secunia Advisories ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Subscribe: http://secunia.com/advisories/weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support at secunia.com Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 ======================================================================== To unsubscribe click following link: http://secunia.com/summary/unsubscribe/?email=caos-secbox%40lists.infiscale.org ======================================================================== From sec-adv at secunia.com Thu Nov 5 09:19:38 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 18:19:38 +0100 Subject: [SEC] [SA37262] Joomla! Article Manipulation and Version Information Disclosure Message-ID: <200911051719.nA5HJcqY000667@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Joomla! Article Manipulation and Version Information Disclosure SECUNIA ADVISORY ID: SA37262 VERIFY ADVISORY: http://secunia.com/advisories/37262/ DESCRIPTION: Some security issues have been reported in Joomla!, which can be exploited by malicious people to disclose version information and by malicious users to manipulate certain data. 1) An error in the handling of XML files can be exploited to view version information installed modules. 2) An unspecified error in the application can be exploited to replace front page articles of another user. The security issues are reported in versions prior to 1.5.15. SOLUTION: Update to version 1.5.15. Restrict access to XML files (e.g. via an ".htaccess" file). PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits WHK and Gergo Erdosi. 2) The vendor credits Hannes Papenberg. ORIGINAL ADVISORY: 1) http://developer.joomla.org/security/news/306-20091103-core-xml-file-read-issue.html 2) http://developer.joomla.org/security/news/305-20091103-core-front-end-editor-issue-.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 09:52:27 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 18:52:27 +0100 Subject: [SEC] [SA37263] Drupal Zoomify Module Script Insertion Vulnerability Message-ID: <200911051752.nA5HqRPZ020445@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Drupal Zoomify Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA37263 VERIFY ADVISORY: http://secunia.com/advisories/37263/ DESCRIPTION: A vulnerability has been reported in the Zoomify module for Drupal, which can be exploited by malicious people to conduct script insertion attacks. Certain input passed via the node title parameter is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is reported in versions prior to 5.x-2.2 and 6.x-1.4. SOLUTION: Zoomify 5.x: Update to 5.x-2.2. http://drupal.org/node/623436 Zoomify 6.x: Update to 6.x-1.4. http://drupal.org/node/623434 PROVIDED AND/OR DISCOVERED BY: The vendor credits Dylan Wilder-Tack. ORIGINAL ADVISORY: SA-CONTRIB-2009-098: http://drupal.org/node/623678 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 10:18:38 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 19:18:38 +0100 Subject: [SEC] [SA37287] Drupal NGP COO/CWP Integration Module Multiple Vulnerabilities Message-ID: <200911051818.nA5IIckW007650@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Drupal NGP COO/CWP Integration Module Multiple Vulnerabilities SECUNIA ADVISORY ID: SA37287 VERIFY ADVISORY: http://secunia.com/advisories/37287/ DESCRIPTION: Some vulnerabilities have been reported in the NGP COO/CWP Integration module for Drupal, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to bypass certain security restrictions. 1) An error in the handling of access permissions can be exploited to access otherwise restricted module logs. 2) Certain input passed to unspecified parameters is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerabilities are reported in versions prior to 6.x-1.13. SOLUTION: Update to version 6.x-1.13. http://drupal.org/node/623506 PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Dylan Wilder-Tack. 2) The vendor credits Benjamin Jeavons. ORIGINAL ADVISORY: SA-CONTRIB-2009-094: http://drupal.org/node/623546 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 10:52:36 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 19:52:36 +0100 Subject: [SEC] [SA37289] Drupal Link Module Script Insertion Vulnerability Message-ID: <200911051852.nA5Iqa8S027403@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Drupal Link Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA37289 VERIFY ADVISORY: http://secunia.com/advisories/37289/ DESCRIPTION: A vulnerability has been reported in the Link module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the link title parameter, when using the "Separate title and URL" format, is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is reported in versions prior to 5.x-2.6 and 6.x-2.7. SOLUTION: Link 5.x: Update to version 5.x-2.6. http://drupal.org/node/620662 Link 6.x: Update to version 6.x-2.7. http://drupal.org/node/620668 PROVIDED AND/OR DISCOVERED BY: The vendor credits mr.baileys. ORIGINAL ADVISORY: SA-CONTRIB-2009-096: http://drupal.org/node/623562 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 11:18:26 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 20:18:26 +0100 Subject: [SEC] [SA37290] Drupal Organic Groups Vocabulary Module Script Insertion Vulnerability Message-ID: <200911051918.nA5JIQMq014607@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Drupal Organic Groups Vocabulary Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA37290 VERIFY ADVISORY: http://secunia.com/advisories/37290/ DESCRIPTION: A vulnerability has been reported in the Organic Groups Vocabulary module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain input passed via the group titles parameter is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is reported in versions prior to 6.x-1.1. SOLUTION: Update to version 6.x-1.1. http://drupal.org/node/621960 PROVIDED AND/OR DISCOVERED BY: The vendor credits St?phane Corlosquet of the Drupal Security Team and Dylan Wilder-Tack. ORIGINAL ADVISORY: SA-CONTRIB-2009-097: http://drupal.org/node/623674 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 11:52:29 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 20:52:29 +0100 Subject: [SEC] [SA37272] eoCMS SQL Injection Vulnerability Message-ID: <200911051952.nA5JqTg2001909@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: eoCMS SQL Injection Vulnerability SECUNIA ADVISORY ID: SA37272 VERIFY ADVISORY: http://secunia.com/advisories/37272/ DESCRIPTION: Cao Xuan Sang has reported a vulnerability in eoCMS, which can be exploited by malicious people to conduct SQL injection attacks. Certain input passed to the page divide function of the viewboard and viewtopic modules is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in versions prior to 0.9.02. SOLUTION: Update to version 0.9.02. http://eocms.com/index.php?act=plugin&id=4 PROVIDED AND/OR DISCOVERED BY: Cao Xuan Sang, Bkis ORIGINAL ADVISORY: eoCMS: http://eocms.com/forum/eocms-v0902-released.847.html Bkis: http://blog.bkis.com/?p=800 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 12:18:37 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 21:18:37 +0100 Subject: [SEC] [SA37284] Drupal Node Hierarchy Script Insertion Vulnerability Message-ID: <200911052018.nA5KIbwb021565@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Drupal Node Hierarchy Script Insertion Vulnerability SECUNIA ADVISORY ID: SA37284 VERIFY ADVISORY: http://secunia.com/advisories/37284/ DESCRIPTION: A vulnerability has been reported in the Node Hierarchy module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the child node titles is not properly sanitised before being displayed. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is reported in versions prior to 5.x-1.3 and 6.x-1.3. SOLUTION: Node Hierarchy 5.x: Update to version 5.x-1.3. http://drupal.org/node/622100 Node Hierarchy 6.x: Update to version 6.x-1.3. http://drupal.org/node/622092 PROVIDED AND/OR DISCOVERED BY: The vendor credits mr.baileys. ORIGINAL ADVISORY: SA-CONTRIB-2009-091: http://drupal.org/node/623490 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 12:52:21 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 21:52:21 +0100 Subject: [SEC] [SA37288] Drupal Smartqueue OG Module Security Bypass Message-ID: <200911052052.nA5KqL4C008883@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Drupal Smartqueue OG Module Security Bypass SECUNIA ADVISORY ID: SA37288 VERIFY ADVISORY: http://secunia.com/advisories/37288/ DESCRIPTION: A vulnerability has been reported in the Smartqueue OG module for Drupal, which can be exploited by malicious users to bypass certain security restrictions. An error in the handling of access permissions can be exploited to view otherwise restricted group node names. The vulnerability is reported in versions prior to 6.x-1.0-rc3 and 5.x-1.3. SOLUTION: Smartqueue OG 6.x: Update to version 6.x-1.0-rc3. http://drupal.org/node/617496 Smartqueue OG 5.x: Update to version 5.x-1.3. http://drupal.org/node/617500 PROVIDED AND/OR DISCOVERED BY: The vendor credits Ezra Barnett Gildesgame. ORIGINAL ADVISORY: SA-CONTRIB-2009-095: http://drupal.org/node/623554 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 13:18:30 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 22:18:30 +0100 Subject: [SEC] [SA37267] IBM AIX PowerHA Cluster Management Data Manipulation Message-ID: <200911052118.nA5LIUMr028521@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: IBM AIX PowerHA Cluster Management Data Manipulation SECUNIA ADVISORY ID: SA37267 VERIFY ADVISORY: http://secunia.com/advisories/37267/ DESCRIPTION: A vulnerability has been reported in IBM AIX, which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to an unspecified error in the PowerHA Cluster Management component. This can be exploited to make arbitrary changes to the local AIX configuration via specially crafted packets sent to TCP port 6177. The vulnerability is reported in AIX 5.3, 6.1, and prior, running PowerHA versions 5.4, 5.4.1, 5.5, or 6.1. SOLUTION: Apply interim fixes: http://aix.software.ibm.com/aix/efixes/security/haport_fix.tar Please see the vendor's advisory for more information on APAR availability. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://aix.software.ibm.com/aix/efixes/security/haport_advisory.asc ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 13:52:35 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 22:52:35 +0100 Subject: [SEC] [SA37211] Fedora update for python-4Suite-XML Message-ID: <200911052152.nA5LqZZr015847@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Fedora update for python-4Suite-XML SECUNIA ADVISORY ID: SA37211 VERIFY ADVISORY: http://secunia.com/advisories/37211/ DESCRIPTION: Fedora has issued an update for python-4Suite-XML. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to the use of vulnerable Expat code. For more information: SA36425 SOLUTION: Apply updated packages using the yum utility ("yum update python-4Suite-XML"). ORIGINAL ADVISORY: FEDORA-2009-10956: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00079.html FEDORA-2009-10972: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00106.html OTHER REFERENCES: SA36425: http://secunia.com/advisories/36425/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 14:29:31 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 23:29:31 +0100 Subject: [SEC] [SA37285] Drupal S5 Presentation Player Module Script Insertion Vulnerability Message-ID: <200911052229.nA5MTVAJ003191@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Drupal S5 Presentation Player Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA37285 VERIFY ADVISORY: http://secunia.com/advisories/37285/ DESCRIPTION: A vulnerability has been reported in the S5 Presentation Player module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain input passed to unspecified parameters is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is reported in versions prior to 6.x-1.1. SOLUTION: Update to version 6.x-1.1. http://drupal.org/node/617136 PROVIDED AND/OR DISCOVERED BY: The vendor credits G?bor Hojtsy of the Drupal Security team. ORIGINAL ADVISORY: SA-CONTRIB-2009-092: http://drupal.org/node/623508 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 14:50:14 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Nov 2009 23:50:14 +0100 Subject: [SEC] [SA37286] Drupal Temporary Invitation Module Script Insertion Vulnerability Message-ID: <200911052250.nA5MoEqW022772@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Drupal Temporary Invitation Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA37286 VERIFY ADVISORY: http://secunia.com/advisories/37286/ DESCRIPTION: A vulnerability has been reported in the Temporary Invitation module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain input passed to the name parameter, when creating a new invitation, is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is reported in versions prior to 5.x-2.3. SOLUTION: Update to version 5.x-2.3. http://drupal.org/node/623018 PROVIDED AND/OR DISCOVERED BY: The vendor credits Wolfgang Ziegler. ORIGINAL ADVISORY: SA-CONTRIB-2009-093: http://drupal.org/node/623526 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 15:15:33 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 00:15:33 +0100 Subject: [SEC] [SA37265] Asterisk SIP REGISTER Response User Enumeration Weakness Message-ID: <200911052315.nA5NFX9a009962@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Asterisk SIP REGISTER Response User Enumeration Weakness SECUNIA ADVISORY ID: SA37265 VERIFY ADVISORY: http://secunia.com/advisories/37265/ DESCRIPTION: A weakness has been reported in Asterisk, which can be exploited by malicious people to determine valid usernames. The problem is that different responses are being sent when using a valid or an invalid username in REGISTER messages. This can be exploited to determine valid usernames by sending specially crafted REGISTER messages. SOLUTION: Asterisk Open Source: Update to version 1.2.35, 1.4.26.3, 1.6.0.17, or 1.6.19 or apply patches. http://downloads.digium.com/pub/asa/AST-2009-008-1.2.diff.txt http://downloads.digium.com/pub/asa/AST-2009-008-1.4.diff.txt http://downloads.digium.com/pub/asa/AST-2009-008-1.6.0.diff.txt http://downloads.digium.com/pub/asa/AST-2009-008-1.6.1.diff.txt Asterisk Business Edition: Update to version B.2.5.12, C.2.4.5, or C.3.2.2. S800i (Asterisk Appliance): Update to version 1.3.0.5. PROVIDED AND/OR DISCOVERED BY: The vendor credits Patrik Karlsson. ORIGINAL ADVISORY: http://downloads.asterisk.org/pub/security/AST-2009-008.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 15:50:38 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 00:50:38 +0100 Subject: [SEC] [SA37253] Fedora update for rt3 Message-ID: <200911052350.nA5Noc4w029733@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Fedora update for rt3 SECUNIA ADVISORY ID: SA37253 VERIFY ADVISORY: http://secunia.com/advisories/37253/ DESCRIPTION: Fedora has issued an update for rt3. This fixes a vulnerability, which can be exploited by malicious people to conduct script insertion attacks. For more information: SA36752 SOLUTION: Apply updated packages using the yum utility ("yum update rt3"). ORIGINAL ADVISORY: FEDORA-2009-10426: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00025.html FEDORA-2009-10498: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00020.html OTHER REFERENCES: SA36752: http://secunia.com/advisories/36752/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 16:15:29 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 01:15:29 +0100 Subject: [SEC] [SA37276] HP Power Manager Arbitrary Code Execution Vulnerability Message-ID: <200911060015.nA60FTiG016926@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: HP Power Manager Arbitrary Code Execution Vulnerability SECUNIA ADVISORY ID: SA37276 VERIFY ADVISORY: http://secunia.com/advisories/37276/ DESCRIPTION: A vulnerability has been reported in HP Power Manager, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary code. SOLUTION: Restrict network access to trusted users only. PROVIDED AND/OR DISCOVERED BY: The vendor credits Janek Vind working with ZDI. ORIGINAL ADVISORY: HPSBMA02474 SSRT090107: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01905743 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 16:50:20 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 01:50:20 +0100 Subject: [SEC] [SA37261] Debian update for typo3-src Message-ID: <200911060050.nA60oKlX004238@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Debian update for typo3-src SECUNIA ADVISORY ID: SA37261 VERIFY ADVISORY: http://secunia.com/advisories/37261/ DESCRIPTION: Debian has issued an update for typo3-src. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting or script insertion attacks, and by malicious users to bypass certain security restrictions, conduct script insertion attacks, manipulate certain data, conduct SQL injection attacks, or compromise a vulnerable system. For more information: SA37122 SOLUTION: Apply updated packages. -- Debian GNU/Linux 4.0 alias etch -- Architecture independent packages: http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src-4.0_4.0.2+debian-9_all.deb Size/MD5 checksum: 7696110 030c0d0fa407a74b5d48a24d280e2ce5 http://security.debian.org/pool/updates/main/t/typo3-src/typo3_4.0.2+debian-9_all.deb Size/MD5 checksum: 77256 ba868af9c67e56ba346233e3473b94c6 Source archives: http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian-9.diff.gz Size/MD5 checksum: 32793 a0f7dee86225e89e4914633d2401e232 http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian.orig.tar.gz Size/MD5 checksum: 7683527 be509391b0e4d24278c14100c09dc673 http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian-9.dsc Size/MD5 checksum: 610 522ed0d81b54572f24b984a8448d594b -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5.orig.tar.gz Size/MD5 checksum: 8144727 75b2e5db6ac586fb6176f329be452159 http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny2.diff.gz Size/MD5 checksum: 122866 d4bce174f2ea2a94834cc0d250b51495 http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny2.dsc Size/MD5 checksum: 1008 8980c630529cf34c44f491e4ee6e6e07 Architecture independent packages: http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src-4.2_4.2.5-1+lenny2_all.deb Size/MD5 checksum: 8201724 ea85991b8e26953d7ff43080458cc766 http://security.debian.org/pool/updates/main/t/typo3-src/typo3_4.2.5-1+lenny2_all.deb Size/MD5 checksum: 133854 04e43a0b661c56a307a06f282f304e43 ORIGINAL ADVISORY: DSA-1926-1: http://www.us.debian.org/security/2009/dsa-1926 OTHER REFERENCES: SA37122: http://secunia.com/advisories/37122/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 17:15:32 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 02:15:32 +0100 Subject: [SEC] [SA37268] Sun Virtual Desktop Infrastructure VirtualBox Security Bypass Message-ID: <200911060115.nA61FWZN023889@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Sun Virtual Desktop Infrastructure VirtualBox Security Bypass SECUNIA ADVISORY ID: SA37268 VERIFY ADVISORY: http://secunia.com/advisories/37268/ DESCRIPTION: A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error in the Sun Virtual Desktop Infrastructure (VDI) and can be exploited to gain unauthorized access to the VirtualBox web service. The vulnerability is reported in Sun VDI 3.0 with VirtualBox version 2.0.8 or 2.0.10 on Solaris 10. SOLUTION: Apply patches. -- SPARC Platform -- Solaris 10 with Sun VDI Software 3.0: Apply patch 141481-03 or later and update to VirtualBox 2.0.12 or later. -- x86 Platform -- Solaris 10 with Sun VDI Software 3.0: Apply patch 141482-03 or later and update to VirtualBox 2.0.12 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-66-268328-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 17:50:33 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 02:50:33 +0100 Subject: [SEC] [SA37283] Drupal User Protect Module Cross-Site Request Forgery Message-ID: <200911060150.nA61oXFg011218@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Drupal User Protect Module Cross-Site Request Forgery SECUNIA ADVISORY ID: SA37283 VERIFY ADVISORY: http://secunia.com/advisories/37283/ DESCRIPTION: A vulnerability has been reported in the User Protect module for Drupal, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. delete protections imposed on users or change settings for user administrators. The vulnerability is reported in versions prior to 5.x-1.4 and 6.x-1.3. SOLUTION: User Protect 5.x: Update to version 5.x-1.4. http://drupal.org/node/623180 User Protect 6.x: Update to version 6.x-1.3. http://drupal.org/node/623186 PROVIDED AND/OR DISCOVERED BY: The vendor credits Chad Phillips. ORIGINAL ADVISORY: SA-CONTRIB-2009-090: http://drupal.org/node/623162 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 18:15:22 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 03:15:22 +0100 Subject: [SEC] [SA37214] Adobe Shockwave Player Multiple Vulnerabilities Message-ID: <200911060215.nA62FM64030847@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Adobe Shockwave Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA37214 VERIFY ADVISORY: http://secunia.com/advisories/37214/ DESCRIPTION: Some vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. 1) An error related to the use of an invalid index can be exploited to potentially execute arbitrary code via specially crafted Shockwave content. 2) An error related to the use of an invalid pointer can be exploited to potentially execute arbitrary code via specially crafted Shockwave content. 3) Another error related to the use an invalid pointer can be exploited to potentially execute arbitrary code via specially crafted Shockwave content. 4) An error when processing string lengths can be exploited to cause a memory corruption and potentially execute arbitrary code. NOTE: A boundary error which results in a crash was also reported. The vulnerabilities are reported in version 11.5.1.601 and prior. SOLUTION: Update to version 11.5.2.602: http://get.adobe.com/shockwave/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Nicolas Joly, Vupen Security. ORIGINAL ADVISORY: http://www.adobe.com/support/security/bulletins/apsb09-16.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 18:50:52 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 03:50:52 +0100 Subject: [SEC] [SA37246] Sun Solaris FreeType Multiple Vulnerabilities Message-ID: <200911060250.nA62oqhj018194@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Sun Solaris FreeType Multiple Vulnerabilities SECUNIA ADVISORY ID: SA37246 VERIFY ADVISORY: http://secunia.com/advisories/37246/ DESCRIPTION: Sun has acknowledged some vulnerabilities in Solaris, which potentially can be exploited by malicious people to compromise an application using the libfreetype library. For more information: SA34723 The vulnerabilities are reported in Solaris 8, 9, and 10 for both the SPARC and x86 platforms. SOLUTION: A final resolution is pending completion. Do not process untrusted font files. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1 OTHER REFERENCES: SA34723: http://secunia.com/advisories/34723/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 19:24:11 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 04:24:11 +0100 Subject: [SEC] [SA37220] Intel Desktop Boards DQ Series Bitmap Processing Privilege Escalation Message-ID: <200911060324.nA63OBdV006046@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Intel Desktop Boards DQ Series Bitmap Processing Privilege Escalation SECUNIA ADVISORY ID: SA37220 VERIFY ADVISORY: http://secunia.com/advisories/37220/ DESCRIPTION: A vulnerability has been reported in the Intel DQ35JO, DQ35MP, DQ45CB, and DQ45EK desktop boards, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. The vulnerability is caused due to an unspecified boundary error within the bitmap processing code. Further information is currently not available. SOLUTION: Update the BIOS. DQ35JO and DQ35MP: Update to version JOQ3510J.86A.1122.2009.1027.2020 DQ45CB and DQ45EK: Update to version CBQ4510H.86A.0101.2009.0928.1248 PROVIDED AND/OR DISCOVERED BY: The vendor credits Alexander Tereshkin, Rafal Wojtczuk, and Joanna Rutkowska from Invisible Things Lab ORIGINAL ADVISORY: http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00020&languageid=en-fr ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 19:50:31 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 04:50:31 +0100 Subject: [SEC] [SA37197] CubeCart Administrative Session Handling Security Bypass Vulnerability Message-ID: <200911060350.nA63oVjZ025695@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: CubeCart Administrative Session Handling Security Bypass Vulnerability SECUNIA ADVISORY ID: SA37197 VERIFY ADVISORY: http://secunia.com/advisories/37197/ DESCRIPTION: Bogdan Calin has discovered a vulnerability in CubeCart, which can be exploited by malicious people to bypass certain security restrictions. The application does not properly restrict access to the administrative section, which can be exploited to e.g. download a database backup by sending specially crafted HTTP requests with empty "X_CLUSTER_CLIENT_IP" and "User-Agent" headers and the "ccAdmin" cookie set to "+". The vulnerability is confirmed in version 4.3.4. Other versions may also be affected. SOLUTION: Update to version 4.3.5. PROVIDED AND/OR DISCOVERED BY: Bogdan Calin, Acunetix. ORIGINAL ADVISORY: Acunetix: http://www.acunetix.com/blog/websecuritynews/cubecart-4-session-management-bypass-leads-to-administrator-access/ CubeCart: http://forums.cubecart.com/index.php?showtopic=39748 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 20:15:08 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 05:15:08 +0100 Subject: [SEC] [SA37241] SUSE update for kernel Message-ID: <200911060415.nA64F8DI012892@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: SUSE update for kernel SECUNIA ADVISORY ID: SA37241 VERIFY ADVISORY: http://secunia.com/advisories/37241/ DESCRIPTION: SUSE has issued an update for the kernel. This fixes a security issue and some vulnerabilities, which can be exploited by malicious, local users to disclose system and potentially sensitive information, and cause a DoS (Denial of Service). For more information: SA36438 SA36927 SA37075 SOLUTION: Apply updated packages. x86 Platform: openSUSE 11.1: http://download.opensuse.org/debug/update/11.1/rpm/i586/kernel-debug-debuginfo-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/kernel-debug-debugsource-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/kernel-default-debuginfo-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/kernel-default-debugsource-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/kernel-ec2-debuginfo-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/kernel-ec2-debugsource-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/kernel-pae-debuginfo-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/kernel-pae-debugsource-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/kernel-source-debuginfo-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/kernel-trace-debuginfo-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/kernel-trace-debugsource-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/kernel-vanilla-debuginfo-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/kernel-vanilla-debugsource-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/kernel-xen-debuginfo-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/kernel-xen-debugsource-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-debug-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-debug-base-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-debug-extra-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-default-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-default-base-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-default-extra-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-ec2-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-ec2-base-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-ec2-extra-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-pae-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-pae-base-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-pae-extra-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-source-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-syms-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-trace-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-trace-base-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-trace-extra-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-vanilla-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-xen-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-xen-base-2.6.27.37-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-xen-extra-2.6.27.37-0.1.1.i586.rpm Platform Independent: openSUSE 11.1: http://download.opensuse.org/update/11.1/rpm/noarch/kernel-docs-2.6.3-3.13.55.noarch.rpm Power PC Platform: openSUSE 11.1: http://download.opensuse.org/debug/update/11.1/rpm/ppc/kernel-default-debuginfo-2.6.27.37-0.1.1.ppc.rpm http://download.opensuse.org/debug/update/11.1/rpm/ppc/kernel-default-debugsource-2.6.27.37-0.1.1.ppc.rpm http://download.opensuse.org/debug/update/11.1/rpm/ppc/kernel-kdump-debuginfo-2.6.27.37-0.1.1.ppc.rpm http://download.opensuse.org/debug/update/11.1/rpm/ppc/kernel-kdump-debugsource-2.6.27.37-0.1.1.ppc.rpm http://download.opensuse.org/debug/update/11.1/rpm/ppc/kernel-ppc64-debuginfo-2.6.27.37-0.1.1.ppc.rpm http://download.opensuse.org/debug/update/11.1/rpm/ppc/kernel-ppc64-debugsource-2.6.27.37-0.1.1.ppc.rpm http://download.opensuse.org/debug/update/11.1/rpm/ppc/kernel-ps3-debuginfo-2.6.27.37-0.1.1.ppc.rpm http://download.opensuse.org/debug/update/11.1/rpm/ppc/kernel-ps3-debugsource-2.6.27.37-0.1.1.ppc.rpm http://download.opensuse.org/debug/update/11.1/rpm/ppc/kernel-source-debuginfo-2.6.27.37-0.1.1.ppc.rpm http://download.opensuse.org/debug/update/11.1/rpm/ppc/kernel-vanilla-debuginfo-2.6.27.37-0.1.1.ppc.rpm http://download.opensuse.org/debug/update/11.1/rpm/ppc/kernel-vanilla-debugsource-2.6.27.37-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/kernel-default-2.6.27.37-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/kernel-default-base-2.6.27.37-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/kernel-default-extra-2.6.27.37-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/kernel-kdump-2.6.27.37-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/kernel-ppc64-2.6.27.37-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/kernel-ppc64-base-2.6.27.37-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/kernel-ppc64-extra-2.6.27.37-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/kernel-ps3-2.6.27.37-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/kernel-source-2.6.27.37-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/kernel-syms-2.6.27.37-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/kernel-vanilla-2.6.27.37-0.1.1.ppc.rpm x86-64 Platform: openSUSE 11.1: http://download.opensuse.org/debug/update/11.1/rpm/x86_64/kernel-debug-debuginfo-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/kernel-debug-debugsource-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/kernel-default-debuginfo-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/kernel-default-debugsource-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/kernel-ec2-debuginfo-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/kernel-ec2-debugsource-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/kernel-source-debuginfo-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/kernel-trace-debuginfo-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/kernel-trace-debugsource-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/kernel-vanilla-debuginfo-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/kernel-vanilla-debugsource-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/kernel-xen-debuginfo-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/kernel-xen-debugsource-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-debug-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-debug-base-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-debug-extra-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-default-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-default-base-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-default-extra-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-ec2-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-ec2-base-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-ec2-extra-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-source-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-syms-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-trace-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-trace-base-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-trace-extra-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-vanilla-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-xen-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-xen-base-2.6.27.37-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-xen-extra-2.6.27.37-0.1.1.x86_64.rpm Sources: openSUSE 11.1: http://download.opensuse.org/update/11.1/rpm/src/kernel-debug-2.6.27.37-0.1.1.nosrc.rpm http://download.opensuse.org/update/11.1/rpm/src/kernel-default-2.6.27.37-0.1.1.nosrc.rpm http://download.opensuse.org/update/11.1/rpm/src/kernel-docs-2.6.3-3.13.55.src.rpm http://download.opensuse.org/update/11.1/rpm/src/kernel-ec2-2.6.27.37-0.1.1.nosrc.rpm http://download.opensuse.org/update/11.1/rpm/src/kernel-kdump-2.6.27.37-0.1.1.nosrc.rpm http://download.opensuse.org/update/11.1/rpm/src/kernel-pae-2.6.27.37-0.1.1.nosrc.rpm http://download.opensuse.org/update/11.1/rpm/src/kernel-ppc64-2.6.27.37-0.1.1.nosrc.rpm http://download.opensuse.org/update/11.1/rpm/src/kernel-ps3-2.6.27.37-0.1.1.nosrc.rpm http://download.opensuse.org/update/11.1/rpm/src/kernel-source-2.6.27.37-0.1.1.src.rpm http://download.opensuse.org/update/11.1/rpm/src/kernel-syms-2.6.27.37-0.1.1.src.rpm http://download.opensuse.org/update/11.1/rpm/src/kernel-trace-2.6.27.37-0.1.1.nosrc.rpm http://download.opensuse.org/update/11.1/rpm/src/kernel-vanilla-2.6.27.37-0.1.1.nosrc.rpm http://download.opensuse.org/update/11.1/rpm/src/kernel-xen-2.6.27.37-0.1.1.nosrc.rpm Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SLE 11 SERVER Unsupported Extras http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=a3c9d6e59736ff861e0a4bb462041148 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=1dd9bf54d3522611d0ddce16b771516a http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=6b4be623588067de8b9a3b6b89b7e424 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=e22eecab3d9bf7c181f9fb4a506f5a06 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=f43021f26c93b56f57db63e80fc27be9 SLES 11 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=6d2f53ab7e3e69501a86208057c2ef96 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=6dba097d1becca3dbbb21d37603b4abd http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=ecd5c197b4c69dacf23b245089132742 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=650f64250b48193ff6617a946612537f http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=180ffe58c62210bba55d0af594f5207f SLED 11 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=6d2f53ab7e3e69501a86208057c2ef96 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=180ffe58c62210bba55d0af594f5207f SLE 11 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=6d2f53ab7e3e69501a86208057c2ef96 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=180ffe58c62210bba55d0af594f5207f SLE 11 High Availability Extension http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=6d2f53ab7e3e69501a86208057c2ef96 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=6dba097d1becca3dbbb21d37603b4abd http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=ecd5c197b4c69dacf23b245089132742 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=650f64250b48193ff6617a946612537f http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=180ffe58c62210bba55d0af594f5207f SLE 11 EC2 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=6d2f53ab7e3e69501a86208057c2ef96 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=180ffe58c62210bba55d0af594f5207f SLES 11 DEBUGINFO http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=6d2f53ab7e3e69501a86208057c2ef96 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=6dba097d1becca3dbbb21d37603b4abd http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=ecd5c197b4c69dacf23b245089132742 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=650f64250b48193ff6617a946612537f http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=180ffe58c62210bba55d0af594f5207f ORIGINAL ADVISORY: SUSE-SA:2009:051: http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00000.html OTHER REFERENCES: SA36438: http://secunia.com/advisories/36438/ SA36927: http://secunia.com/advisories/36927/ SA37075: http://secunia.com/advisories/37075/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 20:50:21 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 05:50:21 +0100 Subject: [SEC] [SA37231] Sun Java JDK / JRE Multiple Vulnerabilities Message-ID: <200911060450.nA64oLcr032649@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Sun Java JDK / JRE Multiple Vulnerabilities SECUNIA ADVISORY ID: SA37231 VERIFY ADVISORY: http://secunia.com/advisories/37231/ DESCRIPTION: A weakness and some vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a user's system. 1) A weakness is caused by the update mechanism failing to update JRE to a new version when running on non-English Windows versions. 2) An error in the JRE Deployment Toolkit on Windows can be exploited to execute arbitrary code when viewing a specially crafted web page. 3) An error in the Java Web Start installer can be exploited to run a malicious Java Web Start application as trusted and executed arbitrary code. 4) An error in the implementation of the "HsbParser.getSoundBank()" function can be exploited to cause a stack-based buffer overflow and potentially execute arbitrary code via an overly long "file://" URL argument. 5) An unspecified error when processing audio or image files can be exploited to potentially execute arbitrary code via an untrusted applet. 6) An error in the implementation of the "setDiffICM()" AWT function can be exploited to cause a stack-based buffer overflow and potentially execute arbitrary code. 7) Three unspecified errors when processing audio or image files can be exploited to potentially execute arbitrary code via an untrusted applet. 8) An integer overflow error when processing the dimensions of a JPEG subsample can be exploited to corrupt memory and potentially execute arbitrary code. 9) An error when verifying HMAC digests can be exploited to potentially bypass authentication via a fake digital signature that is incorrectly accepted as valid by a Java application. 10) An error when decoding DER encoded data can be exploited to exhaust all available JRE memory. 11) An error when parsing HTTP headers can be exploited to exhaust all available JRE memory. 12) An error in the implementation of the "setBytePixels()" AWT function can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. SOLUTION: Update to a fixed version. JDK and JRE 6 Update 17: http://java.sun.com/javase/downloads/index.jsp JDK and JRE 5.0 Update 22: http://java.sun.com/javase/downloads/index_jdk5.jsp Java SE for Business SDK and JRE 1.4.2_24: http://www.sun.com/software/javaseforbusiness/getit_download.jsp SDK and JRE 1.3.1_27 (for customers with Solaris 8 and Vintage Support Offering support contracts): http://java.sun.com/j2se/1.3/download.html PROVIDED AND/OR DISCOVERED BY: 3) Peter Csepely, reported via ZDI 4) an anonymous researcher, reported via ZDI 8) regenrecht, reported via ZDI 6, 12) Peter Vreugdenhil, reported via ZDI The vendor also credits: 1) Tomasz "Tometzky" Ostrowski 2, 5) an anonymous researcher, reported via iDefense 7) regenrecht, reported via iDefense 9) Coda Hale 10, 11) BFK edv-consulting GmbH CHANGELOG: 2009-11-05: Added additional information provided by ZDI to the advisory. ORIGINAL ADVISORY: Sun: http://sunsolve.sun.com/search/document.do?assetkey=1-66-269868-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-269869-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-269870-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-270475-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-270476-1 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-076/ http://www.zerodayinitiative.com/advisories/ZDI-09-077/ http://www.zerodayinitiative.com/advisories/ZDI-09-078/ http://www.zerodayinitiative.com/advisories/ZDI-09-079/ http://www.zerodayinitiative.com/advisories/ZDI-09-080/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 21:15:25 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 06:15:25 +0100 Subject: [SEC] [SA37228] RhinoSoft Serv-U Cookie Buffer Overflow Vulnerability Message-ID: <200911060515.nA65FPQX019846@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: RhinoSoft Serv-U Cookie Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA37228 VERIFY ADVISORY: http://secunia.com/advisories/37228/ DESCRIPTION: Nikolas Rangos has discovered a vulnerability in Serv-U, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the included HTTP server when processing certain cookies. This can be exploited to cause a stack-based buffer overflow by sending a malicious HTTP request containing a specially crafted cookie to the server. The vulnerability is confirmed in version 9.0.0.5. Other versions may also be affected. SOLUTION: Filter malicious requests using a proxy. PROVIDED AND/OR DISCOVERED BY: Nikolaos Rangos, KC Security. ORIGINAL ADVISORY: http://www.rangos.de/ServU-ADV.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 21:50:30 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 06:50:30 +0100 Subject: [SEC] [SA37229] Symantec Altiris ConsoleUtilities ActiveX Control Buffer Overflow Message-ID: <200911060550.nA65oU0I007177@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Symantec Altiris ConsoleUtilities ActiveX Control Buffer Overflow SECUNIA ADVISORY ID: SA37229 VERIFY ADVISORY: http://secunia.com/advisories/37229/ DESCRIPTION: A vulnerability has been reported in the Symantec Altiris ConsoleUtilities ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the ConsoleUtilities ActiveX control (AeXNSConsoleUtilities.dll). This can be exploited to cause a stack-based buffer overflow via an overly long argument passed to the "BrowseAndSaveFile()" method. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in AeXNSConsoleUtilities.dll version 6.0.0.1846, Symantec Altiris Deployment Solution 6.9.x, Symantec Altiris Notification Server 6.0.x, and Symantec Management Platform 7.0.x. SOLUTION: Apply updates. Symantec Altiris Deployment Solution 6.9.x: https://kb.altiris.com/article.asp?article=49568&p=1 Symantec Altiris Notification Server 6.0.x: https://kb.altiris.com/article.asp?article=49389&p=1 Symantec Management Platform 7.0.x: https://kb.altiris.com/article.asp?article=49389&p=1 PROVIDED AND/OR DISCOVERED BY: Nikolas Sotiriu ORIGINAL ADVISORY: Symantec (SYM09-015): http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091102_00 Nikolas Sotiriu: http://sotiriu.de/adv/NSOADV-2009-001.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 5 22:15:07 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 07:15:07 +0100 Subject: [SEC] [SA37190] OpenBSD "ip_ctloutput()" and "ip6_ctloutput()" NULL Pointer Dereference Message-ID: <200911060615.nA66F7do026804@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: OpenBSD "ip_ctloutput()" and "ip6_ctloutput()" NULL Pointer Dereference SECUNIA ADVISORY ID: SA37190 VERIFY ADVISORY: http://secunia.com/advisories/37190/ DESCRIPTION: A vulnerability has been reported in OpenBSD, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL pointer dereference error within the "ip_ctloutput()" function in sys/netinet/ip_output.c and the "ip6_ctloutput()" function in sys/netinet6/ip6_output.c. This can be exploited to crash an affected kernel by calling "getsockopt()" with e.g. IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, IP_ESP_NETWORK_LEVEL, or IP_IPCOMP_LEVEL. Note: Successful exploitation requires root privileges. SOLUTION: Apply patches. OpenBSD 4.4: ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/016_getsockopt.patch OpenBSD 4.5: ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.5/common/009_getsockopt.patch OpenBSD 4.6: ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/003_getsockopt.patch PROVIDED AND/OR DISCOVERED BY: The vendor credits Clement LECIGNE. ORIGINAL ADVISORY: http://openbsd.org/errata44.html#016_getsockopt http://openbsd.org/errata45.html#009_getsockopt http://openbsd.org/errata46.html#003_getsockopt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 6 09:18:10 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 18:18:10 +0100 Subject: [SEC] [SA37282] Debian update for linux-2.6.24 Message-ID: <200911061718.nA6HIAsi023543@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Debian update for linux-2.6.24 SECUNIA ADVISORY ID: SA37282 VERIFY ADVISORY: http://secunia.com/advisories/37282/ DESCRIPTION: Debian has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose sensitive information, cause a DoS (Denial of Service), and potentially gain escalated privileges. For more information: SA35983 SA36136 SA36438 SA36617 SA36707 SA37086 SA37121 SA37233 SOLUTION: Apply updated packages. -- Debian GNU/Linux 4.0 alias etch -- Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.9etch1.dsc Size/MD5 checksum: 5118 11c39e0f0505c5a71453ba177ec2f780 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.9etch1.diff.gz Size/MD5 checksum: 4062851 38835b393eaf53915dbee39ef0ef0bce http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz Size/MD5 checksum: 59630522 6b8751d1eb8e71498ba74bbd346343af Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.9etch1_all.deb Size/MD5 checksum: 4262022 bb1c503dcb847b700814d433cdddb1f9 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.9etch1_all.deb Size/MD5 checksum: 83302 2a8576eb3003b7ba1ead19ad7ef6ce0c http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.9etch1_all.deb Size/MD5 checksum: 1548296 3e044fb0d0bb8614f787f78fee86ce04 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.9etch1_all.deb Size/MD5 checksum: 46864328 20c0417498421842a7175074aea06a0f http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.9etch1_all.deb Size/MD5 checksum: 97672 b1aa55ab4464293f5dac5b38e05948bb http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.9etch1_all.deb Size/MD5 checksum: 964124 a40463a66e93920bdd639d2c70d870cb alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-alpha_2.6.24-6~etchnhalf.9etch1_alpha.deb Size/MD5 checksum: 82894 819512914da24a2d82d471a17a6126ea http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.9etch1_alpha.deb Size/MD5 checksum: 332670 c249c0b58448936c450c26b1340994d0 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.9etch1_alpha.deb Size/MD5 checksum: 26758158 1a5497e6cd4f62b36f4cfdae9a606e24 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.9etch1_alpha.deb Size/MD5 checksum: 26737882 fc949e1dbc0d0c6c7688148babdfd5d1 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch1_alpha.deb Size/MD5 checksum: 3454880 83a5e26b99def049eec7571242778961 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.9etch1_alpha.deb Size/MD5 checksum: 332158 8f3a3adf61a6e150763a383d4b566db2 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.9etch1_alpha.deb Size/MD5 checksum: 330952 0ec11881ba63842e135d3752a765177d http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch1_alpha.deb Size/MD5 checksum: 82868 b5396790365bab5a2d032d1b3bece1ed http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.9etch1_alpha.deb Size/MD5 checksum: 27341634 d11f40ed34af0197de7f61ef07d30abb amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.9etch1_amd64.deb Size/MD5 checksum: 354620 0decd6646f19383f6958e5d90b92e87b http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch1_amd64.deb Size/MD5 checksum: 82864 2869e673de24c9741042e2bb37f84d58 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch1_amd64.deb Size/MD5 checksum: 3650612 1b0f205b955558d402611693f783c495 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.9etch1_amd64.deb Size/MD5 checksum: 19598112 ed3b7a91d93a116a4b175d173ad0f078 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-amd64_2.6.24-6~etchnhalf.9etch1_amd64.deb Size/MD5 checksum: 82872 c560fbca727844a090f88f9d6569ed0b hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch1_hppa.deb Size/MD5 checksum: 82992 1604c10382bd677723af0a811fdb466f http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.9etch1_hppa.deb Size/MD5 checksum: 258316 90502abd75a09ceed13a5efd22e996c5 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch1_hppa.deb Size/MD5 checksum: 3445284 32e69244553a870750d771254d1c95bd http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.9etch1_hppa.deb Size/MD5 checksum: 258996 fc63f1ef7e55c899b9ef2d736bc5e648 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.9etch1_hppa.deb Size/MD5 checksum: 260542 97df4eda2fbd582dd6951bb1b7f31e85 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.9etch1_hppa.deb Size/MD5 checksum: 14830274 fb45fe9d1b77d908d5adbb353b211994 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.9etch1_hppa.deb Size/MD5 checksum: 261064 f5d2cbb6216c1ffebbd73153a75e75a5 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-hppa_2.6.24-6~etchnhalf.9etch1_hppa.deb Size/MD5 checksum: 83020 103285de6aad099908a2fedbbca24069 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.9etch1_hppa.deb Size/MD5 checksum: 13847626 3c429ea0e61a446b3e7b13b943eafcb5 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.9etch1_hppa.deb Size/MD5 checksum: 14374844 760d7850faff110d14494c86095aa45c http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.9etch1_hppa.deb Size/MD5 checksum: 13335298 2b476692a155f3f735f3af76f7170cd8 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.9etch1_i386.deb Size/MD5 checksum: 358770 0778828f3b2061e293f3aabc0aa78315 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.9etch1_i386.deb Size/MD5 checksum: 358342 3c8b34971bd6f2b69854328888aa4349 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.9etch1_i386.deb Size/MD5 checksum: 19146708 1818f00a12bc38f393e6d84f71afae73 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-i386_2.6.24-6~etchnhalf.9etch1_i386.deb Size/MD5 checksum: 82890 318cd7ef9d8b39d02da83a3a982f7c40 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.9etch1_i386.deb Size/MD5 checksum: 19481866 bb86c9b5a4944b48492a38f81ea38026 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch1_i386.deb Size/MD5 checksum: 3655456 fb818a8696c619e5c9c7af73eec2b3c3 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.9etch1_i386.deb Size/MD5 checksum: 358104 388750612fda29fb362771823e54993c http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.9etch1_i386.deb Size/MD5 checksum: 19213920 bc5f6ef45349d25064125c5c34e78fde http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.9etch1_i386.deb Size/MD5 checksum: 19215890 868b1eb9c46677d9d97d0678b4a21894 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.9etch1_i386.deb Size/MD5 checksum: 346092 1874a566f494c8fa93946f7cdf71557f http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch1_i386.deb Size/MD5 checksum: 82864 321874f0f13b6e236c428568a492cb90 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch1_ia64.deb Size/MD5 checksum: 82866 410b7f438b9b8468e3789058dcb31d63 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.9etch1_ia64.deb Size/MD5 checksum: 32208224 154e3adb6765a43a000dcb9f9256db56 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch1_ia64.deb Size/MD5 checksum: 3568326 aa15646940c12e9f722d3668cca00270 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-ia64_2.6.24-6~etchnhalf.9etch1_ia64.deb Size/MD5 checksum: 82888 31354bcffa90ddfd3dd3905f37b53685 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.9etch1_ia64.deb Size/MD5 checksum: 319102 7e62e5eadf5b3b8eecc22ccdfa57b19a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.9etch1_ia64.deb Size/MD5 checksum: 319462 44040aba13eedc65922aa25a05fc8b86 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.9etch1_ia64.deb Size/MD5 checksum: 32025040 474e2842ef8f69677380db67882b0fb0 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.9etch1_mipsel.deb Size/MD5 checksum: 13317670 61df26ad246695fad18f2f76c3c5163f http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch1_mipsel.deb Size/MD5 checksum: 3804192 393d33cc947f3e091c5858ef9179a70a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.9etch1_mipsel.deb Size/MD5 checksum: 308984 157b8af3aa5634f7a516cdf5cc220836 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.9etch1_mipsel.deb Size/MD5 checksum: 309750 d7ff28e982746494de3626cd747287c5 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.9etch1_mipsel.deb Size/MD5 checksum: 21737172 78c5c433465bc97c6c16a49fea05b575 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.9etch1_mipsel.deb Size/MD5 checksum: 246818 884f377e13d22f6633a49d4c0367f848 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch1_mipsel.deb Size/MD5 checksum: 82870 cacc5fac473c021a7e0c0f7103e1efc0 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.9etch1_mipsel.deb Size/MD5 checksum: 246614 31c1c45fab75abb6221285c152b23cfd http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.9etch1_mipsel.deb Size/MD5 checksum: 16567458 f1da961b02a1c60672349c1a9c19c9d1 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mipsel_2.6.24-6~etchnhalf.9etch1_mipsel.deb Size/MD5 checksum: 82916 4b4d12b65b14c90ac9dda0c6303f9f5c http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.9etch1_mipsel.deb Size/MD5 checksum: 16631254 b956adbf57f77bc34f06ca58d0d6a73f http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.9etch1_mipsel.deb Size/MD5 checksum: 26990038 bd115b24191672415033fb0d077e33e8 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.9etch1_mipsel.deb Size/MD5 checksum: 247676 99d036e308655b4fb11d460fd50c4dd1 ORIGINAL ADVISORY: DSA-1928-1: http://lists.debian.org/debian-security-announce/2009/msg00251.html OTHER REFERENCES: SA35983: http://secunia.com/advisories/35983/ SA36136: http://secunia.com/advisories/36136/ SA36438: http://secunia.com/advisories/36438/ SA36617: http://secunia.com/advisories/36617/ SA36707: http://secunia.com/advisories/36707/ SA37086: http://secunia.com/advisories/37086/ SA37121: http://secunia.com/advisories/37121/ SA37233: http://secunia.com/advisories/37233/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 6 09:53:12 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 18:53:12 +0100 Subject: [SEC] [SA37293] Debian update for linux-2.6 Message-ID: <200911061753.nA6HrCit010881@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Debian update for linux-2.6 SECUNIA ADVISORY ID: SA37293 VERIFY ADVISORY: http://secunia.com/advisories/37293/ DESCRIPTION: Debian has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially gain escalated privileges. For more information: SA36438 SA36617 SA37086 SA37233 SOLUTION: Apply updated packages. -- Debian GNU/Linux 4.0 alias etch -- Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-26etch1.diff.gz Size/MD5 checksum: 5514957 b9cb3b1e1ba1196b9020e6d07d48b752 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-26etch1.dsc Size/MD5 checksum: 5673 4ba2595893287a7b82713ca182aad7be http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-26etch1_all.deb Size/MD5 checksum: 3721660 836e780dd306ee60318d8ac1c28087eb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-26etch1_all.deb Size/MD5 checksum: 41474520 7457b0e444adb6b31dbcda82768671cd http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-26etch1_all.deb Size/MD5 checksum: 1852976 ec11d9e2967a87b27fac807f80218d0e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-26etch1_all.deb Size/MD5 checksum: 58896 e7dc19b1c3f0a22c1764420642117fa8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-26etch1_all.deb Size/MD5 checksum: 3593482 146e26a9c17bfa1a0a1fa198afdf1c70 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-26etch1_all.deb Size/MD5 checksum: 1091166 7a089920e547412d07cf1ef44e47bbb1 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 58290 7a1661641c432bc5a1e442a71f0584ac http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 58254 223e25b49b1ce3fefe9934ecdda7cec4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 23374558 fc6fad80b66536f0c86fe4a4923057fa http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 266914 bd1cb44848eb7ed46418783e958046de http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 267502 b719376ff7b69b31e59f49010c249d17 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 23440762 aace7bef32f7f7f69e1aeed69d191c41 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 266308 228979a449e897802d4089909eef0326 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 2978226 214923bbb5171e2a3daa23ed31240118 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 267100 60048c2f207f0b00b1fab86639f3c276 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 23393346 1fcae90244756e9b1ed37b08a8e39b99 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 23752762 c6b5c665617a937c6caee0558daa8b2d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 3001856 cb672b346cd9b30717e4446ee2545fff amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 3339600 83ef8191115cf0c23599b2ad45da661c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 15279100 dba0ecedc142a8f29c08ff3cb35fc9e5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 3362362 7acf6afbec42d7e386e4e99f45e07849 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 16822140 04e89e226683aee6fc0f5e2d2751e258 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 277136 04ba98f1750e31f17a52caa0add3e419 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 3196356 37e16a42ebf900a63d15ec1c47bd2a2a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 15266172 647285195e9651e86fc78f47ca3e6aa3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 1687964 2556db55e5438dc01309d7d461f91ee3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 3173540 5e0fd0af39da8904a5fc459e00fe1592 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 276536 ac228fd76c2a64910f1194c39f5dd9a5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 274660 9817c928baacf675542085e0387cfedc http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 16868682 d99a5ffc0a0c88dee5f8c279e3f96f64 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 58278 4825706649861dcc9afd8438f961ec6e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 1656646 633e8373c64bb27bc283e87300ebe6cf http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 276056 60aec7d94ae1a1afa21cc68d5b7d3c53 http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 58254 8bb6069f2f74da9b2bb5603898dc22e3 http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 58240 51d240b42f43c2cb30c31f5c4bf2117c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 58254 31e336851095fea2499e594987acea4b hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-26etch1_hppa.deb Size/MD5 checksum: 10563254 4486c3660f904e4bd439c370b7f97c69 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-26etch1_hppa.deb Size/MD5 checksum: 11814740 f178d4aa3358d09a492436d29dbee5cb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-26etch1_hppa.deb Size/MD5 checksum: 202308 42a4b6b6b9c2f711d4c3b932353457fb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-26etch1_hppa.deb Size/MD5 checksum: 11404596 9bd75cb26f23cc0c012dbcc1458c547f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-26etch1_hppa.deb Size/MD5 checksum: 11005460 01d3a246f1ffe6f368fa6ca9f4548e97 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_hppa.deb Size/MD5 checksum: 3026810 ef214434dcb13fe3bdd684bf580a6b9b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-26etch1_hppa.deb Size/MD5 checksum: 203070 d50c921e10f3dd82ff85287acaf0b14f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-26etch1_hppa.deb Size/MD5 checksum: 201556 da0a211d54dcd3e34fa29514c9934f9d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-26etch1_hppa.deb Size/MD5 checksum: 58368 9917c0b22afe4c440ec64ff6d2a608e4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-26etch1_hppa.deb Size/MD5 checksum: 201912 163590408b3e663b5f8cfae14e3c89a5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_hppa.deb Size/MD5 checksum: 58338 58f6a43a14a89d67bb46c796e8bde247 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 290694 8a08177d6d4f46a20086b489ce4decf2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 280544 0ffbb9bc4aee76a067cebcec6f31f62e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 287894 831999c67686f31d2346b0fa6b4948aa http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 16543512 c0b9fdc137151b96ccb8198fab8b5f72 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 16931792 b73f3867a2efef757fcd111916116105 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 14401768 eb0e34a9dfc17344c471b158faeab021 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 58386 9ef707bff12f1cdb495a075c13325564 http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 58324 a00b5e3696278aa2d9c59f16267e3d06 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 16326580 3ad3c0068e6343b6e5f70f3c44fdb3d5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 289228 4fcd19b2eb92b4550dc4a7673acc4f62 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 16645286 1b2290466641e1d9ef3ecf942180fe79 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 3215828 0c99ba0dd4abce66cda2fe6c554ccc03 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 16517286 a729d0b07130c615d0d32d7b2ac46852 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 289284 183af751e23717e0ac5821f60959e5ad http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 14392520 cc51caf6cedda77521b7ee9065478392 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 288014 c4834561b492ff42175353c524e0cbd1 http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 58340 7c463341e612b3159e0032aaf62ab5e1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 16477446 5829e6f2dce15ae1f3f74ca4d4180847 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 291792 74558945d364674729b71b4d2598d1c8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 1304666 d9f7fb52fe8d29a9880ebc697eaae90f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 3239372 a7e8ba983a1e45176d33b86871e3940e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 3117812 36cc1af70a13016e79224a3f90981ac8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 1332688 a1c7f6d7435eaeb22c4e7097611602e5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 278926 cf2ec90e9c683c7c5904e76145b2b562 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 3231506 8e9ff0b708e2e616072f569f0682fa11 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 16604666 4d7eb157fa109072d21ec472bbbb46f1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 280110 d34163dab810a30572c7c1a29b9efdb6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 58326 bd8f5323a48ba297f6f404a4f26fd864 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_ia64.deb Size/MD5 checksum: 58254 d64ce41c696ae0af6e65348111b0e1c2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-26etch1_ia64.deb Size/MD5 checksum: 58276 509dcd2833bd560ed6dccffc0a448593 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-26etch1_ia64.deb Size/MD5 checksum: 259696 9e187526ddd2342af180682ab502f302 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-26etch1_ia64.deb Size/MD5 checksum: 259718 b670f97d9bd044492111b7698ed228c3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-26etch1_ia64.deb Size/MD5 checksum: 28023040 9c2dbc349ec7702f781f978f27987da9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_ia64.deb Size/MD5 checksum: 3087206 3638b390791d5053b67b060e6a124866 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-26etch1_ia64.deb Size/MD5 checksum: 28194506 228765e996a15ef56fc2cb94e74abeeb powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 3462292 f3f1c68ba029943c6054421c1ba23059 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 261230 26a45e4c0a77f21af0e5a6ffb0dc2b63 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 58266 f717cc289546c2037e4ca18aa630ceb9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 3486460 4c5d5df532d84da56f78e47ce6262d60 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 262664 e499f6e0e4278f5d4263c9a952877624 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 263770 d12d5f3fce934b3db4dd29d5349d84a4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 15240084 96adc4183855af04aaeca7db1d37a27e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 17113852 9db05c81e32ef07f342eb54374c6ac6e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 16727566 dfbc08d63a91ba7bef73dfca238559f7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-prep_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 16506028 0f65a31aecb306f281348ad410174926 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 17068826 bc0941830a8d7369abaf876837a0c81e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc64_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 262882 d5d2a01011e0a9efea7a7b2c0cbacc41 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 18433752 23a6d8183e781a43469daf3cd7769fcb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 237826 90097f02a1ed0a29b81fe3bc64259696 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-powerpc_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 58312 6330638237601d3ea55b2a80d1c54540 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc64_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 18384182 18eabc40e998896c8f77243e84f99458 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-prep_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 254332 4ac0852bf3ba527f890f828ecd749284 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 262220 a5ee6d47da04555615ad2bab7f646b13 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-26etch1_s390.deb Size/MD5 checksum: 148246 96f1a25db3b6aa699af3ad7185a96bd2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-26etch1_s390.deb Size/MD5 checksum: 149402 44a4ec702fc2410f733aabe494c0f4e4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-26etch1_s390.deb Size/MD5 checksum: 148624 78919a54c4a93dbf395369a106c76b5b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-26etch1_s390.deb Size/MD5 checksum: 58276 133b1b15cca9cb34e07eae4f3ec4a3db http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-26etch1_s390.deb Size/MD5 checksum: 5410288 dd1b3737c133081f4b512c2a1ecb1cf6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-26etch1_s390.deb Size/MD5 checksum: 5626808 5b7dc2c64fac5988d6070a1cddeb19f3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-26etch1_s390.deb Size/MD5 checksum: 5672368 f31471a55f12bb17eade213d7672cb80 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch1_s390.deb Size/MD5 checksum: 2971470 e546925e4309b61b6b598de04b6a1e5a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-26etch1_s390.deb Size/MD5 checksum: 1445974 f80e8929c0406cbae86ba2bdf6c611e2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_s390.deb Size/MD5 checksum: 58256 3c413237e42a72c9b70f58cb65278ce9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_s390.deb Size/MD5 checksum: 2948300 f57e56f38edd5977cf95012c373f9519 ORIGINAL ADVISORY: DSA 1929-1: http://lists.debian.org/debian-security-announce/2009/msg00252.html OTHER REFERENCES: SA36438: http://secunia.com/advisories/36438/ SA36617: http://secunia.com/advisories/36617/ SA37086: http://secunia.com/advisories/37086/ SA37233: http://secunia.com/advisories/37233/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 6 10:18:28 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 19:18:28 +0100 Subject: [SEC] [SA37258] Portili Products Multiple Vulnerabilities Message-ID: <200911061818.nA6IIShJ030507@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Portili Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA37258 VERIFY ADVISORY: http://secunia.com/advisories/37258/ DESCRIPTION: Some vulnerabilities have been reported in Portili products, which can be exploited by malicious people to manipulate certain data, disclose system information, and conduct cross-site scripting attacks. 1) Input passed via the "original_path" and "name" parameters to ajaxfilemanager/ajax_save_name.php is not properly sanitised before being used to move files. This can be exploited to move arbitrary directories in the webroot of the application. 2) The "phpinfo.php" script is stored with insecure permissions inside the web root. This can be exploited to gain knowledge of sensitive information (e.g. PHP configuration details) by requesting the file directly. 3) Input passed via the "view" parameter to ajaxfilemanager/ajaxfilemanager.php is not properly sanitised before being displayed to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. The vulnerabilities are confirmed in Portili Personal Wiki 1.14 and reported in Portili Team Wiki 1.14. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Restrict access to the "phpinfo.php" script (e.g. via .htaccess). PROVIDED AND/OR DISCOVERED BY: Abysssec Inc. ORIGINAL ADVISORY: http://packetstormsecurity.org/0911-exploits/Portili-V1.14.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 6 10:52:07 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 19:52:07 +0100 Subject: [SEC] [SA37295] Fedora update for kernel Message-ID: <200911061852.nA6Iq7AF017833@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Fedora update for kernel SECUNIA ADVISORY ID: SA37295 VERIFY ADVISORY: http://secunia.com/advisories/37295/ DESCRIPTION: Fedora has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially gain escalated privileges. For more information: SA36707 SA37086 SA37233 SOLUTION: Apply updated packages via the yum utility ("yum update kernel"). ORIGINAL ADVISORY: FEDORA-2009-11038: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html OTHER REFERENCES: SA36707: http://secunia.com/advisories/36707/ SA37086: http://secunia.com/advisories/37086/ SA37233: http://secunia.com/advisories/37233/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 6 11:18:19 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 20:18:19 +0100 Subject: [SEC] [SA37302] Fedora update for kernel Message-ID: <200911061918.nA6JIJ1B005024@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Fedora update for kernel SECUNIA ADVISORY ID: SA37302 VERIFY ADVISORY: http://secunia.com/advisories/37302/ DESCRIPTION: Fedora has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. For more information: SA36707 SA37086 SA37233 SOLUTION: Apply updated packages via the yum utility ("yum update kernel"). ORIGINAL ADVISORY: FEDORA-2009-11032: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00178.html OTHER REFERENCES: SA36707: http://secunia.com/advisories/36707/ SA37086: http://secunia.com/advisories/37086/ SA37233: http://secunia.com/advisories/37233/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 6 11:52:05 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 20:52:05 +0100 Subject: [SEC] [SA37264] Ubuntu update for libgd2 Message-ID: <200911061952.nA6Jq5g0024801@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Ubuntu update for libgd2 SECUNIA ADVISORY ID: SA37264 VERIFY ADVISORY: http://secunia.com/advisories/37264/ DESCRIPTION: Ubuntu has issued an update for libgd2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. For more information: SA25855 SA36791 SA37069 SOLUTION: Apply updated packages. -- Ubuntu 6.06 LTS -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33-2ubuntu5.4.diff.gz Size/MD5: 258547 04046c5a93a087f4f5ade0055bbf22cb http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33-2ubuntu5.4.dsc Size/MD5: 973 c7ce6a684cc67dbc69f03e03b54b51b2 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.33.orig.tar.gz Size/MD5: 587617 be0a6d326cd8567e736fbc75df0a5c45 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-dev_2.0.33-2ubuntu5.4_all.deb Size/MD5: 129774 a31ad9eacfd696ffe3fdef93acef73c3 http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd2_2.0.33-2ubuntu5.4_all.deb Size/MD5: 129750 4d8c0ad2d083e789d953e6182d078ef4 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-2ubuntu5.4_amd64.deb Size/MD5: 341658 4561d10b25acda7165cd538d88a9e5a9 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.33-2ubuntu5.4_amd64.deb Size/MD5: 200492 e6457ffbe31f4e546d4484d5bd1bc2ed http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.33-2ubuntu5.4_amd64.deb Size/MD5: 343380 0d023589f24ca1a95040993d1d4a30c1 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.33-2ubuntu5.4_amd64.deb Size/MD5: 202212 7cec8f0bc8704d35e453eb2b07a21e01 http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.33-2ubuntu5.4_amd64.deb Size/MD5: 143136 f438666205ada39092897b6e959345d8 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-2ubuntu5.4_i386.deb Size/MD5: 331210 a0480de5209f2e66de2164997c3bcb25 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.33-2ubuntu5.4_i386.deb Size/MD5: 193572 b195270648b35995a62b1887995e4025 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.33-2ubuntu5.4_i386.deb Size/MD5: 331984 a1a1c0b922638f2adcbd86188f689df1 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.33-2ubuntu5.4_i386.deb Size/MD5: 195218 100b604eb7ada1ac48c38fddaeeee7d5 http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.33-2ubuntu5.4_i386.deb Size/MD5: 142190 8cb1e1126490d20129355cea61535cea powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-2ubuntu5.4_powerpc.deb Size/MD5: 342796 c1bf1b5a00916f51d60266cac243d152 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.33-2ubuntu5.4_powerpc.deb Size/MD5: 200630 20f64b15460b57ed8f76758eea5b22a7 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.33-2ubuntu5.4_powerpc.deb Size/MD5: 344696 b5eb207979cea4e3f29101177591599c http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.33-2ubuntu5.4_powerpc.deb Size/MD5: 202184 ddf0bf913ff41c27fbf635dfe26fe34e http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.33-2ubuntu5.4_powerpc.deb Size/MD5: 151384 574ab21f61657b6c713c917d98636c83 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-2ubuntu5.4_sparc.deb Size/MD5: 334374 672949b6e6eed63db0372617b9c62b69 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.33-2ubuntu5.4_sparc.deb Size/MD5: 194718 bc9eaf1f8bde7c9de9eb946c55c54883 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.33-2ubuntu5.4_sparc.deb Size/MD5: 335598 b27bef38e70d8b2895346b4b8d89a6c9 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.33-2ubuntu5.4_sparc.deb Size/MD5: 196614 92e83e3d10c5c9803df672fd86ba8f1e http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.33-2ubuntu5.4_sparc.deb Size/MD5: 142438 5a968a81069fe918ad28bfa21c4b1c1b ORIGINAL ADVISORY: USN-854-1: http://www.ubuntu.com/usn/USN-854-1 OTHER REFERENCES: SA25855: http://secunia.com/advisories/25855/ SA36791: http://secunia.com/advisories/36791/ SA37069: http://secunia.com/advisories/37069/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 6 12:19:09 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 21:19:09 +0100 Subject: [SEC] [SA37301] Ubuntu update for libgd2 Message-ID: <200911062019.nA6KJ9jl012027@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Ubuntu update for libgd2 SECUNIA ADVISORY ID: SA37301 VERIFY ADVISORY: http://secunia.com/advisories/37301/ DESCRIPTION: Ubuntu has issued an update for libgd2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. For more information: SA37069 SOLUTION: Apply updated packages. -- Ubuntu 8.04 LTS -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.35.dfsg-3ubuntu2.1.diff.gz Size/MD5: 27319 45adf128acd808dabf385651895aa09e http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.35.dfsg-3ubuntu2.1.dsc Size/MD5: 1164 84af33aef5005c99f753b91d9a7320ab http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.35.dfsg.orig.tar.gz Size/MD5: 1338565 49d550f8e74802c1d890b97174366211 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.35.dfsg-3ubuntu2.1_amd64.deb Size/MD5: 219144 d36dea3db101fe2d441f2fe620571984 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.35.dfsg-3ubuntu2.1_amd64.deb Size/MD5: 323234 557dd7a585796404e5875dd3c33cb017 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.35.dfsg-3ubuntu2.1_amd64.deb Size/MD5: 221410 2f02000bf6d14063fb7a7f4c9dad50ef http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.35.dfsg-3ubuntu2.1_amd64.deb Size/MD5: 325608 e1ae6eeb633ccdde8761eba0a67770b2 http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.35.dfsg-3ubuntu2.1_amd64.deb Size/MD5: 19388 49c6db93a2b1f52e809a83e21db6b527 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.35.dfsg-3ubuntu2.1_i386.deb Size/MD5: 210258 a4ca408ab1ec958177f4ba7a5bcd5e7d http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.35.dfsg-3ubuntu2.1_i386.deb Size/MD5: 319256 6a3e993b8c7f12e58228c4291d2c3149 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.35.dfsg-3ubuntu2.1_i386.deb Size/MD5: 212532 78fa81129cc415e920a3ee0ef776e415 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.35.dfsg-3ubuntu2.1_i386.deb Size/MD5: 320800 4e67408e5d55cf425bbf0d21cad78dd5 http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.35.dfsg-3ubuntu2.1_i386.deb Size/MD5: 18516 4457cd2e18381a7b7269009da1fb5529 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.35.dfsg-3ubuntu2.1_lpia.deb Size/MD5: 210804 b021b96240efc9e6cfd1335b140bc13e http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm_2.0.35.dfsg-3ubuntu2.1_lpia.deb Size/MD5: 319102 5a67bdbb47ef8b56e2601e8cba84a459 http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.35.dfsg-3ubuntu2.1_lpia.deb Size/MD5: 213014 55fc97845073af3dbdd52be2c56f67d6 http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm_2.0.35.dfsg-3ubuntu2.1_lpia.deb Size/MD5: 320882 3633a3aef5f3be13d476fba61048f0bb http://ports.ubuntu.com/pool/universe/libg/libgd2/libgd-tools_2.0.35.dfsg-3ubuntu2.1_lpia.deb Size/MD5: 18486 e850d523d32fd5f2e1071e051ae038df powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.35.dfsg-3ubuntu2.1_powerpc.deb Size/MD5: 219994 79a26d5fb9b61711e50b500026a41124 http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm_2.0.35.dfsg-3ubuntu2.1_powerpc.deb Size/MD5: 326274 e57da4b175aa027c30ec7e54c2052c0c http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.35.dfsg-3ubuntu2.1_powerpc.deb Size/MD5: 222422 25e575dbc93ab0cc2752962c94997a29 http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm_2.0.35.dfsg-3ubuntu2.1_powerpc.deb Size/MD5: 328528 988ca39c65157c572d2f694ade3190e7 http://ports.ubuntu.com/pool/universe/libg/libgd2/libgd-tools_2.0.35.dfsg-3ubuntu2.1_powerpc.deb Size/MD5: 29048 539a28718a024af12d04928aa7778bd9 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.35.dfsg-3ubuntu2.1_sparc.deb Size/MD5: 211608 77263c03ab268f0425bc70f0284f5c72 http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm_2.0.35.dfsg-3ubuntu2.1_sparc.deb Size/MD5: 318440 89589e71997820728ba1cf8627078cf9 http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.35.dfsg-3ubuntu2.1_sparc.deb Size/MD5: 214044 96628507c274fdf974e744be7afecc60 http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm_2.0.35.dfsg-3ubuntu2.1_sparc.deb Size/MD5: 320356 dc1b6b6b52469fda8fac7b60fa2214f5 http://ports.ubuntu.com/pool/universe/libg/libgd2/libgd-tools_2.0.35.dfsg-3ubuntu2.1_sparc.deb Size/MD5: 18960 a1d103ca723f4d9402a50a5405536b0b -- Ubuntu 8.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.36~rc1~dfsg-3ubuntu1.8.10.1.diff.gz Size/MD5: 30244 9d64fc5360ba87d898032613292e961d http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.36~rc1~dfsg-3ubuntu1.8.10.1.dsc Size/MD5: 1695 1d2b7ad373e102d068a1711453d9f814 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.36~rc1~dfsg.orig.tar.gz Size/MD5: 761899 0f4d2fa45627af0e87fcb74f653b66dd amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_amd64.deb Size/MD5: 219946 7af0ca1ab929bd62db64214e526925f8 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_amd64.deb Size/MD5: 212962 6c4c588af279289240159afc716570b0 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_amd64.deb Size/MD5: 222240 9bbf4da1e70cab88ce6e965f4d0be05f http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_amd64.deb Size/MD5: 215382 cc9a6b114f7de96e61141e3029ec638d http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_amd64.deb Size/MD5: 19456 502552b6eda11dd0c080b01b37c34357 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_i386.deb Size/MD5: 211642 3ba494ce963f86b5f606dff7beaa690c http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_i386.deb Size/MD5: 208744 d880c620a27496bba02de3fe6fa6a8ca http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_i386.deb Size/MD5: 213802 ecb7303b0b23d3b3623c65f520bbb4ba http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_i386.deb Size/MD5: 210894 040af3732b9215d0b66f2f7d875a2bc6 http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_i386.deb Size/MD5: 17872 4c9f087a570c86bcc1b7653d782e3964 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_lpia.deb Size/MD5: 211954 e775cc54a3a24eab57184ba4cd80e9aa http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_lpia.deb Size/MD5: 209030 ce49cbe652495669f47a54b6e4e29795 http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_lpia.deb Size/MD5: 214092 6d0e18a51be52249139a9b9ca66bfbc7 http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_lpia.deb Size/MD5: 211218 5a804b00b6b3c915123cf05e12e14434 http://ports.ubuntu.com/pool/universe/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_lpia.deb Size/MD5: 17798 da21ca96e5abc06e9ae7ce6df48306e7 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_powerpc.deb Size/MD5: 220994 0fc96e78170cc201002082d8b790b398 http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_powerpc.deb Size/MD5: 216112 84090bd428afa9840f0c815808bc9944 http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_powerpc.deb Size/MD5: 223368 d88a20d286892ec6f067e06b3eb81e7a http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_powerpc.deb Size/MD5: 218320 c82eb96e8061fcc55f4d05836fd821cc http://ports.ubuntu.com/pool/universe/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_powerpc.deb Size/MD5: 27322 a1f8627970e51ee1edfd96b7d6bb5a52 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_sparc.deb Size/MD5: 211908 61bc8a1e4d9f5ac3336981ee5a297b3e http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_sparc.deb Size/MD5: 206664 9dc649281c574ddae6098dcba1bc2b4a http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_sparc.deb Size/MD5: 214364 43588afd1df97e39561f2b858e347dec http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_sparc.deb Size/MD5: 208834 cad75d76f33068bf0fefffb08d0c4319 http://ports.ubuntu.com/pool/universe/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3ubuntu1.8.10.1_sparc.deb Size/MD5: 18738 975c39c043c1627fab52a981fbdec336 -- Ubuntu 9.04 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.36~rc1~dfsg-3ubuntu1.9.04.1.diff.gz Size/MD5: 30247 9114e8b92ac867d48c84b40e5de119b5 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.36~rc1~dfsg-3ubuntu1.9.04.1.dsc Size/MD5: 1695 806082d3e955a27f5f725e6423567afb http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.36~rc1~dfsg.orig.tar.gz Size/MD5: 761899 0f4d2fa45627af0e87fcb74f653b66dd amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_amd64.deb Size/MD5: 219948 3ee02e54449d23e19f4bdad856db3e94 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_amd64.deb Size/MD5: 212918 c14ac0c6aaa4710840cab2027bc49eb6 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_amd64.deb Size/MD5: 222236 5bdf89e2f69274160b0c543461dd4447 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_amd64.deb Size/MD5: 215338 c7b162d896956ac9f97bc5ef5a4f19ce http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_amd64.deb Size/MD5: 19458 c6ff85b327aa9d9255cf6167e880919b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_i386.deb Size/MD5: 211648 c95bd0c9742fc59e1c7eafce79293970 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_i386.deb Size/MD5: 208700 fc3065061bd6dc7109ab0bcf70783108 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_i386.deb Size/MD5: 213824 05132639e083a74172b533558a31ba9c http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_i386.deb Size/MD5: 210848 6bb0c2ac1b44880f8946f2c88c9152f7 http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_i386.deb Size/MD5: 17854 020eb3d7e630c04f421011e01a3ab417 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_lpia.deb Size/MD5: 211938 88ddcd34f6c54f70e82eac5af941c59a http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_lpia.deb Size/MD5: 209024 742a54caabb80548765c7a411281c010 http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_lpia.deb Size/MD5: 214076 80b1e57b7ac85f0b678712dd924bf45e http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_lpia.deb Size/MD5: 211160 179c604147f0da8bc4bc9eb027a46e32 http://ports.ubuntu.com/pool/universe/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_lpia.deb Size/MD5: 17786 04f24c5d4d0010d42b91b63726cbff89 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_powerpc.deb Size/MD5: 220998 add2de0d80ba76d36451c7fd5e2c5ec6 http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_powerpc.deb Size/MD5: 216092 c1fdc00eba685bb143c14dfd383cb634 http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_powerpc.deb Size/MD5: 223358 08de60d5f7560471076770e03c1ff864 http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_powerpc.deb Size/MD5: 218276 8dbcb65ccb85507d9d9963134366bba9 http://ports.ubuntu.com/pool/universe/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_powerpc.deb Size/MD5: 27326 5428b1461321872221f14af0be9ca46b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_sparc.deb Size/MD5: 211904 aa0c223bc1a2a54a1cba6791344deabd http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_sparc.deb Size/MD5: 206600 4eb3f388e8ff46b37706f51c3c9dfc96 http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_sparc.deb Size/MD5: 214364 b2eb3db5b306d85af16d40c44431032f http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_sparc.deb Size/MD5: 208764 24566329bbb403d4d891e8d79e0046b1 http://ports.ubuntu.com/pool/universe/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3ubuntu1.9.04.1_sparc.deb Size/MD5: 18744 502a67b239cf0f7d8b61b69bfa70dc68 -- Ubuntu 9.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.36~rc1~dfsg-3ubuntu1.9.10.1.diff.gz Size/MD5: 30249 6c2f3c7c02d7f69d50ed5ffc7197b7de http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.36~rc1~dfsg-3ubuntu1.9.10.1.dsc Size/MD5: 1695 b05d9d806f7c09b300a03d58361fd100 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2_2.0.36~rc1~dfsg.orig.tar.gz Size/MD5: 761899 0f4d2fa45627af0e87fcb74f653b66dd amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_amd64.deb Size/MD5: 220902 55be622b462feb7219692bc6d0fc4016 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_amd64.deb Size/MD5: 213832 4669837f252534f290f3c7dc8aa9c223 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_amd64.deb Size/MD5: 223176 9e64773dbc9a4f6c0d3dcce2ef4be386 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_amd64.deb Size/MD5: 216308 8f47355cc8c818ad8c7f235a03fcc67b http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_amd64.deb Size/MD5: 19578 fa5acd3d4ed0d38c557ac3ae9956cccc i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_i386.deb Size/MD5: 211556 ca2bff218a8adc5983a969d872fb6b06 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_i386.deb Size/MD5: 208578 b384c376d002f0985b1d443ee5875231 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_i386.deb Size/MD5: 213810 5fe2e224224d3fe70135dc401f10e042 http://security.ubuntu.com/ubuntu/pool/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_i386.deb Size/MD5: 210680 5cb31f48ba665e97873240bca35d0df9 http://security.ubuntu.com/ubuntu/pool/universe/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_i386.deb Size/MD5: 17932 44522c5bbae0da3e1b6f12c969bd9780 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_lpia.deb Size/MD5: 211756 05ff9aa04779bd808d3d11de4c793c0f http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_lpia.deb Size/MD5: 208578 51ff00ac1ccf5ee7ddfd96bdbbd630a5 http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_lpia.deb Size/MD5: 213898 a32989d6a1d706ef2400655dba7692d2 http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_lpia.deb Size/MD5: 210686 78086d8025414976501cddfeb9495459 http://ports.ubuntu.com/pool/universe/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_lpia.deb Size/MD5: 17938 73e13e49bba851a6249df8c6454b6e3d powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_powerpc.deb Size/MD5: 222046 59e46ae219de5a321c4392aa05796e9f http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_powerpc.deb Size/MD5: 214998 0601765bd180d78e552cb64f83e70cca http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_powerpc.deb Size/MD5: 224372 25f3258333a51d80791f8bbe229b3e09 http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_powerpc.deb Size/MD5: 217170 53ed85c9a0a75892e19c41aee045d82d http://ports.ubuntu.com/pool/universe/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_powerpc.deb Size/MD5: 18728 1bb235f1e0f8891698dc336a1329b075 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_sparc.deb Size/MD5: 213288 9ede7ae62429404acc302982c1af74ed http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_sparc.deb Size/MD5: 207760 18ff396ddc2982df67ec2384c794bef2 http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_sparc.deb Size/MD5: 215770 8561766182b28b196f63b332d9ad57f5 http://ports.ubuntu.com/pool/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_sparc.deb Size/MD5: 209844 30e13659020c5d85a00e292c439777fd http://ports.ubuntu.com/pool/universe/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3ubuntu1.9.10.1_sparc.deb Size/MD5: 18724 015a4a171a3add4f468bd950741c77e5 ORIGINAL ADVISORY: USN-854-1: http://www.ubuntu.com/usn/USN-854-1 OTHER REFERENCES: SA37069: http://secunia.com/advisories/37069/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 6 12:52:14 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 21:52:14 +0100 Subject: [SEC] [SA37291] OpenSSL TLS Session Renegotiation Plaintext Injection Vulnerability Message-ID: <200911062052.nA6KqEWP031764@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: OpenSSL TLS Session Renegotiation Plaintext Injection Vulnerability SECUNIA ADVISORY ID: SA37291 VERIFY ADVISORY: http://secunia.com/advisories/37291/ DESCRIPTION: A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to an error in the TLS protocol while handling session re-negotiations. This can be exploited to insert arbitrary plaintext before data sent by a legitimate client in an existing TLS session via Man-in-the-Middle (MitM) attacks. Successful exploitation may allow e.g. sending an arbitrary HTTP request under an authenticated context if certificate-based authentication is used by the server. SOLUTION: Fixed in the CVS repository by disabling renegotiation support: http://cvs.openssl.org/chngview?cn=18790 PROVIDED AND/OR DISCOVERED BY: Independently discovered by Marsh Ray, PhoneFactor and Martin Rex. ORIGINAL ADVISORY: Martin Rex: http://www.ietf.org/mail-archive/web/tls/current/msg03928.html PhoneFactor: http://extendedsubset.com/?p=8 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 6 13:18:22 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 22:18:22 +0100 Subject: [SEC] [SA37279] Gentoo update for horde Message-ID: <200911062118.nA6LIMA6018973@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Gentoo update for horde SECUNIA ADVISORY ID: SA37279 VERIFY ADVISORY: http://secunia.com/advisories/37279/ DESCRIPTION: Gentoo has issued an update for horde. This fixes some vulnerabilities, which can be exploited by malicious people to conduct script insertion and cross-site scripting attacks and by malicious users to compromise a vulnerable system. For more information: SA36665 SOLUTION: Update to: * "www-apps/horde-3.3.5" or later * "www-apps/horde-webmail-1.2.4" or later * "www-apps/horde-groupware-1.2.4" or later ORIGINAL ADVISORY: GLSA 200911-01: http://www.gentoo.org/security/en/glsa/glsa-200911-01.xml OTHER REFERENCES: SA36665: http://secunia.com/advisories/36665/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 6 13:52:03 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 22:52:03 +0100 Subject: [SEC] [SA37256] Fedora update for alienarena Message-ID: <200911062152.nA6Lq34p006279@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Fedora update for alienarena SECUNIA ADVISORY ID: SA37256 VERIFY ADVISORY: http://secunia.com/advisories/37256/ DESCRIPTION: Fedora has issued an update for alienarena. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA37118 SOLUTION: Apply updated packages via the yum utility ("yum update alienarena"). ORIGINAL ADVISORY: FEDORA-2009-11066: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00219.html FEDORA-2009-11034: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00180.html OTHER REFERENCES: SA37118: http://secunia.com/advisories/37118/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 6 14:29:32 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 23:29:32 +0100 Subject: [SEC] [SA37259] Fedora update for alienarena-data Message-ID: <200911062229.nA6MTWNM026102@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Fedora update for alienarena-data SECUNIA ADVISORY ID: SA37259 VERIFY ADVISORY: http://secunia.com/advisories/37259/ DESCRIPTION: Fedora has issued an update for alienarena-data. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA37118 SOLUTION: Apply updated packages via the yum utility ("yum update alienarena-data"). ORIGINAL ADVISORY: FEDORA-2009-11066: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00218.html FEDORA-2009-11034: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00179.html OTHER REFERENCES: SA37118: http://secunia.com/advisories/37118/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 6 14:50:26 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Nov 2009 23:50:26 +0100 Subject: [SEC] [SA37270] Ubuntu update for libhtml-parser-perl Message-ID: <200911062250.nA6MoQUt013231@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Ubuntu update for libhtml-parser-perl SECUNIA ADVISORY ID: SA37270 VERIFY ADVISORY: http://secunia.com/advisories/37270/ DESCRIPTION: Ubuntu has issued an update for libhtml-parser-perl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA37155 SOLUTION: Apply updated packages. -- Ubuntu 6.06 LTS -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.48-1ubuntu0.1.diff.gz Size/MD5: 6020 5e20b1b31734934ef3675f25f200f83a http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.48-1ubuntu0.1.dsc Size/MD5: 872 1dcd5059889167cd0a763edf56a35e75 http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.48.orig.tar.gz Size/MD5: 82678 3fe8ca230ff8efc55327a12d94193a58 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.48-1ubuntu0.1_amd64.deb Size/MD5: 104822 675f04b3e4597bd5f37b3cc2f8be7624 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.48-1ubuntu0.1_i386.deb Size/MD5: 103604 3cac785448f5a50af09fdbac4eb9af89 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.48-1ubuntu0.1_powerpc.deb Size/MD5: 104868 01c337175212fb4c77100f9bee77ef0b sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.48-1ubuntu0.1_sparc.deb Size/MD5: 103780 0ea0484df5b8a99a0f1ccdccb7c7f879 -- Ubuntu 8.04 LTS -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu0.1.diff.gz Size/MD5: 6251 18a1208395cb520be2b81c1f1d8abfe2 http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu0.1.dsc Size/MD5: 971 0ed26b2e94f55ca531022775dcfd003b http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56.orig.tar.gz Size/MD5: 86040 bddc432e5ed9df4d4153a62234f04fc2 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu0.1_amd64.deb Size/MD5: 107586 85f881920a5c4153534b9898b0dc1e5b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu0.1_i386.deb Size/MD5: 106890 b3e7fa4c17c91de3cef44acefd4d9592 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu0.1_lpia.deb Size/MD5: 106904 ddd831359f423a853e4f03ddf8d19bae powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu0.1_powerpc.deb Size/MD5: 109816 70d33ab9837ea9359179d72df02d9c00 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu0.1_sparc.deb Size/MD5: 106112 720ef03704f474f7acc6b59376e69fef -- Ubuntu 8.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu2.1.diff.gz Size/MD5: 6447 656e10374000f1699aab812e628d09ca http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu2.1.dsc Size/MD5: 1406 f90b11908b2f746858be35833f59ec2f http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56.orig.tar.gz Size/MD5: 86040 bddc432e5ed9df4d4153a62234f04fc2 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu2.1_amd64.deb Size/MD5: 111068 6b8422e58a0952c0095b732e3a3ce932 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu2.1_i386.deb Size/MD5: 110390 119b245d5a985f4a9a4d6cca6a3db226 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu2.1_lpia.deb Size/MD5: 110234 7c0aac642ece40f1d074d9e5704fd8ec powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu2.1_powerpc.deb Size/MD5: 113094 a6d3551ab048bb2deddffbe3b6db84b7 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu2.1_sparc.deb Size/MD5: 109644 c09e75a35bd9ecdffe682dd1a7db3031 -- Ubuntu 9.04 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59-1ubuntu1.1.diff.gz Size/MD5: 7156 776e572797f750ad48a5fd337c2fa7d1 http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59-1ubuntu1.1.dsc Size/MD5: 1622 b722fe175e9ced66084ec4e836c77a69 http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59.orig.tar.gz Size/MD5: 87314 190950f442ff4a8e59e637714105a01b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59-1ubuntu1.1_amd64.deb Size/MD5: 112444 ec63107d297595f7b2e6ea994bd8530d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59-1ubuntu1.1_i386.deb Size/MD5: 111810 82ed44cd451170d87caa79a8018fbcf1 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59-1ubuntu1.1_lpia.deb Size/MD5: 111626 cede79a0ef0de1e1a39cb396d14c3829 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59-1ubuntu1.1_powerpc.deb Size/MD5: 114632 a29ae197e03d49948a8cfae4a00d8619 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59-1ubuntu1.1_sparc.deb Size/MD5: 111076 aa9a8dc65044b72d4eee576be5a34a0a -- Ubuntu 9.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61-1ubuntu0.1.diff.gz Size/MD5: 6905 721edd6408f7ae8359e177440030efe0 http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61-1ubuntu0.1.dsc Size/MD5: 1725 c93a277c8bba6fce57dd497d6c63c21a http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61.orig.tar.gz Size/MD5: 88269 098d9551721d29d55a0a4ad83a3ebef5 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61-1ubuntu0.1_amd64.deb Size/MD5: 112854 ec6767383c1aff96ed1b395794af5a8f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61-1ubuntu0.1_i386.deb Size/MD5: 112302 c020b828d39f2f1456df8c988aebd4fd lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61-1ubuntu0.1_lpia.deb Size/MD5: 112194 338bb4738ec2501286379642a0e7e740 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61-1ubuntu0.1_powerpc.deb Size/MD5: 113172 0d8e8bc85c07fd91b65e0792d6eec9a0 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61-1ubuntu0.1_sparc.deb Size/MD5: 111260 de6ee17857af6dbdfdd6a42a207e8714 ORIGINAL ADVISORY: USN-855-1: http://www.ubuntu.com/usn/USN-855-1 OTHER REFERENCES: SA37155: http://secunia.com/advisories/37155/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 6 15:15:30 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Nov 2009 00:15:30 +0100 Subject: [SEC] [SA37292] GnuTLS TLS Session Renegotiation Plaintext Injection Vulnerability Message-ID: <200911062315.nA6NFUtN000389@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: GnuTLS TLS Session Renegotiation Plaintext Injection Vulnerability SECUNIA ADVISORY ID: SA37292 VERIFY ADVISORY: http://secunia.com/advisories/37292/ DESCRIPTION: A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to an error in the TLS protocol while handling session renegotiations. This can be exploited to insert arbitrary plaintext before data sent by a legitimate client in an existing TLS session, via Man-in-the-Middle (MitM) attacks. This is related to: SA37291 SOLUTION: Do not rely on the integrity of incoming TLS data in environments allowing session renegotiation. PROVIDED AND/OR DISCOVERED BY: Independently discovered by Marsh Ray of PhoneFactor and Martin Rex. ORIGINAL ADVISORY: PhoneFactor: http://extendedsubset.com/?p=8 Martin Rex: http://www.ietf.org/mail-archive/web/tls/current/msg03928.html http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html OTHER REFERENCES: SA37291: http://secunia.com/advisories/37291/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 6 15:50:12 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Nov 2009 00:50:12 +0100 Subject: [SEC] [SA37238] Apple Mac OS X "ptrace()" Denial of Service Vulnerability Message-ID: <200911062350.nA6NoCD0020192@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Apple Mac OS X "ptrace()" Denial of Service Vulnerability SECUNIA ADVISORY ID: SA37238 VERIFY ADVISORY: http://secunia.com/advisories/37238/ DESCRIPTION: A vulnerability has been reported in Mac OS X, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to a race condition within the "ptrace()" implementation, which can be exploited to cause a kernel panic. The vulnerability is reported in version 10.5.6, 10.5.7, and 10.6.1. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Michael Turner ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0026.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 6 16:15:36 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Nov 2009 01:15:36 +0100 Subject: [SEC] [SA37271] Citrix NetScaler / Access Gateway Denial of Service Vulnerability Message-ID: <200911070015.nA70Faa3007390@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Citrix NetScaler / Access Gateway Denial of Service Vulnerability SECUNIA ADVISORY ID: SA37271 VERIFY ADVISORY: http://secunia.com/advisories/37271/ DESCRIPTION: A vulnerability has been reported in multiple Citrix products, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error in the "URL Transform", "Application Firewall", and "AGEE Clientless VPN" features and can be exploited to cause a DoS. The vulnerability is reported in firmware versions 9.0 prior to build 70.5 and firmware versions 9.1 prior to build 96.4 of the following products: * Citrix NetScaler * Citrix Access Gateway Enterprise Edition * Citrix NetScaler Application Firewall SOLUTION: Update to the latest firmware version. Citrix NetScaler and Citrix NetScaler Application Firewall: https://www.citrix.com/English/ss/downloads/results.asp?productID=21679 Citrix Access Gateway Enterprise Edition: https://www.citrix.com/English/ss/downloads/results.asp?productID=15005 PROVIDED AND/OR DISCOVERED BY: The vendor credits Rob Carter and Nathan McFeters of Ernst & Young's Advanced Security Center, and Neel Mehta of Google Security Team. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX123060 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 6 16:50:34 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Nov 2009 01:50:34 +0100 Subject: [SEC] [SA37273] Google Chrome Two Vulnerabilities Message-ID: <200911070050.nA70oYcj027158@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Google Chrome Two Vulnerabilities SECUNIA ADVISORY ID: SA37273 VERIFY ADVISORY: http://secunia.com/advisories/37273/ DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, which potentially can be exploited by malicious people to disclose sensitive information or compromise a user's system. 1) The browser fails to display a warning when a user downloads and opens e.g. SVG, MHT, or XML files. This can be exploited to potentially execute arbitrary JavaScript code in a local context and e.g. disclose the content of local files via a specially crafted web page. 2) An error in the Gears SQL API implementation can be exploited to put SQL metadata into a bad state and cause a memory corruption. Successful exploitation of this vulnerability may allow execution of arbitrary code, but requires that the user allows the interaction of a malicious website with the Gears plugin. The vulnerabilities are reported in versions prior to 3.0.195.32. SOLUTION: Update to version 3.0.195.32. PROVIDED AND/OR DISCOVERED BY: 1) Inferno 2) Reported by the vendor. ORIGINAL ADVISORY: Google: http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html Inferno: http://securethoughts.com/2009/11/using-blended-browser-threats-involving-chrome-to-steal-files-on-your-computer/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 6 17:16:32 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Nov 2009 02:16:32 +0100 Subject: [SEC] [SA37266] Debian update for linux-2.6 Message-ID: <200911070116.nA71GWl6014371@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Debian update for linux-2.6 SECUNIA ADVISORY ID: SA37266 VERIFY ADVISORY: http://secunia.com/advisories/37266/ DESCRIPTION: Debian has issued an update for linux-2.6. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service) and potentially gain escalated privileges. For more information: SA36617 SA37086 SA37233 SA36707 SOLUTION: Apply updated packages. -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-19lenny2.dsc Size/MD5 checksum: 5778 8ea6c47c6f227f855a41deea57d988d8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-19lenny2.diff.gz Size/MD5 checksum: 7651053 5cf749f9817436c544df97bc0217f125 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz Size/MD5 checksum: 61818969 85e039c2588d5bf3cb781d1c9218bbcb Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-19lenny2_all.deb Size/MD5 checksum: 106866 d25eeb65132ec68406d8fdf7ea340274 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-19lenny2_all.deb Size/MD5 checksum: 4627374 196ffe954d4e906638c7eb2bd22e310d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-19lenny2_all.deb Size/MD5 checksum: 2565284 0682418bd83f755a17a71435e535f91a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-19lenny2_all.deb Size/MD5 checksum: 48672074 5aa4d0110919b100a772509455b22757 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-19lenny2_all.deb Size/MD5 checksum: 1768032 cb95ea5101339c35d425ac1ba2f0ff02 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-19lenny2_all.deb Size/MD5 checksum: 122160 0d3dd77a86989aa6e6bdfbbf548d22a6 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-alpha_2.6.26-19lenny2_alpha.deb Size/MD5 checksum: 106376 891beea699175e77b6f4cdb1dbbd2377 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-generic_2.6.26-19lenny2_alpha.deb Size/MD5 checksum: 363880 278fefb639e7029af6d5017dedefb500 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-generic_2.6.26-19lenny2_alpha.deb Size/MD5 checksum: 28487296 beb21f0f222b507898406b051d161c25 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_alpha.deb Size/MD5 checksum: 106358 b4c10db49252b22e7019746743624712 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_alpha.deb Size/MD5 checksum: 741234 b08b288693ab9d0d3fa1e8141ba4f038 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-19lenny2_alpha.deb Size/MD5 checksum: 28471478 f412fb78f0dfac51f6e39a035538fe91 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-19lenny2_alpha.deb Size/MD5 checksum: 365312 9147bf190b4dce64fb4783b0c0aba8be http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-legacy_2.6.26-19lenny2_alpha.deb Size/MD5 checksum: 364408 66cd6736f72c0eedabbad596baac8888 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-19lenny2_alpha.deb Size/MD5 checksum: 29177668 abb9bcc21a5fcb0a7352a30fb7209ca1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_alpha.deb Size/MD5 checksum: 3543732 d84be29426f1d706617a6ad91d3b6109 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-19lenny2_amd64.deb Size/MD5 checksum: 389134 2ac60b6aaece8351c023cecbb4bd41ee http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_amd64.deb Size/MD5 checksum: 749556 c994eeb54dd967b5255448e80fa4911c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-amd64_2.6.26-19lenny2_amd64.deb Size/MD5 checksum: 389740 8b6b5b10fe023670ca8cf9326d46ccd0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-amd64_2.6.26-19lenny2_amd64.deb Size/MD5 checksum: 394262 8398b2d9ce752ffa39ac55b8f55fa1b7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_amd64.deb Size/MD5 checksum: 3719144 1fa20cc556fbfecdf0c2335a3c9edeee http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_amd64.deb Size/MD5 checksum: 106352 edb758613531f5c655c8451f1136b62a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-amd64_2.6.26-19lenny2_amd64.deb Size/MD5 checksum: 106378 dd749481c75a66f517551c6b21b3bbbb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-amd64_2.6.26-19lenny2_amd64.deb Size/MD5 checksum: 19274410 21621e01b880d1f222007e3101d255c6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-amd64_2.6.26-19lenny2_amd64.deb Size/MD5 checksum: 21053742 015990eedbce234dfa4facdf02f6ad60 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-19lenny2_amd64.deb Size/MD5 checksum: 3851500 355a9cc7757195196006160929313e78 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-amd64_2.6.26-19lenny2_amd64.deb Size/MD5 checksum: 20902812 3af1d1431ff5674b7aeaf41c784d3ba6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny2_amd64.deb Size/MD5 checksum: 3751848 f5289bf2c22a6112d13a9af6d4291226 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-amd64_2.6.26-19lenny2_amd64.deb Size/MD5 checksum: 1804900 8ea5afa2f5e29175e92975ef93144b9a http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-amd64_2.6.26-19lenny2_amd64.deb Size/MD5 checksum: 106334 2620974dbbc17bbab4aefe183584a6da http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-19lenny2_amd64.deb Size/MD5 checksum: 3774804 8fa1254acec879820c17dd8e2e4eee56 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-19lenny2_amd64.deb Size/MD5 checksum: 20886016 71a1f29b66ee30cf7a63b77cddc71ec7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-amd64_2.6.26-19lenny2_amd64.deb Size/MD5 checksum: 383280 0d0cad637c14a594b3ae424abf824608 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-19lenny2_armel.deb Size/MD5 checksum: 365550 f97d5bcae3c5c5957781e6507d730780 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-19lenny2_armel.deb Size/MD5 checksum: 12396344 04df2ffe832cba3ea1e299701069ca96 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-versatile_2.6.26-19lenny2_armel.deb Size/MD5 checksum: 335184 ff1387cae5afb9c7b2d8b20ab546293f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_armel.deb Size/MD5 checksum: 4136850 e7e7742e3ead70e194f540432bf93ba6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_armel.deb Size/MD5 checksum: 747792 89242eec0e6f453f37b228ddb49e4e26 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-19lenny2_armel.deb Size/MD5 checksum: 11680082 d9133e003cd603924930f1db870c6d46 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_armel.deb Size/MD5 checksum: 106354 fce271c39eaa874f6a570b9298a13836 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-versatile_2.6.26-19lenny2_armel.deb Size/MD5 checksum: 9575158 d8c6ec6842339c8d8391916c7b4a25c2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-19lenny2_armel.deb Size/MD5 checksum: 11371016 edc9b10b99e73302ef1853db546ed6bb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-19lenny2_armel.deb Size/MD5 checksum: 363118 ca61af313ac3687b042c82e4c56bd078 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-armel_2.6.26-19lenny2_armel.deb Size/MD5 checksum: 106390 d14317d669c70ea8458b0138105be3e0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-19lenny2_armel.deb Size/MD5 checksum: 360844 1c7437e1e4de9358f7975feae74501f0 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64_2.6.26-19lenny2_hppa.deb Size/MD5 checksum: 17070158 92d872205303ea622d1419d074b54737 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc_2.6.26-19lenny2_hppa.deb Size/MD5 checksum: 296434 df3ddd0a0dbfa712201ff031bfc109c0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc-smp_2.6.26-19lenny2_hppa.deb Size/MD5 checksum: 16323830 9998a4deead3033e07f28a1cd0816136 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64_2.6.26-19lenny2_hppa.deb Size/MD5 checksum: 297894 8cace7fc519c562d4b8657c75d230815 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_hppa.deb Size/MD5 checksum: 3594236 8d621635c43fb9540d4a68ef6d891a57 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_hppa.deb Size/MD5 checksum: 106356 f967499d62622f5f0833539c9eaf2359 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-hppa_2.6.26-19lenny2_hppa.deb Size/MD5 checksum: 106380 f518c1de9ce8dd272db1afa30e38999a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc_2.6.26-19lenny2_hppa.deb Size/MD5 checksum: 15731364 d50829b0556bc7fef6e8c505db959ee2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_hppa.deb Size/MD5 checksum: 759840 faab7849f3cef86fbebc037cbd00fd76 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64-smp_2.6.26-19lenny2_hppa.deb Size/MD5 checksum: 17614856 6311929870350217721f7f194b6ff585 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64-smp_2.6.26-19lenny2_hppa.deb Size/MD5 checksum: 299160 57fd97b01842bbe74e37f443e346d695 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc-smp_2.6.26-19lenny2_hppa.deb Size/MD5 checksum: 298110 631076db8957d15ab8b0161a60e31734 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-486_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 398182 6f93bf37534bcfb9162b9985b83ee38f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-686_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 20502134 d39255c90c67fddda4c3cb49ce6c93e1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 20235868 99b3ed110df3b6b2bb6b06feb9d30b72 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 106354 835280ec5ad990b0bcebb988953bd5d9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686-bigmem_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 20326344 9192cd01f84e7192159aefec2c4f8fb9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 20208578 c118b5d6fc4f5007728d1ab804624cd8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 398052 88be8c6ce0726c87f3127e1ea8b1a382 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-486_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 20175038 ee7bf2ce4d4557f9fdfb53790627ebac http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 3719206 0d8393bd6245aa3d23ef8938477d5f63 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686-bigmem_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 20353680 67f48fcd0835fd230e8583cf2676cf09 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686-bigmem_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 398494 bf4ef1c3e9f35ec4dc0bfaeda1ee5516 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 3851592 94a16944e91f5594a6fa02115b680434 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686-bigmem_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 400332 d734fb2f035f0a6a041d13f5a3d95c6c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 749582 26580da1f40ffeeb17146765bbe241f8 http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-686_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 106348 b76709d63441fcc3e285d2a6dc999890 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 20864938 cc5255ece9764242c63b522abfd8a517 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 399328 c929aa19b40e7eea5ea885148c645a17 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 3751908 3b936dbeaf13b730ab8dd56e5ab726f9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 387338 03fd54819fb7176a176eeb4c2ff0209c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-686_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 403790 efa7179643f2f709cace01bb3f4a5580 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 3774936 088f38a8e9c79bb4ddc67e200ebee754 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-686_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 1591850 93ad5d17c9e8ac22c3544c8a9ad9eabd http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-686_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 384698 5cc9137a10772a48628b0014e0dbbc15 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-i386_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 106404 04d07f928e22a2150a2bb9188c6f1257 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-686_2.6.26-19lenny2_i386.deb Size/MD5 checksum: 18035618 641b34424aad0e9291713bd9e2bf96e5 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-itanium_2.6.26-19lenny2_ia64.deb Size/MD5 checksum: 355640 2bce0c1faefc019460e3eebca333a5fc http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_ia64.deb Size/MD5 checksum: 3654768 d8fb31f9660b7c0ab42c77e89bf82f1f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-itanium_2.6.26-19lenny2_ia64.deb Size/MD5 checksum: 355064 cfb3eee78e3860b2e650716d5032bf5d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny2_ia64.deb Size/MD5 checksum: 3687386 2980814479dbd08d39bd9f92d3005838 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-mckinley_2.6.26-19lenny2_ia64.deb Size/MD5 checksum: 355046 62fc734ea7fe9bc4bef1f8d8b65cc027 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-mckinley_2.6.26-19lenny2_ia64.deb Size/MD5 checksum: 34349456 5cfb3ccf034f0ce13a5861507c4cb758 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-itanium_2.6.26-19lenny2_ia64.deb Size/MD5 checksum: 34103026 3cee486177d22e2fcd816b536d7ac3d3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_ia64.deb Size/MD5 checksum: 106350 6265837dd3c0105bcba9d40c5b6966f9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-mckinley_2.6.26-19lenny2_ia64.deb Size/MD5 checksum: 355698 27152c116ad66c7862f3890d36ac80ab http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-mckinley_2.6.26-19lenny2_ia64.deb Size/MD5 checksum: 34288678 1540b7be96fbb68e4cc01d858c5ef5a4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-ia64_2.6.26-19lenny2_ia64.deb Size/MD5 checksum: 106384 bfb7eeaec3d89587561c56afec1816e9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-itanium_2.6.26-19lenny2_ia64.deb Size/MD5 checksum: 34165098 7a4fbe457d07807a74e9950a47975d49 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_ia64.deb Size/MD5 checksum: 748220 03f583157c7eef60269042b9a5a6d0bc powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_powerpc.deb Size/MD5 checksum: 106358 5431bb9d2abe49fc1b186f44bf440cba http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_powerpc.deb Size/MD5 checksum: 756032 fb287119a4cf07ef9d6d633ad30f7236 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc64_2.6.26-19lenny2_powerpc.deb Size/MD5 checksum: 372504 9c0501a81bf32b1d0b8c939830d9789b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc_2.6.26-19lenny2_powerpc.deb Size/MD5 checksum: 23650232 ece0b68e6c9baa2e0f964d2bc7da21a2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_powerpc.deb Size/MD5 checksum: 3856256 5a6eb8c2fe7930456cf5f3a1c257fed1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc64_2.6.26-19lenny2_powerpc.deb Size/MD5 checksum: 23514630 0aa445df9e479dc6e266a97658c5c675 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc64_2.6.26-19lenny2_powerpc.deb Size/MD5 checksum: 23453120 7fdf0e57cb3324433e8f5d3e71c5cb7c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc-smp_2.6.26-19lenny2_powerpc.deb Size/MD5 checksum: 23619598 7eb565a76c6ab3318d32c134f7da26b0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc-smp_2.6.26-19lenny2_powerpc.deb Size/MD5 checksum: 366586 3e8f8e0d8d9dc83a3e009bbdcca04d21 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny2_powerpc.deb Size/MD5 checksum: 3890668 a75da89a00e2b5118869888ea03580ae http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc64_2.6.26-19lenny2_powerpc.deb Size/MD5 checksum: 373766 78d152d9edb14f5d179dde50a0131ea7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc_2.6.26-19lenny2_powerpc.deb Size/MD5 checksum: 366686 4b13a456e727a9259685b74132c5b730 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-powerpc_2.6.26-19lenny2_powerpc.deb Size/MD5 checksum: 106396 33f493756428189d3acc36bde21631ed http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc_2.6.26-19lenny2_powerpc.deb Size/MD5 checksum: 365950 4149c4f9e6f3e0dc0fbb639a2f962cf8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc_2.6.26-19lenny2_powerpc.deb Size/MD5 checksum: 23216978 b0034a3be5877f2edebf6ec71c70a83e ORIGINAL ADVISORY: DSA-1927-1: http://www.us.debian.org/security/2009/dsa-1927 OTHER REFERENCES: SA36617: http://secunia.com/advisories/36617/ SA37086: http://secunia.com/advisories/37086/ SA37233: http://secunia.com/advisories/37233/ SA36707: http://secunia.com/advisories/36707/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 6 17:50:05 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Nov 2009 02:50:05 +0100 Subject: [SEC] [SA36957] Debian update for xulrunner Message-ID: <200911070150.nA71o5jl001665@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Debian update for xulrunner SECUNIA ADVISORY ID: SA36957 VERIFY ADVISORY: http://secunia.com/advisories/36957/ DESCRIPTION: Debian has issued an update for xulrunner. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, manipulate certain data, or compromise a user's system. For more information: SA36649 SA36711 SOLUTION: Apply updated packages. -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.15-0lenny1.diff.gz Size/MD5 checksum: 116164 3d995b59ffe890d36117f3103f38b9b1 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.15-0lenny1.dsc Size/MD5 checksum: 1779 7e8392a8b59ef9064df564ee03c23b14 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.15.orig.tar.gz Size/MD5 checksum: 44085950 49aa2aee64997f9e802cf386d038d2d7 Architecture independent packages: http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.15-0lenny1_all.deb Size/MD5 checksum: 1464278 ea66718b41a4c282284d37672d0e7078 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_alpha.deb Size/MD5 checksum: 9494314 8cd7366b90d39c5c64064d1fb17c1022 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_alpha.deb Size/MD5 checksum: 938304 bf39af51a378ed039c545730664857aa http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_alpha.deb Size/MD5 checksum: 221588 1dd219c2812ca8d23fff415c9555d3db http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_alpha.deb Size/MD5 checksum: 432182 5d32bfa9665c32fb1738f416f739b3ae http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_alpha.deb Size/MD5 checksum: 3651374 14dd5f555695db43b94ceab3260c680d http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_alpha.deb Size/MD5 checksum: 51089582 fa7f8faad8460d1049e9fb8f6fd1f7bb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_alpha.deb Size/MD5 checksum: 163912 d488634f9d36f6d0afcc7b27ee6699a0 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_alpha.deb Size/MD5 checksum: 112022 9666fd74cd00bc0643993acc22d40c91 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_alpha.deb Size/MD5 checksum: 71980 602c6780c2328141871f5d94b8a163f4 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_amd64.deb Size/MD5 checksum: 69898 c0295f0b7e6957f236d769dc8bdfd2ca http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_amd64.deb Size/MD5 checksum: 890260 2d4cb08b3e886e06be04ec7e43a82b0f http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_amd64.deb Size/MD5 checksum: 151952 3e20640a2f4eb68a58731bba532aedb0 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_amd64.deb Size/MD5 checksum: 50327552 5779e5efb1f7b6612bf8a774a8e8cd6a http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_amd64.deb Size/MD5 checksum: 374218 86b4b4a30f5f30f4492fe11eca93dace http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_amd64.deb Size/MD5 checksum: 3287960 741031dbbba1f6c6e8fe045d71547905 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_amd64.deb Size/MD5 checksum: 222992 3e801bb57c442128512e599af5c9547e http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_amd64.deb Size/MD5 checksum: 7722556 cc9b8e7ac989143255cb6ad53ce84884 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_amd64.deb Size/MD5 checksum: 101512 396f03e0770dd73cf5820354a8b94a0f armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_armel.deb Size/MD5 checksum: 223358 a881797fcf62521c0ab538e72b33bb70 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_armel.deb Size/MD5 checksum: 84272 1602bc59310724ee0f20d8f5a0ac0a8c http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_armel.deb Size/MD5 checksum: 821892 79baa048d939ac77273ac50237c7bfe3 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_armel.deb Size/MD5 checksum: 69726 cd5970b1776e5777686ce9208c074e79 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_armel.deb Size/MD5 checksum: 6954730 a8a092eab78826ef9ed0e98e8d7251bb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_armel.deb Size/MD5 checksum: 141248 47668db41fd86750793bae3f59ff623e http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_armel.deb Size/MD5 checksum: 352870 99357abd251ccfe354b28ed441256eb4 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_armel.deb Size/MD5 checksum: 50116888 a19877e49d8d1037458d2531873181e0 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_armel.deb Size/MD5 checksum: 3579420 9091ebebb2d0b23a8f10300ff7340c16 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_hppa.deb Size/MD5 checksum: 105902 14573c4144b48dfcdeadca11dbf28fd1 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_hppa.deb Size/MD5 checksum: 412252 703d501036427f18e6ffc3841c0434e7 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_hppa.deb Size/MD5 checksum: 158830 9c6c95e2c55a59adaa4314022adaba97 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_hppa.deb Size/MD5 checksum: 9512434 b479cbca6e9244681e8acf58afba706e http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_hppa.deb Size/MD5 checksum: 51210900 7b5ae111a77a354adadb9a019892970b http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_hppa.deb Size/MD5 checksum: 3621952 4a3cef66aa1b240f42c4c4c4de41ca64 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_hppa.deb Size/MD5 checksum: 222858 1f6d47dc993cbc9a068517a06492beb9 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_hppa.deb Size/MD5 checksum: 898430 c63b30f2604b2a08d9fed108253b6b5b http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_hppa.deb Size/MD5 checksum: 71384 50c3026bc0d90b912e74c0892ac3cd8c i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_i386.deb Size/MD5 checksum: 851844 28f3d2c286d83a90df609b21699baf97 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_i386.deb Size/MD5 checksum: 79142 61aff31316b603d03921eb89b5df073b http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_i386.deb Size/MD5 checksum: 3565362 fd8674b08b704e5f0f9ef790da65b7f8 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_i386.deb Size/MD5 checksum: 141410 0182fcff2acf3987fa15128659fe7b38 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_i386.deb Size/MD5 checksum: 6602586 03aed73b528a0e36cef99361ae9da656 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_i386.deb Size/MD5 checksum: 49492306 82d2789b64cedcbf2406a09131032764 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_i386.deb Size/MD5 checksum: 223182 1872e9d86b45cb1b29f20c4d75467200 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_i386.deb Size/MD5 checksum: 350814 4e647513b860210f0c1bc1caef893e9f http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_i386.deb Size/MD5 checksum: 68094 f9e97cd83f976afa8959ea9f774f1994 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_ia64.deb Size/MD5 checksum: 223134 2ae79c69711959cb6cd75026882abd60 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_ia64.deb Size/MD5 checksum: 542104 a8b314bf8ad3c48e1ab4ed231b83a450 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_ia64.deb Size/MD5 checksum: 121518 18ec63c6f78623b2c744d9362d4b2be6 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_ia64.deb Size/MD5 checksum: 76492 22f1645790b9540cc1a3b795573b3e46 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_ia64.deb Size/MD5 checksum: 49667940 d01b4ee9da9f802eb24749992dd14be2 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_ia64.deb Size/MD5 checksum: 180184 b26234c2f0d54a61e771ee478828c628 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_ia64.deb Size/MD5 checksum: 11301676 95599d73eb33ae7e9613d92304b8d813 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_ia64.deb Size/MD5 checksum: 811176 33ceb8965e9db8d79020777ab55e1838 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_ia64.deb Size/MD5 checksum: 3397550 7eff41c031481161dfab1bc83cfa8450 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_mipsel.deb Size/MD5 checksum: 49965510 8997b286648f39786e86826b5045e69d http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_mipsel.deb Size/MD5 checksum: 223146 2bdf56823a2075c6bbd4fe3fc2e0646c http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_mipsel.deb Size/MD5 checksum: 7375092 29d842979cbc5ee6ad659cf13927788b http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_mipsel.deb Size/MD5 checksum: 96764 5fa81a5541ae261f0a72b91bb5bf6626 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_mipsel.deb Size/MD5 checksum: 144986 d3da343322c085f952511248e3a69345 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_mipsel.deb Size/MD5 checksum: 900210 b87e5f91341b390cb2f1603a1071aff7 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_mipsel.deb Size/MD5 checksum: 3308536 7c5f7065d8961c7fc0ca7fb974e6611c http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_mipsel.deb Size/MD5 checksum: 69836 ace8648bf416d4804db9644c487dcdf1 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_mipsel.deb Size/MD5 checksum: 378586 18fd2ced744197472973e2cae61d4d64 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_powerpc.deb Size/MD5 checksum: 362482 a0bf9d0ba7a4695378f7ea053cd9cc46 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_powerpc.deb Size/MD5 checksum: 3283604 b98767e9b18704a2482c731309eef892 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_powerpc.deb Size/MD5 checksum: 51378802 bed95771a8d00f88bedc12d480ed91f0 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_powerpc.deb Size/MD5 checksum: 94786 fb7b21596585931a6edda7e2bebae561 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_powerpc.deb Size/MD5 checksum: 152276 d83cf113d2600c6ca9e691dfd25a1466 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_powerpc.deb Size/MD5 checksum: 7275222 008f00164ecbc43c681f1743ba33c0e8 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_powerpc.deb Size/MD5 checksum: 72990 2982ec8818b1ae7b47241dcdb046c8e0 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_powerpc.deb Size/MD5 checksum: 887776 9853592dc50b738bd7b223fc78c030c3 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_powerpc.deb Size/MD5 checksum: 223140 96d915d392dbb2cdc3a09268d97a206f s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_s390.deb Size/MD5 checksum: 3306276 95d049eaa0c2b95b8f98f2295d984454 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_s390.deb Size/MD5 checksum: 406680 9efe79857bd5fc05bf567f4840109135 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_s390.deb Size/MD5 checksum: 223124 ee4ed0dc817d276cbe22bcb5ef6314af http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_s390.deb Size/MD5 checksum: 51172466 33aeec198869e5b92132775938f1dba6 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_s390.deb Size/MD5 checksum: 8387566 5cf074573a634121d0981d927bdf8dc5 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_s390.deb Size/MD5 checksum: 105540 ad95c071cf5d0f16301e004800626ab6 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_s390.deb Size/MD5 checksum: 156084 69c04262268e1b13ffac80f8827e5776 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_s390.deb Size/MD5 checksum: 909030 9d9a82bbaa3501f41dd810c3bf3e7b0b http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_s390.deb Size/MD5 checksum: 72868 738b9ff7dafce724b01f032e568d145d sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_sparc.deb Size/MD5 checksum: 143228 8017cc9ebd542b69b5a33328e4db72fd http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_sparc.deb Size/MD5 checksum: 69342 2a626affc178cb0bed8bd8dc0302308b http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_sparc.deb Size/MD5 checksum: 821126 3107a47d82efbaf745b0a7355df82271 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_sparc.deb Size/MD5 checksum: 223230 41277488a9fbf77e3864848e36ad1040 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_sparc.deb Size/MD5 checksum: 7174794 ff98cd42b01c1b6da7f443a8513ec516 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_sparc.deb Size/MD5 checksum: 350084 53b49c566cc58af0976b24382a144a16 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_sparc.deb Size/MD5 checksum: 88202 d8ed5ea8a627c996c8890521551e14b3 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_sparc.deb Size/MD5 checksum: 49353618 3919a69140cbf1cc726b9142a7f33f23 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_sparc.deb Size/MD5 checksum: 3577270 0709623512ba6d57f6a475f8382b20a2 ORIGINAL ADVISORY: DSA-1922-1: http://www.us.debian.org/security/2009/dsa-1922 OTHER REFERENCES: SA36649: http://secunia.com/advisories/36649/ SA36711: http://secunia.com/advisories/36711/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 6 18:15:24 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Nov 2009 03:15:24 +0100 Subject: [SEC] [SA37193] Debian update for expat Message-ID: <200911070215.nA72FOGR021321@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Debian update for expat SECUNIA ADVISORY ID: SA37193 VERIFY ADVISORY: http://secunia.com/advisories/37193/ DESCRIPTION: Debian has issued an update for expat. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #9 in: SA36159 SOLUTION: Apply updated packages. -- Debian GNU/Linux 4.0 alias etch -- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8.orig.tar.gz Size/MD5 checksum: 318349 aff487543845a82fe262e6e2922b4c8e http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1.diff.gz Size/MD5 checksum: 413057 b78006808401dff164db95fd8f2499f0 http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1.dsc Size/MD5 checksum: 711 0a87419bbdae53aeacaf08eef449f8b3 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_alpha.deb Size/MD5 checksum: 143212 7b134dfafbbc9bc66ccff9dc2eeff47f http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_alpha.deb Size/MD5 checksum: 69412 9d0a43d446692ef43add0360db26c256 http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_alpha.deb Size/MD5 checksum: 22316 999371a25e7d944716db206d1c4e10cc http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_alpha.udeb Size/MD5 checksum: 61192 521bb25d4e511f26f63a62c194acf6b0 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_amd64.deb Size/MD5 checksum: 133646 d6b90212e771f641c21cee38ae37bd08 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_amd64.udeb Size/MD5 checksum: 56488 494fe3d0c4ac2c85b8b9f2d6ff9803dc http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_amd64.deb Size/MD5 checksum: 21488 6125318bcc858833651fc29e003ada22 http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_amd64.deb Size/MD5 checksum: 64626 5704af163a7c90f06c83da1587c20b16 arm architecture (ARM) http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_arm.udeb Size/MD5 checksum: 49414 70ad1f420deebf55461455ec52ba9a2e http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_arm.deb Size/MD5 checksum: 125270 cdfc0a34dad99c9c85c8f11cdada5884 http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_arm.deb Size/MD5 checksum: 19760 cfa4b1b4005647b15b22730ede7b9a05 http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_arm.deb Size/MD5 checksum: 57582 52acb1f317a52ef9e4429381dce93ba7 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_hppa.udeb Size/MD5 checksum: 64780 f9c37fed892741dbd9c27a54e6f8c147 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_hppa.deb Size/MD5 checksum: 151792 a8add5beda89448ec1b1584a5f055216 http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_hppa.deb Size/MD5 checksum: 22646 6729356bed0d898b6660de36bb8a226b http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_hppa.deb Size/MD5 checksum: 72970 3b0d2aa031bc6fe388daa5ee8fcc6da6 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_i386.udeb Size/MD5 checksum: 54964 e2df0e10b8466ca1f5534145f432b4fe http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_i386.deb Size/MD5 checksum: 21034 6e8dbc3e542af0a3c9b6970014c7e5e4 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_i386.deb Size/MD5 checksum: 128180 ad28064754c7f1fb08035ad626647448 http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_i386.deb Size/MD5 checksum: 63076 0554efb1bbae1faa50d1c5c5a0038dfc ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_ia64.deb Size/MD5 checksum: 164942 71ba03af83170f1efb508073c3ace2bc http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_ia64.deb Size/MD5 checksum: 25042 f1ce83568dccc86afac7ca26501df87e http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_ia64.udeb Size/MD5 checksum: 87370 bc39d0e16d8f274834b97ff798620c2c http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_ia64.deb Size/MD5 checksum: 95842 16ea105cb9be4e8f34f477942e833d3d mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_mips.deb Size/MD5 checksum: 64688 a0490288615044b9e71d2287db1e3b55 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_mips.deb Size/MD5 checksum: 141886 91a4ed2068294c45ccfa98e17330b858 http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_mips.deb Size/MD5 checksum: 21556 e9805d4363f0380bbad732c0889e812f http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_mips.udeb Size/MD5 checksum: 56622 9fa9d8b88bf0936795aedfbad1a498ab mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_mipsel.deb Size/MD5 checksum: 21614 4038b82ec3347f53ad7435cd9dbdee5d http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_mipsel.udeb Size/MD5 checksum: 56206 be281b9712278314dde05df7dda3b9a1 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_mipsel.deb Size/MD5 checksum: 139468 48e8b40dc5101ff8255cec88b0c5a034 http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_mipsel.deb Size/MD5 checksum: 64316 e59d24b012bd3d57ec18a8184801a901 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_powerpc.deb Size/MD5 checksum: 67616 a4935eb9cf357861e6d22af5d81ca4de http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_powerpc.deb Size/MD5 checksum: 22912 6f1c43294a9bc041f2024bf86a5a242b http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_powerpc.deb Size/MD5 checksum: 148128 b7a3a1f85a29bee92889ca55a5d43552 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_powerpc.udeb Size/MD5 checksum: 59454 dbe0efc19ee40ebf818e848ea4de363b s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_s390.deb Size/MD5 checksum: 132490 c9cd7b6caa0c5a04e8f715132b0eb59b http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_s390.deb Size/MD5 checksum: 21388 5ee9487ec0ca34361d9b8cf5830c12f4 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_s390.udeb Size/MD5 checksum: 56752 1b352f981450c98f8c00bf4baa2078f9 http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_s390.deb Size/MD5 checksum: 64868 f9e54e5d2551451d31a763b13a2c364a sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_sparc.deb Size/MD5 checksum: 59802 37e1cad658801c5026fba0ca514ad957 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_sparc.deb Size/MD5 checksum: 128542 7229bcce28eba3eaecc264bfce901a53 http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_sparc.deb Size/MD5 checksum: 20364 6eff0d9ceb56cd2f8b2633fe54cbe5ab http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_sparc.udeb Size/MD5 checksum: 51888 cadd0f53bb0f10e3ba8571f515216231 -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1.orig.tar.gz Size/MD5 checksum: 446456 ee8b492592568805593f81f8cdf2a04c http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1.diff.gz Size/MD5 checksum: 133411 b5dc224140f8bcdfeab899c9a2aeaf4f http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1.dsc Size/MD5 checksum: 1446 4f069e17ff00f0b1fb810560bce5db05 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_alpha.deb Size/MD5 checksum: 24564 7f87bd7e3acb7fa2d22013721fdfa559 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_alpha.udeb Size/MD5 checksum: 62906 f95bc5aa62d8879afbd425c8fcf6b181 http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_alpha.deb Size/MD5 checksum: 135812 e4720cf53555b1011a9bb42253199cc2 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_alpha.deb Size/MD5 checksum: 221676 826650f73b4d4969d3464d02af036adf arm architecture (ARM) http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_arm.deb Size/MD5 checksum: 116376 536b22408ff81447bd9a984e4bc756e9 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_arm.deb Size/MD5 checksum: 203596 b46fc0f701c2dd02fbb70a6cae347f47 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_arm.udeb Size/MD5 checksum: 52710 d4913705e34f828e76b27019c10337a4 http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_arm.deb Size/MD5 checksum: 21998 c77c0e795b5af5d9538388ef8d1a25d8 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_armel.deb Size/MD5 checksum: 118426 cf02b38a12f7e8657f49bd8a7b0c2b6e http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_armel.deb Size/MD5 checksum: 22438 673a31f0e726110538bf5d6d53a3c282 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_armel.udeb Size/MD5 checksum: 54246 8b263ca48bedce9acdc9d0c4101bf8f9 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_armel.deb Size/MD5 checksum: 212288 b50fa35fc55675d8ed42b39b625fb61a hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_hppa.deb Size/MD5 checksum: 148612 b2e989c2d41537b7eded10ef12bdbbf5 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_hppa.deb Size/MD5 checksum: 263104 e0b07e6ec6a833717f2ebf6a0a0b9762 http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_hppa.deb Size/MD5 checksum: 24772 4ce5b792eb6762d8e8cd26df498f1f66 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_hppa.udeb Size/MD5 checksum: 69464 8810e4ff889f120e4f51dfba788c1118 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny1_i386.deb Size/MD5 checksum: 136372 910e7dc6c260cb7061b100738d8a1637 http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_i386.deb Size/MD5 checksum: 131890 5091b56525caf7de535b6d5ca76c8f8d http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny1_i386.deb Size/MD5 checksum: 166714 6371c41f37ac8c15f9c311d6466a263c http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_i386.deb Size/MD5 checksum: 23152 d1e24f461306e329e74b0314a549dad6 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_i386.deb Size/MD5 checksum: 210960 d45ab14f22aedda35b035e608cba7709 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_i386.udeb Size/MD5 checksum: 60860 73e491d5110ed35e4c005d244669e766 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_ia64.udeb Size/MD5 checksum: 98272 1cc10948dd1323607865151a0591adad http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_ia64.deb Size/MD5 checksum: 291648 b2f7fe1850cf5fe6050f96005da1748d http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_ia64.deb Size/MD5 checksum: 27380 2fd76be3636984916917998e81a4b9f3 http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_ia64.deb Size/MD5 checksum: 206108 397ec5dfd3f83c34fc39ff39ae8148fa mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_mips.udeb Size/MD5 checksum: 61228 ea9ee5d1bca8efc3f4c0f0d2e9bb3930 http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_mips.deb Size/MD5 checksum: 23738 38e25159f47889c901a3757af18f31c2 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_mips.deb Size/MD5 checksum: 234326 6b10c5a87366da9075eb433495ddc8e4 http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_mips.deb Size/MD5 checksum: 132730 9949f7271e2ad5755721403b36a9c154 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_mipsel.deb Size/MD5 checksum: 224082 c45b4b489d8fd0325929f892ea39004c http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_mipsel.deb Size/MD5 checksum: 23774 bf5132a28a20a53aeef6bf12f2aa36c9 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_mipsel.udeb Size/MD5 checksum: 60670 1c234db94cfc29fa5cb21e28cbeac6dc http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_mipsel.deb Size/MD5 checksum: 131658 06d1a814da4a66b807e3525a29f96e76 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_powerpc.deb Size/MD5 checksum: 26826 8a7cd66d04cbbd0c3247bcca5182c951 http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny1_powerpc.deb Size/MD5 checksum: 143872 a275b856d11ac3ce5189b65017e952e3 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_powerpc.udeb Size/MD5 checksum: 64980 dbbf31280a7a727516fca9179da29263 http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny1_powerpc.deb Size/MD5 checksum: 156368 7cca3cdd70382e3ed1d4d8d8217c4f45 http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_powerpc.deb Size/MD5 checksum: 140358 8bd7bec1ea5c601a475f2e36a98c18cd http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_powerpc.deb Size/MD5 checksum: 278806 830816c1e396fb4d69696e244d785c44 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_s390.deb Size/MD5 checksum: 24124 27b2ea41753a6576aaebe994f8833a60 http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_s390.deb Size/MD5 checksum: 220192 813bf8bf832f774b4c5f3120ea48911a http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_s390.udeb Size/MD5 checksum: 61928 af19fa9ec752837bfe87e398a466b7ea http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny1_s390.deb Size/MD5 checksum: 134458 b2af0c017b461dff94aeded9f70ded94 http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny1_s390.deb Size/MD5 checksum: 173038 0dd72e1ad7913c685a25a88d6565fe39 http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_s390.deb Size/MD5 checksum: 134430 389c55e7e57db27e58d9a350b2b3dec7 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_sparc.deb Size/MD5 checksum: 125766 7fe69d7a65dcd222370f136ec87c5cec http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_sparc.deb Size/MD5 checksum: 218412 e9dba766ea171c5ed3e47846f5f9d1ce http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny1_sparc.deb Size/MD5 checksum: 172190 16d5b9d3449e374ab39ce1109ae974d5 http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_sparc.deb Size/MD5 checksum: 23126 c01eb7581f2fcb7a90becd0c37cffe5b http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny1_sparc.deb Size/MD5 checksum: 133186 8c74fc1afc688092bee0516283d42537 http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_sparc.udeb Size/MD5 checksum: 57658 409dcc8cd16d56d57a70b7eb8797e052 ORIGINAL ADVISORY: DSA-1921-1: http://www.us.debian.org/security/2009/dsa-1921 OTHER REFERENCES: SA36159: http://secunia.com/advisories/36159/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 6 18:50:10 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Nov 2009 03:50:10 +0100 Subject: [SEC] [SA37195] Fedora update for xulrunner Message-ID: <200911070250.nA72o9CR008648@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Fedora update for xulrunner SECUNIA ADVISORY ID: SA37195 VERIFY ADVISORY: http://secunia.com/advisories/37195/ DESCRIPTION: Fedora has issued an update for xulrunner. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, manipulate certain data, or compromise a user's system. For more information: SA36649 SA36711 SOLUTION: Apply updated packages via the yum utility ("yum update xulrunner"). ORIGINAL ADVISORY: FEDORA-2009-10878: https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00849.html OTHER REFERENCES: SA36649: http://secunia.com/advisories/36649/ SA36711: http://secunia.com/advisories/36711/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 6 19:22:52 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Nov 2009 04:22:52 +0100 Subject: [SEC] [SA37176] Slackware update for xpdf Message-ID: <200911070322.nA73Mqpv028667@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Slackware update for xpdf SECUNIA ADVISORY ID: SA37176 VERIFY ADVISORY: http://secunia.com/advisories/37176/ DESCRIPTION: Slackware has issued an update for xpdf. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system. For more information: SA37053 SOLUTION: Apply updated packages. Updated package for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/xpdf-3.02pl4-i486-1_slack9.1.tgz Updated package for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/xpdf-3.02pl4-i486-1_slack10.0.tgz Updated package for Slackware 10.1: ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/xpdf-3.02pl4-i486-1_slack10.1.tgz Updated package for Slackware 10.2: ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/xpdf-3.02pl4-i486-1_slack10.2.tgz Updated package for Slackware 11.0: ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/xpdf-3.02pl4-i486-1_slack11.0.tgz Updated package for Slackware 12.0: ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/xpdf-3.02pl4-i486-1_slack12.0.tgz Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/xpdf-3.02pl4-i486-1_slack12.1.tgz Updated package for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/xpdf-3.02pl4-i486-1_slack12.2.tgz Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/xpdf-3.02pl4-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/xpdf-3.02pl4-x86_64-1_slack13.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/xpdf-3.02pl4-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/xpdf-3.02pl4-x86_64-1.txz ORIGINAL ADVISORY: SSA:2009-302-01: http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.585854 OTHER REFERENCES: SA37053: http://secunia.com/advisories/37053/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 9 09:19:14 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 9 Nov 2009 18:19:14 +0100 Subject: [SEC] [SA37296] Linux Kernel 2.4 Multiple Vulnerabilities Message-ID: <200911091719.nA9HJEQV011281@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Linux Kernel 2.4 Multiple Vulnerabilities SECUNIA ADVISORY ID: SA37296 VERIFY ADVISORY: http://secunia.com/advisories/37296/ DESCRIPTION: Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and gain escalated privileges, and by malicious people to cause a DoS. 1) A vulnerability is caused due to a memory leak when handling certain AppleTalk-IP datagrams. For more information: SA36707 2) NULL pointer dereference errors exist within certain r128 IOCTL handlers when the CCE state is not properly initialised. For more information: SA36707 3) A locking error exists within the "pipe_rdwr_open()", "pipe_write_open()", and "pipe_read_open()" functions in fs/pipe.c. For more information: SA37233 4) The "tcf_fill_node()" function in net/sched/cls_api.c does not properly clear the "tcm__pad2" structure member before returning it to userspace, which can be exploited to disclose kernel memory. For more information: SA37086 5) A deadlock within the "unix_stream_connect()" function in net/unix/af_unix.c can be exploited to cause a DoS by performing certain socket operations. For more information: SA37086 SOLUTION: Update to version 2.4.37.7. ORIGINAL ADVISORY: http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.7 OTHER REFERENCES: SA36707: http://secunia.com/advisories/36707/ SA37086: http://secunia.com/advisories/37086/ SA37233: http://secunia.com/advisories/37233/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 9 09:53:12 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 9 Nov 2009 18:53:12 +0100 Subject: [SEC] [SA37303] Sun Solaris mod_perl Two Vulnerabilities Message-ID: <200911091753.nA9HrC3G031705@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Sun Solaris mod_perl Two Vulnerabilities SECUNIA ADVISORY ID: SA37303 VERIFY ADVISORY: http://secunia.com/advisories/37303/ DESCRIPTION: Sun has acknowledged two vulnerabilities in Solaris, which can be exploited by malicious people to conduct cross-site scripting attacks or potentially cause a DoS (Denial of Service). For more information: SA24678 SA34597 The vulnerabilities are reported in Solaris 10 for both the SPARC and x86 platforms, running the Apache 2 web server. SOLUTION: Do not configure the PerlRun.pm and Status.pm mod_perl2(3) components in httpd.conf. See the vendor's advisory for more information. A final resolution is pending completion for Solaris 10. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-66-272230-1 OTHER REFERENCES: SA24678: http://secunia.com/advisories/24678/ SA34597: http://secunia.com/advisories/34597/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 9 10:18:27 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 9 Nov 2009 19:18:27 +0100 Subject: [SEC] [SA37294] Debian update for pidgin Message-ID: <200911091818.nA9IIRww019414@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Debian update for pidgin SECUNIA ADVISORY ID: SA37294 VERIFY ADVISORY: http://secunia.com/advisories/37294/ DESCRIPTION: Debian has issued an update for pidgin. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA37072 SOLUTION: Apply updated packages. -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz Size/MD5 checksum: 13123610 d0e0bd218fbc67df8b2eca2f21fcd427 http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5.diff.gz Size/MD5 checksum: 69490 bdf5958352a704f7585d3028cd5e1fec http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5.dsc Size/MD5 checksum: 1779 43de978c046520a4919f0d5a12a20726 Architecture independent packages: http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny5_all.deb Size/MD5 checksum: 158216 5ed3ffcd4e334fc0a111b4009ab833de http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny5_all.deb Size/MD5 checksum: 7009600 17672a402481c235f6a2b783b791e746 http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny5_all.deb Size/MD5 checksum: 193484 3d39086701ad91a11702a2a7c152c6cf http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny5_all.deb Size/MD5 checksum: 275870 2f98b47825be3bdd427c0431c62b39be http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny5_all.deb Size/MD5 checksum: 133752 0902b80babf5cc2ece1b7768c219535e alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_alpha.deb Size/MD5 checksum: 1803418 9ca1dbc9edbc3593f73e24f6585ae6c6 http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_alpha.deb Size/MD5 checksum: 369764 86fba3374b45f8c47f9a1dbd043858b6 http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_alpha.deb Size/MD5 checksum: 5546018 6b07e1aec08681d8d215fb1058380079 http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_alpha.deb Size/MD5 checksum: 779324 98b7af086407f89594598b0862b68129 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_amd64.deb Size/MD5 checksum: 5678040 dc9abd0e234ce486e977cf507a1a0748 http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_amd64.deb Size/MD5 checksum: 350246 9bd0d316c59474a803d860d36ffaa677 http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_amd64.deb Size/MD5 checksum: 1715330 03ce4eee9e2d9ca1065e7ec84d941e86 http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_amd64.deb Size/MD5 checksum: 729406 c277522dd8c8213fdc79906c37d6247b arm architecture (ARM) http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_arm.deb Size/MD5 checksum: 5348566 58df4a37d31b6506a456bd8dd86b3ef2 http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_arm.deb Size/MD5 checksum: 655256 c469023b397f017ebd0433ea85acee24 http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_arm.deb Size/MD5 checksum: 1490668 aa8d7c91e49530619312394071fc9fc9 http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_arm.deb Size/MD5 checksum: 315340 934e28a580a3f9596f04cb3a90a8013c hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_hppa.deb Size/MD5 checksum: 361310 7918ac74caafb3dda22a4266020e86c5 http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_hppa.deb Size/MD5 checksum: 5490030 a27a1c817f2895b036fb717f613d6f34 http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_hppa.deb Size/MD5 checksum: 753982 efda55e1cdadee65f026d96ab4503171 http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_hppa.deb Size/MD5 checksum: 1827992 64bb7e52aaf538c954039c2456f36d8f i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_i386.deb Size/MD5 checksum: 5374580 2961a636b7706cacd45fb36f3dea6bd4 http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_i386.deb Size/MD5 checksum: 326802 9025d6ea09b7f9a02c83749473aa229c http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_i386.deb Size/MD5 checksum: 681090 79a25b879aae2ac07db502e42618c88f http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_i386.deb Size/MD5 checksum: 1584434 d29f583b78f101d87ed2066385c40599 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_ia64.deb Size/MD5 checksum: 2194762 4f259a76294be6db4e2bed1a9273766e http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_ia64.deb Size/MD5 checksum: 948280 ab48fbb1d647eec48267a69c143a44f3 http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_ia64.deb Size/MD5 checksum: 434844 c6d12bbb68ff7e09e344407d54ce948f http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_ia64.deb Size/MD5 checksum: 5223762 d492670cd8231a7de5a5ab2825c0a48b mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_mips.deb Size/MD5 checksum: 1373342 ebc93647a9ec9747375431c4ba19ded6 http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_mips.deb Size/MD5 checksum: 654102 92429c957d304b156d3d28c5d25805aa http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_mips.deb Size/MD5 checksum: 318434 ac3e2c5ad70e495bdae41c658ef622dd http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_mips.deb Size/MD5 checksum: 5656198 7ca75b68fdfb8f8787e48e7427dc4530 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_mipsel.deb Size/MD5 checksum: 651076 7ce55a8603d33c35373dc4dfb1d14f56 http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_mipsel.deb Size/MD5 checksum: 1358570 58e263173578cb1f3a9875191e202e52 http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_mipsel.deb Size/MD5 checksum: 318378 9fbc28d9902e6a51f0f6b2d2de7e0395 http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_mipsel.deb Size/MD5 checksum: 5546160 a99d654f53d20fa2fab9066c8fa5a8f7 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_s390.deb Size/MD5 checksum: 717584 6badbed0aba6b9d0fbfa039bacd1af79 http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_s390.deb Size/MD5 checksum: 1646224 7df3d4471515c43083309ab7e1d3547d http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_s390.deb Size/MD5 checksum: 358972 29aca9346b345fe3a87f8b952668a7fc http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_s390.deb Size/MD5 checksum: 5568182 1e7762fc7d93585ba0e4cfd1c12ae4ff sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_sparc.deb Size/MD5 checksum: 683166 da381d9384ba652955ac8029edeec6bb http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_sparc.deb Size/MD5 checksum: 5140422 0eaada1c6c85b8287ce2df775b154ac1 http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_sparc.deb Size/MD5 checksum: 327798 87a0de96929927f64a66582f8eacd5e0 http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_sparc.deb Size/MD5 checksum: 1588172 647ca5e52e7bcb927430b7cceb798b1f ORIGINAL ADVISORY: DSA-1932-1: http://www.us.debian.org/security/2009/dsa-1932 OTHER REFERENCES: SA37072: http://secunia.com/advisories/37072/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 9 10:55:18 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 9 Nov 2009 19:55:18 +0100 Subject: [SEC] [SA37230] Debian update for linux-2.6 Message-ID: <200911091855.nA9ItIDU007516@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Debian update for linux-2.6 SECUNIA ADVISORY ID: SA37230 VERIFY ADVISORY: http://secunia.com/advisories/37230/ DESCRIPTION: Debian has issued an update for linux-2.6. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, and potentially gain escalated privileges. For more information: SA36438 SA36617 SA37086 SA37233 SOLUTION: Apply updated packages. -- Debian GNU/Linux 4.0 alias etch -- Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-26etch1.diff.gz Size/MD5 checksum: 5514957 b9cb3b1e1ba1196b9020e6d07d48b752 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-26etch1.dsc Size/MD5 checksum: 5673 4ba2595893287a7b82713ca182aad7be http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-26etch1_all.deb Size/MD5 checksum: 3721660 836e780dd306ee60318d8ac1c28087eb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-26etch1_all.deb Size/MD5 checksum: 41474520 7457b0e444adb6b31dbcda82768671cd http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-26etch1_all.deb Size/MD5 checksum: 1852976 ec11d9e2967a87b27fac807f80218d0e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-26etch1_all.deb Size/MD5 checksum: 58896 e7dc19b1c3f0a22c1764420642117fa8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-26etch1_all.deb Size/MD5 checksum: 3593482 146e26a9c17bfa1a0a1fa198afdf1c70 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-26etch1_all.deb Size/MD5 checksum: 1091166 7a089920e547412d07cf1ef44e47bbb1 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 58290 7a1661641c432bc5a1e442a71f0584ac http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 58254 223e25b49b1ce3fefe9934ecdda7cec4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 23374558 fc6fad80b66536f0c86fe4a4923057fa http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 266914 bd1cb44848eb7ed46418783e958046de http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 267502 b719376ff7b69b31e59f49010c249d17 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 23440762 aace7bef32f7f7f69e1aeed69d191c41 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 266308 228979a449e897802d4089909eef0326 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 2978226 214923bbb5171e2a3daa23ed31240118 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 267100 60048c2f207f0b00b1fab86639f3c276 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 23393346 1fcae90244756e9b1ed37b08a8e39b99 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 23752762 c6b5c665617a937c6caee0558daa8b2d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch1_alpha.deb Size/MD5 checksum: 3001856 cb672b346cd9b30717e4446ee2545fff amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 3339600 83ef8191115cf0c23599b2ad45da661c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 15279100 dba0ecedc142a8f29c08ff3cb35fc9e5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 3362362 7acf6afbec42d7e386e4e99f45e07849 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 16822140 04e89e226683aee6fc0f5e2d2751e258 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 277136 04ba98f1750e31f17a52caa0add3e419 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 3196356 37e16a42ebf900a63d15ec1c47bd2a2a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 15266172 647285195e9651e86fc78f47ca3e6aa3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 1687964 2556db55e5438dc01309d7d461f91ee3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 3173540 5e0fd0af39da8904a5fc459e00fe1592 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 276536 ac228fd76c2a64910f1194c39f5dd9a5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 274660 9817c928baacf675542085e0387cfedc http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 16868682 d99a5ffc0a0c88dee5f8c279e3f96f64 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 58278 4825706649861dcc9afd8438f961ec6e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 1656646 633e8373c64bb27bc283e87300ebe6cf http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 276056 60aec7d94ae1a1afa21cc68d5b7d3c53 http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 58254 8bb6069f2f74da9b2bb5603898dc22e3 http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 58240 51d240b42f43c2cb30c31f5c4bf2117c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_amd64.deb Size/MD5 checksum: 58254 31e336851095fea2499e594987acea4b hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-26etch1_hppa.deb Size/MD5 checksum: 10563254 4486c3660f904e4bd439c370b7f97c69 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-26etch1_hppa.deb Size/MD5 checksum: 11814740 f178d4aa3358d09a492436d29dbee5cb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-26etch1_hppa.deb Size/MD5 checksum: 202308 42a4b6b6b9c2f711d4c3b932353457fb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-26etch1_hppa.deb Size/MD5 checksum: 11404596 9bd75cb26f23cc0c012dbcc1458c547f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-26etch1_hppa.deb Size/MD5 checksum: 11005460 01d3a246f1ffe6f368fa6ca9f4548e97 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_hppa.deb Size/MD5 checksum: 3026810 ef214434dcb13fe3bdd684bf580a6b9b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-26etch1_hppa.deb Size/MD5 checksum: 203070 d50c921e10f3dd82ff85287acaf0b14f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-26etch1_hppa.deb Size/MD5 checksum: 201556 da0a211d54dcd3e34fa29514c9934f9d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-26etch1_hppa.deb Size/MD5 checksum: 58368 9917c0b22afe4c440ec64ff6d2a608e4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-26etch1_hppa.deb Size/MD5 checksum: 201912 163590408b3e663b5f8cfae14e3c89a5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_hppa.deb Size/MD5 checksum: 58338 58f6a43a14a89d67bb46c796e8bde247 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 290694 8a08177d6d4f46a20086b489ce4decf2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 280544 0ffbb9bc4aee76a067cebcec6f31f62e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 287894 831999c67686f31d2346b0fa6b4948aa http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 16543512 c0b9fdc137151b96ccb8198fab8b5f72 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 16931792 b73f3867a2efef757fcd111916116105 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 14401768 eb0e34a9dfc17344c471b158faeab021 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 58386 9ef707bff12f1cdb495a075c13325564 http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 58324 a00b5e3696278aa2d9c59f16267e3d06 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 16326580 3ad3c0068e6343b6e5f70f3c44fdb3d5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 289228 4fcd19b2eb92b4550dc4a7673acc4f62 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 16645286 1b2290466641e1d9ef3ecf942180fe79 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 3215828 0c99ba0dd4abce66cda2fe6c554ccc03 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 16517286 a729d0b07130c615d0d32d7b2ac46852 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 289284 183af751e23717e0ac5821f60959e5ad http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 14392520 cc51caf6cedda77521b7ee9065478392 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 288014 c4834561b492ff42175353c524e0cbd1 http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 58340 7c463341e612b3159e0032aaf62ab5e1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 16477446 5829e6f2dce15ae1f3f74ca4d4180847 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 291792 74558945d364674729b71b4d2598d1c8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 1304666 d9f7fb52fe8d29a9880ebc697eaae90f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 3239372 a7e8ba983a1e45176d33b86871e3940e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 3117812 36cc1af70a13016e79224a3f90981ac8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 1332688 a1c7f6d7435eaeb22c4e7097611602e5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 278926 cf2ec90e9c683c7c5904e76145b2b562 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 3231506 8e9ff0b708e2e616072f569f0682fa11 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 16604666 4d7eb157fa109072d21ec472bbbb46f1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 280110 d34163dab810a30572c7c1a29b9efdb6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_i386.deb Size/MD5 checksum: 58326 bd8f5323a48ba297f6f404a4f26fd864 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_ia64.deb Size/MD5 checksum: 58254 d64ce41c696ae0af6e65348111b0e1c2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-26etch1_ia64.deb Size/MD5 checksum: 58276 509dcd2833bd560ed6dccffc0a448593 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-26etch1_ia64.deb Size/MD5 checksum: 259696 9e187526ddd2342af180682ab502f302 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-26etch1_ia64.deb Size/MD5 checksum: 259718 b670f97d9bd044492111b7698ed228c3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-26etch1_ia64.deb Size/MD5 checksum: 28023040 9c2dbc349ec7702f781f978f27987da9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_ia64.deb Size/MD5 checksum: 3087206 3638b390791d5053b67b060e6a124866 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-26etch1_ia64.deb Size/MD5 checksum: 28194506 228765e996a15ef56fc2cb94e74abeeb powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 3462292 f3f1c68ba029943c6054421c1ba23059 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 261230 26a45e4c0a77f21af0e5a6ffb0dc2b63 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 58266 f717cc289546c2037e4ca18aa630ceb9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 3486460 4c5d5df532d84da56f78e47ce6262d60 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 262664 e499f6e0e4278f5d4263c9a952877624 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 263770 d12d5f3fce934b3db4dd29d5349d84a4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 15240084 96adc4183855af04aaeca7db1d37a27e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 17113852 9db05c81e32ef07f342eb54374c6ac6e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 16727566 dfbc08d63a91ba7bef73dfca238559f7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-prep_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 16506028 0f65a31aecb306f281348ad410174926 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 17068826 bc0941830a8d7369abaf876837a0c81e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc64_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 262882 d5d2a01011e0a9efea7a7b2c0cbacc41 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 18433752 23a6d8183e781a43469daf3cd7769fcb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 237826 90097f02a1ed0a29b81fe3bc64259696 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-powerpc_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 58312 6330638237601d3ea55b2a80d1c54540 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc64_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 18384182 18eabc40e998896c8f77243e84f99458 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-prep_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 254332 4ac0852bf3ba527f890f828ecd749284 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-26etch1_powerpc.deb Size/MD5 checksum: 262220 a5ee6d47da04555615ad2bab7f646b13 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-26etch1_s390.deb Size/MD5 checksum: 148246 96f1a25db3b6aa699af3ad7185a96bd2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-26etch1_s390.deb Size/MD5 checksum: 149402 44a4ec702fc2410f733aabe494c0f4e4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-26etch1_s390.deb Size/MD5 checksum: 148624 78919a54c4a93dbf395369a106c76b5b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-26etch1_s390.deb Size/MD5 checksum: 58276 133b1b15cca9cb34e07eae4f3ec4a3db http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-26etch1_s390.deb Size/MD5 checksum: 5410288 dd1b3737c133081f4b512c2a1ecb1cf6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-26etch1_s390.deb Size/MD5 checksum: 5626808 5b7dc2c64fac5988d6070a1cddeb19f3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-26etch1_s390.deb Size/MD5 checksum: 5672368 f31471a55f12bb17eade213d7672cb80 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch1_s390.deb Size/MD5 checksum: 2971470 e546925e4309b61b6b598de04b6a1e5a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-26etch1_s390.deb Size/MD5 checksum: 1445974 f80e8929c0406cbae86ba2bdf6c611e2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_s390.deb Size/MD5 checksum: 58256 3c413237e42a72c9b70f58cb65278ce9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_s390.deb Size/MD5 checksum: 2948300 f57e56f38edd5977cf95012c373f9519 ORIGINAL ADVISORY: DSA-1929-1: http://www.us.debian.org/security/2009/dsa-1929 OTHER REFERENCES: SA36438: http://secunia.com/advisories/36438/ SA36617: http://secunia.com/advisories/36617/ SA37086: http://secunia.com/advisories/37086/ SA37233: http://secunia.com/advisories/37233/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 9 11:18:35 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 9 Nov 2009 20:18:35 +0100 Subject: [SEC] [SA37260] Debian update for drupal6 Message-ID: <200911091918.nA9JIZdn027587@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Debian update for drupal6 SECUNIA ADVISORY ID: SA37260 VERIFY ADVISORY: http://secunia.com/advisories/37260/ DESCRIPTION: Debian has issued an update for drupal6. This fixes some vulnerabilities, which can be exploited by malicious users to disclose sensitive information and bypass certain security restrictions, and by malicious people to disclose sensitive information and conduct cross-site scripting attacks. For more information: SA35657 SA35681 SOLUTION: Apply updated packages. -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny3.dsc Size/MD5 checksum: 1130 489d56336053311b1ee24aaf17f41ffb http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny3.diff.gz Size/MD5 checksum: 24870 d70dfad8a6f211cb9dd62e071e5ddfd9 http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6.orig.tar.gz Size/MD5 checksum: 1071507 caaa55d1990b34dee48f5047ce98e2bb Architecture independent packages: http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny3_all.deb Size/MD5 checksum: 1088258 6162b6933d636065c6a07e6f6199c7df ORIGINAL ADVISORY: DSA-1930-1: http://www.us.debian.org/security/2009/dsa-1930 OTHER REFERENCES: SA35657: http://secunia.com/advisories/35657/ SA35681: http://secunia.com/advisories/35681/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 9 11:52:41 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 9 Nov 2009 20:52:41 +0100 Subject: [SEC] [SA37275] Debian update for nspr Message-ID: <200911091952.nA9Jqf09015603@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Debian update for nspr SECUNIA ADVISORY ID: SA37275 VERIFY ADVISORY: http://secunia.com/advisories/37275/ DESCRIPTION: Debian has issued an update for nspr. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA35914 SA36711 SOLUTION: Apply updated packages. -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/n/nspr/nspr_4.7.1.orig.tar.gz Size/MD5 checksum: 1258177 55c62ede0e510c6df9bfcc8ac9cffd0c http://security.debian.org/pool/updates/main/n/nspr/nspr_4.7.1-5.dsc Size/MD5 checksum: 1133 a0ba001408f4751f3c80f02334e188b1 http://security.debian.org/pool/updates/main/n/nspr/nspr_4.7.1-5.diff.gz Size/MD5 checksum: 28285 a3240caf8899d497312ae5f915dd353d alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_alpha.deb Size/MD5 checksum: 145524 a953d83466dc08e5c64f3fac93dcc8c6 http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_alpha.deb Size/MD5 checksum: 284688 29fdeff7a43ac466efd2ddec8497dcde http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_alpha.deb Size/MD5 checksum: 313328 60eff12d86eef930d01b16ca9bcee432 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_amd64.deb Size/MD5 checksum: 134452 e8362f7bfb9ad25178fc3b58c8888794 http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_amd64.deb Size/MD5 checksum: 290938 1bda17f94f3e960dcdad04772329ad14 http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_amd64.deb Size/MD5 checksum: 271976 fa0750a3a8762075901a8f06fbf21495 arm architecture (ARM) http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_arm.deb Size/MD5 checksum: 276952 6a072a062f7e9c2db1b43338a3955bdc http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_arm.deb Size/MD5 checksum: 119436 89f1a236d10d78229627fd762bc67a3e http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_arm.deb Size/MD5 checksum: 255602 9da2dc9c312cf7901f7aeb1f710e507f armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_armel.deb Size/MD5 checksum: 120734 b71745bf5877be82a349885592037d78 http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_armel.deb Size/MD5 checksum: 282114 cc3def69b457c54f2e13bd6c57090477 http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_armel.deb Size/MD5 checksum: 258072 62328078c188bc87f5039c2e5a9b5674 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_hppa.deb Size/MD5 checksum: 141442 eec30b4a587f8f93eda26b9376bb34e3 http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_hppa.deb Size/MD5 checksum: 285916 43fac9fb0eaa79036d9b302db5521781 http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_hppa.deb Size/MD5 checksum: 279668 db56b3a1adbdedc308936e6ef50f5260 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_i386.deb Size/MD5 checksum: 259796 f36c9a52738ee56aedd05e18461e0c1f http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_i386.deb Size/MD5 checksum: 124188 adff22c50d9a64ed8bf7b6e2c2edc992 http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_i386.deb Size/MD5 checksum: 281648 9896df215653b33de9ce1f8529c1daea ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_ia64.deb Size/MD5 checksum: 331678 5055f6bcbcbb72a48b9c15f21149fee9 http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_ia64.deb Size/MD5 checksum: 271188 3e12dcca1457d95601c2d4991e9981f9 http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_ia64.deb Size/MD5 checksum: 184152 3575ec187b5219f9c71c6eee5a5474a0 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_mips.deb Size/MD5 checksum: 296890 5f45b168d496b884c79bfb5c46462d5f http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_mips.deb Size/MD5 checksum: 279162 0b5e93aabae4bfc387c7093153abbec2 http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_mips.deb Size/MD5 checksum: 126054 5e484999ac3044b87656dd46115f63a1 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_mipsel.deb Size/MD5 checksum: 291178 fd5a7aded6225e30eedf987f44a16fea http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_mipsel.deb Size/MD5 checksum: 277004 a4f26928866934db999796be4012a7a2 http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_mipsel.deb Size/MD5 checksum: 125256 71836594904db6f154ac3eb89cbbfddb powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_powerpc.deb Size/MD5 checksum: 268738 5daed1f2d5921e736c7f15d6727b8959 http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_powerpc.deb Size/MD5 checksum: 139154 34b602d43792afbf7f2ccde07d0687bf http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_powerpc.deb Size/MD5 checksum: 292090 e6a310b883c7aa5b6f72bf0cc0683305 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_s390.deb Size/MD5 checksum: 275458 50b5bf15fe31a8d6668fe018d7062ad8 http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_s390.deb Size/MD5 checksum: 142530 b9a983def8be1e116f9736564e49162f http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_s390.deb Size/MD5 checksum: 295420 f3c3352862c2390f8c03724f77cf1158 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_sparc.deb Size/MD5 checksum: 119318 cc152c3f1a1f625bfcbc72ea92cdd953 http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_sparc.deb Size/MD5 checksum: 266168 55a3913c9d30a8b0c1639e999e4c3582 http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_sparc.deb Size/MD5 checksum: 253360 d8969537d73b20300591d3d956b5b301 ORIGINAL ADVISORY: DSA-1931-1: http://www.us.debian.org/security/2009/dsa-1931 OTHER REFERENCES: SA35914: http://secunia.com/advisories/35914/ SA36711: http://secunia.com/advisories/36711/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 10 09:11:43 2009 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 10 Nov 2009 18:11:43 +0100 Subject: [SEC] [SA37305] Red Hat update for java-1.6.0-sun Message-ID: <200911101711.nAAHBhEj015190@CRON-IX-2.intnet> ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales at secunia.com ---------------------------------------------------------------------- TITLE: Red Hat update for java-1.6.0-sun SECUNIA ADVISORY ID: SA37305 VERIFY ADVISORY: http://secunia.com/advisories/37305/ DESCRIPTION: Red Hat has issued an update for java-1.6.0-sun. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious people to potentially disclose sensitive information, bypass certain security restrictions, cause a DoS (Deni