openSUSE Security Announce
Threads by month
- ----- 2024 -----
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
August 2005
- 2 participants
- 8 discussions
Hi,
Some hours ago we released updated PHP4 and PHP5 packages to fix
both the second Pear::XML_RPC problem and the PCRE integer overflow
problem.
The PCRE overflow fix was to just use the already fixed system pcre
library.
Since the Apache2 server includes its own version of PCRE this caused
a missmatch during linktime, where php4 compiled against the system PCRE
library now used the Apache2 PCRE library, resulting in
Segmentation faults as soon as any kind of regular expression.
This results in the updated PHP packages for following products:
- SUSE Linux Enterprise Server 9
- SUSE Linux 9.0, 9.1, 9.2 and 9.3
The PHP updates for these products have been disabled on our update
servers and the previous PHP updates have been reactivated until
we find a working fix for this problem.
We apologize for the inconviences caused.
Sincerely, Marcus Meissner (SUSE Security Team)
1
0
SUSE Security Announcement: php4/php5 Pear::XML_RPC code injection and PCRE integer overflow problems (SUSE-SA:2005:049)
by Marcus Meissner 30 Aug '05
by Marcus Meissner 30 Aug '05
30 Aug '05
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: php4, php5
Announcement ID: SUSE-SA:2005:049
Date: Tue, 30 Aug 2005 15:00:00 +0000
Affected Products: 9.0, 9.1, 9.2, 9.3
SUSE Linux Enterprise Server 8, 9
Vulnerability Type: remote code execution
Severity (1-10): 8
SUSE Default Package: yes
Cross-References: CAN-2005-2498
CAN-2005-2491
Content of This Advisory:
1) Security Vulnerability Resolved:
Pear::XML_RPC code injection problem, pcre integer overflow
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
This update fixes the following security issues in the PHP scripting
language.
- Bugs in the PEAR::XML_RPC library allowed remote attackers to pass
arbitrary PHP code to the eval() function (CAN-2005-1921,
CAN-2005-2498).
The Pear::XML_RPC library is not used by default in SUSE Linux, but
might be used by third-party PHP applications.
- A integer overflow bug was found in the PCRE (perl compatible regular
expression) library which could be used by an attacker to potentially
execute code. (CAN-2005-2491)
2) Solution or Work-Around
Please install the updated packages.
3) Special Instructions and Notes
Make sure you restart the web server using PHP after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web.
x86 Platform:
SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-mod_php4-4.3.1…
f4e6d7578b6ae62a0b49989a3be4ef4b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-mod_php5-5.0.3…
79bb1fdc66068aba68a253d16a02f471
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mod_php4-servlet-4.3.1…
08708573a0dee6ea412f7afc0d472244
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-4.3.10-14.9.i586.…
ffc0d7f665be377b1c9450f16d8b0b35
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-devel-4.3.10-14.9…
44bbb9ec8f40b92030a591a718312ce1
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-exif-4.3.10-14.9.…
081168bede1cc4409c17fe71ea891f6e
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-fastcgi-4.3.10-14…
f6beca45181a6f92cba938b6b1009b39
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-pear-4.3.10-14.9.…
c35765443f99ee337e8df8b54414ef74
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-session-4.3.10-14…
9681a8e5dd6db224689d8e5dc6f07aff
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-sysvshm-4.3.10-14…
9f18c0bce655a1eda2fa9db9cb703e68
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-5.0.3-14.9.i586.r…
d39bb57b5df06dc64e3cc5cf484c030c
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-devel-5.0.3-14.9.…
514561227c94e8af808dfb9d47a8143a
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-exif-5.0.3-14.9.i…
a08670d24ea2af4e22425b9879804fa9
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-fastcgi-5.0.3-14.…
9c374d9ed218a85399d5a529f8f97417
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-pear-5.0.3-14.9.i…
4cba59009162137d5e4a79f0c355ec15
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-sysvmsg-5.0.3-14.…
a31dd5f81ebe25fc69b4a3a29321fed9
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-sysvshm-5.0.3-14.…
4b1cf3f9ccfc1f4a546f188768a54da2
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-32bit-9.3-7.4.x…
4cddafbceded22b220e48542f6371337
SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-mod_php4-4.3.8…
b5f30d4fcad5a1f8a3e5dfc9db519914
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mod_php4-servlet-4.3.8…
eed1a644b3908e719d81359b96ef4244
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-4.3.8-8.12.i586.r…
3a9fd735f7897fb97be921dee4afe850
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-devel-4.3.8-8.12.…
6145bf500d49378b1f7cd5441612ad92
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-exif-4.3.8-8.12.i…
38c72905c9c47a6ab680faa781927020
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-fastcgi-4.3.8-8.1…
8483c7ce1b73710f03120fb7cf009740
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-pear-4.3.8-8.12.i…
202af06b5ee93fd667a7484d01c3089b
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-session-4.3.8-8.1…
498f23a90eab4da6a06de67e44a84014
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-sysvshm-4.3.8-8.1…
254f0ee5ac6d04f244a8cfd171fdff57
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-32bit-9.2-20050…
528b00aeb3433f5829cd070a84cfeeb9
SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-mod_php4-4.3.4…
214e4ef40cb48c998342995cac9d04b8
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mod_php4-core-4.3.4-43…
f2d4e625ea55fa7ead3a754238ca7078
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mod_php4-servlet-4.3.4…
fabfae99a0462b49ec5f1109cd6820a9
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-4.3.4-43.41.i586.…
ca1aaef816f44495a90d4fb487a26524
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-devel-4.3.4-43.41…
66fe3a880315e1de5d408a5dcaca3680
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-exif-4.3.4-43.41.…
c21383cbc809a455c7eff45b8f533f52
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-fastcgi-4.3.4-43.…
21363ed91ae437ca66a97ba597c2529c
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-imap-4.3.4-43.41.…
ebdd8e83894392f455f57f8bf96022ea
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-mysql-4.3.4-43.41…
f6bf0f02c69fe67d2b229000bb5c93de
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-pear-4.3.4-43.41.…
a2b8fbb9a6f9720e332d311096280aa8
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-recode-4.3.4-43.4…
7a82acc19b8817a5b80e87bacfab33c7
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-servlet-4.3.4-43.…
654aa331a6353a34937d6688f8cb6d36
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-session-4.3.4-43.…
fd388995234e536a8d72983f3eb51ce1
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-sysvshm-4.3.4-43.…
d47c5fee9862e92daa317f48f3337b28
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-wddx-4.3.4-43.41.…
29bd1f214d830de2f70c093ad428452b
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/php4-4.3.4-43.41.src.rpm
dd586cc978292519a290d27439a9da28
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-mod_php4-4.3.3…
72dc636b72a3e8b8703eb3d6b770ca61
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-4.3.3-194.i58…
a0934b5d7f27d2d86a9587dd5981e550
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-aolserver-4.3…
8a9553c2157af21753305fc013bd4b75
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-core-4.3.3-19…
9dce9a4f911cd1deed07096d5c5be00a
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-devel-4.3.3-1…
5fab53be54518170d3885459ee51232f
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-servlet-4.3.3…
fd0e4d8d4a938711bc2a93c50a5a1be9
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mod_php4-4.3.3-194.src.…
f9f22aee983bbb30e2a10b4343155587
x86-64 Platform:
SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-mod_php4-4.3…
a3566598438cadf224fd5b1a126a6024
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-mod_php5-5.0…
c6186821c83c329729f282fb8ca34be8
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mod_php4-servlet-4.3…
ac65da1e1109543f424e6abb1fa99201
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-4.3.10-14.9.x86…
70c628abfaef3a4749c4683a9fa6de25
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-devel-4.3.10-14…
3dde57064fcec2d5fbb5eb8397174f43
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-exif-4.3.10-14.…
be6b952045156e8e39286cf31567f8c2
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-fastcgi-4.3.10-…
afcaf39f5dd99859f789e68d8183895d
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-pear-4.3.10-14.…
62d056349b1fffe351fb0d88c3d69905
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-session-4.3.10-…
1352247dee304526e024d8c4132fc04c
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-sysvshm-4.3.10-…
0b76af3f88a4482fc59b3e7ddba60ebd
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-5.0.3-14.9.x86_…
915b53c32abeff07e509c7480946ba40
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-devel-5.0.3-14.…
99df6f9e22a93b0ae6a07689d04af43e
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-exif-5.0.3-14.9…
e0cdc636f1234231653f0cdc354272be
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-fastcgi-5.0.3-1…
6c25772c43098d4ceeba2637a06b21a0
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-pear-5.0.3-14.9…
2621bf4f9a6582135e10e60861c16c73
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-sysvmsg-5.0.3-1…
7a008af048763a61e05b5d90c94cdaa7
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-sysvshm-5.0.3-1…
408072d7b235721984593b2daf4cc56f
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/php4-4.3.10-14.9.src.rpm
2becfb1be4d621a677305153b6aeb04e
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/php5-5.0.3-14.9.src.rpm
2ec1cf29732840e136d7291677a58c46
SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/apache2-mod_php4-4.3…
b138dceb7fbc705676fc37c1959a7265
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mod_php4-servlet-4.3…
d8b17ce13cc0ffd38ab340d1374c27e9
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-4.3.8-8.12.x86_…
89572dce1437f77010f224dde5f77b84
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-devel-4.3.8-8.1…
af4ef7e10f30648c8d6397b3453eade5
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-exif-4.3.8-8.12…
138673e37f145774abb545ff17b2d873
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-fastcgi-4.3.8-8…
0af41c67a8a227f2e59d47530b79aef4
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-pear-4.3.8-8.12…
a267c09190f6782bd408f3b9d451755f
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-session-4.3.8-8…
400df3b11703fba3c363cb6cfd90425f
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-sysvshm-4.3.8-8…
a0b37ffe882338dd6ed727fd657f7180
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/php4-4.3.8-8.12.src.rpm
b987cb8e60e74cac76b83a6b85092a13
SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-mod_php4-4…
1088ec323766692fdf30252386dd17d5
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mod_php4-core-4.3.…
b32bec6f686d83cdff538c661c9bd693
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mod_php4-servlet-4…
6a4a2ee9725a7cbeda50f0bf3c30e1b0
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-4.3.4-43.41.x…
eaace43d9273a5fbf79fa47af64cb764
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-devel-4.3.4-4…
23ea7c1d4f9d4088201a39106062a169
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-exif-4.3.4-43…
dd0df0fc61f5331bb7fa8d2fff929cff
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-fastcgi-4.3.4…
e14efdeda23c06aac65e55db83555328
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-imap-4.3.4-43…
1a81b3b1c7b6562c330e5fd8afb33489
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-mysql-4.3.4-4…
4e5afde23ba37c5c83bcd2f4ea23e5a4
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-pear-4.3.4-43…
3ec4a646f4254293af2423b1690e68c3
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-recode-4.3.4-…
70de23feb7e561f4f9225d82dd51ff6f
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-servlet-4.3.4…
de543ba0db1f755f16afa77a1ad6ad06
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-session-4.3.4…
973fcbda433eb8187b426ec93e8fefb2
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-sysvshm-4.3.4…
42c4cc25a00aa42b83aad8be9cbcc265
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-wddx-4.3.4-43…
5941a332be13d1a602d6bb2e48c7b188
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/php4-4.3.4-43.41.src.…
2e021c18d66c00989a1fe019cb241064
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-mod_php4-4…
c83318085caf523c2a4afcf7e707aaf4
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-4.3.3-194…
f10309b963b542c0dedb3533c139bc9a
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-aolserver…
19c7918452fdaee52677f3a7adad2863
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-core-4.3.…
deebef74b38aca7af032deec065a8f5e
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-devel-4.3…
9979f459d175849bd4eda540a8044c3a
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-servlet-4…
f15b60a9766e6d9fd405a854e71e9809
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mod_php4-4.3.3-194.sr…
5bb5ca24643ef02c1e9b645a2656670c
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBQxRuSHey5gA9JdPZAQKaUAgAkQsKdm2Mzo8/4re3JrzG6LiXhw79oRFR
0H/ZIenkXfjVN3CEBffGDJhJkGA1GrizInVw+ZAS2myAPB8LzPhBaI1QGNlFYUo7
GQtunZK7hgY8Az0VrleF1ZK5B1p8hr+DuP3KgK6QMVfAm8sptOgFoOJRP3OjLydD
RAJoSHCrAgCzWxW4XS0GeJcTKYaq8RVlW1QVD9AJYblT2G/96QhKusCCagR78Gy0
kqlrStMF7ZmQP1u+KnLCSk+y0VT86UVSWxJkXuN9J93zTkkcSnY6p0bVvKmKroXA
PPmlsiZL71PtP65f74hAYF7xaiELfaOCU257i4UGtZbNhbhibnFgHg==
=mpni
-----END PGP SIGNATURE-----
1
0
30 Aug '05
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: pcre
Announcement ID: SUSE-SA:2005:048
Date: Tue, 30 Aug 2005 15:00:00 +0000
Affected Products: 9.0, 9.1, 9.2, 9.3
SUSE Linux Desktop 1.0
SUSE Linux Enterprise Server 8, 9
Novell Linux Desktop 9
Vulnerability Type: remote code execution
Severity (1-10): 6
SUSE Default Package: yes
Cross-References: CAN-2005-2491
Content of This Advisory:
1) Security Vulnerability Resolved:
pcre integer overflow security problem
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
none
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
A vulnerability was found in the PCRE regular expression handling
library which allows an attacker to crash or overflow a buffer in the
program by specifying a special regular expression.
Since this library is used in a large number of packages, including
apache2, php4, exim, postfix and similar, a remote attack could be
possible.
This is tracked by the Mitre CVE ID CAN-2005-2491.
2) Solution or Work-Around
Install the updated packages.
3) Special Instructions and Notes
Please make sure you restart services linked against the pcre library (apache, exim, postfix).
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web.
x86 Platform:
SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/pcre-5.0-3.2.i586.rpm
ccc4711c80659d57a7d06754d577a33c
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/pcre-devel-5.0-3.2.i58…
18ad1553287682ad09b2412dd038c5c5
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/pcre-32bit-9.3-7.1.x…
0246d39b1aa7bbfa8872a4f841d2842f
SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/pcre-4.5-2.2.i586.rpm
d1c4af6faceecbbc028c5c5b32cd46bd
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/pcre-devel-4.5-2.2.i58…
276ecc193b12cf20e5ac1e2be2e9484c
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/pcre-32bit-9.2-20050…
107c8c3ac5218348e89cc5d6a235f34d
SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/pcre-4.4-109.4.i586.rpm
0330a3dd845c33bd460851e13abdcb01
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/pcre-devel-4.4-109.4.i…
ca1722d18e465cce1e6be5fc69a97586
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/pcre-32bit-9.1-20050…
2933451df49a408b53d9d2628fd74d38
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/pcre-4.4-109.4.src.rpm
131e5f816d7f9e6e8536416e574a2e07
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/pcre-4.4-112.i586.rpm
7f6492b3fdd2e9cf9ff104c7ef366fd2
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/pcre-devel-4.4-112.i58…
c1e36f246764869a672f3e69c879a976
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/i586/pcre-32bit-9.0-5.i58…
7e4d12f5af0bc2a68d21a8d72ccb1d37
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/pcre-4.4-112.src.rpm
367ad88cdd0c0ec060992312e96a9997
x86-64 Platform:
SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/pcre-5.0-3.2.x86_64.…
36c7d2b3713c27c79292a7637443a285
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/pcre-devel-5.0-3.2.x…
db8e83e2867c3d2f713a43705b655ffe
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/pcre-5.0-3.2.src.rpm
b4d17fa6f1f4359196b04495a7d6fb19
SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/pcre-4.5-2.2.x86_64.…
dcaeeb4225fb820c85927dd2104c9f9f
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/pcre-devel-4.5-2.2.x…
bcbcb9ec334e1a8896ca29b3c10a5a72
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/pcre-4.5-2.2.src.rpm
096c4732ffd1c34e424ee62b86fcb741
SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/pcre-4.4-109.4.x86…
167f6794525cdb24cc6d0fe16c7d3baf
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/pcre-devel-4.4-109…
a1a105c4c60d7c2e0745d6d81b24afef
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/pcre-4.4-109.4.src.rpm
4186754b93b1e2856d2dbb83be5fb6f5
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/pcre-4.4-112.x86_6…
0884bc87e09d1607e80d98ab7c898549
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/pcre-devel-4.4-112…
a336cf08fe6b8e4818480304bd63cfb6
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/pcre-4.4-112.src.rpm
308b513ff579695f0292b881d7022f8f
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
none
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBQxRlVney5gA9JdPZAQLSFwf/bpkUKjAiT9TRNB8xtewGSZzWMWLVe4+6
4/hPFiS7qF0cyIglecHzYjik8qttTjx30jPH5ontPEDtOH/OcGyGusx89HEOn4MC
geeGWrMTvNuHADWiBXW9cFk5z06Mte1HflFsA6lQZaNvqF5Z1aAJdjboDx7A5237
36qEaLZsPka1gpiX3+vdnkifqAwaSKji1z2RiAjcvo+C4TGFWk2JnAqNfp9h3SKf
LBn99vGtRqNVPrQZSkO+Bdc4VWhWHHHA5CJseURz9XeTtP1gClVCqyyu3U4GlGwe
cXVGJL+i2DUm6VLGQCpd1qV13j0UltYTHYOnHdwG/J12EkrwaOeYYQ==
=6FSt
-----END PGP SIGNATURE-----
1
0
SUSE Security Announcement: Adobe Reader Plugin buffer overflow (SUSE-SA:2005:047)
by Marcus Meissner 22 Aug '05
by Marcus Meissner 22 Aug '05
22 Aug '05
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: acroread
Announcement ID: SUSE-SA:2005:047
Date: Mon, 22 Aug 2005 12:00:00 +0000
Affected Products: 9.0, 9.1, 9.2, 9.3
SUSE Linux Enterprise Server 9
Novell Linux Desktop 9
Open Enterprise Server 9
Vulnerability Type: remote code execution
Severity (1-10): 8
SUSE Default Package: yes
Cross-References: CAN-2005-2470
Content of This Advisory:
1) Security Vulnerability Resolved:
acroread plugin buffer overflow
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
A buffer overflow was found in the core application plug-in for the
Adobe Reader, that allows attackers to cause a denial of service
(crash) and possibly execute arbitrary code via unknown vectors.
This is tracked by the Mitre CVE ID CAN-2005-2470.
Note that for SUSE Linux Enterprise Server 8 and SUSE Linux Desktop 1
Acrobat Reader support was already discontinued by an earlier
announcement.
2) Solution or Work-Around
Please install the updated packages.
3) Special Instructions and Notes
None.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web.
x86 Platform:
SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/acroread-7.0.1-2.1.i58…
041ea531a0d59e0dcda6a2fd71e7b587
SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/acroread-7.0.1-2.1.i58…
23ab8bb3f469537e40c31235401148dd
SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/acroread-7.0.1-2.2.i58…
36a78aeffaff031e5cb737a984bbbdc0
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/acroread-7.0.1-2.2.src.…
6a939e3eecb9a72061e403728f721b1c
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/acroread-7.0.1-3.i586.…
90a04bd5960b4650aee25717a9d4909a
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/acroread-7.0.1-3.src.rpm
341cdb2a7473b8f58aea1f9d37a742b0
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBQwm27Hey5gA9JdPZAQI1Lwf/fGq0ub6qW4v+s46UrxBav2OFlVzXGjFt
EoSMxOsBk6+z3HsBNZjuYh3jgrCKoP3CChyj3IVNuu+YxAJypwmIyDNYPntEFWNT
O9HbBXBsBtxJ3HbZZYVIjTIo/dOXdUDHytqqqjf4b2O8i6qQrgVXg/z3tnknnUYj
SGKK87SPOSpkZlpXDZMtDw88zmEQ95IreqTcaN4F7n44hSRUFrjv6N5PwzKcIcBy
+4fq5dNHZGnFh3OLcWEsMoenRXwshbcEU239sFRHjo89QiMfPijtk/Vb/Rc8gfx9
7QhJxpawOFp7jIJXPIz5jAn16GZ+HZ7cZ7ILjdkq3d7o+D+nrJKwSg==
=TJil
-----END PGP SIGNATURE-----
1
0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2005:019
Date: Fri, 19 Aug 2005 13:00:00 +0000
Cross-References: CAN-2005-2102
CAN-2005-2103
CAN-2005-1852
CAN-2004-0519
CAN-2005-2471
CAN-2005-1527
CAN-2005-2301
CAN-2005-2302
CAN-2005-2097
CAN-2005-2215
CAN-2005-1888
CAN-2005-2360
CAN-2005-2361
CAN-2005-2362
CAN-2005-2363
CAN-2005-2364
CAN-2005-2365
CAN-2005-2366
CAN-2005-2367
Content of this advisory:
1) Solved Security Vulnerabilities:
- SUSE Linux 8.2 discontinued.
- pstopnm use of ghostscript without -dSAFER
- gaim various security problems
- kopete gadu denial of service attack
- squirrelmail various cross site scripting issues
- awstats remote code execution
- powerdns denial of service attack
- gpdf denial of service attack
- kpdf denial of service attack
- mediawiki cross site scripting problem
- wipe left around backup copies
- ethereal various security issues
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
- acroread plugin buffer overflow
- various kernel security issues
- evolution format string problems
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for minor
issues, SUSE Security releases weekly summary reports for the low profile
vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums
or download URLs like the SUSE Security Announcements that are released for
more severe vulnerabilities.
Fixed packages for the following incidents are already available on our FTP
server and via the YaST Online Update.
- SUSE Linux 8.2 discontinued
As previously announced we have discontinued support of SUSE Linux 8.2
on the 31rd of July.
Begin of next week we will now move away the directories for the
YaST Online Update to free disk space on the mirrors.
The YOU patches and fixed RPMs will remain on:
ftp://ftp.suse.com/pub/suse/discontinued/i386/8.2/
- pstopnm use of ghostscript without -dSAFER
pstopnm in netpbm does not properly use the "-dSAFER" option when
calling Ghostscript to convert convert a Postscript file into a (1)
PBM, (2) PGM, or (3) PNM file, which allows external user-complicit
attackers to execute arbitrary commands.
This is tracked by the Mitre CVE ID CAN-2005-2471.
This problem affects all SUSE Linux based products.
- gaim various security problems
Various memory corruption bugs within the GNOME instant messenger
client gaim have been fixed:
- An AIM/ICQ malformed filename crash. Mitre CVE ID: CAN-2005-2102 -
- An AIM/ICQ away-message buffer overflow. Mitre CVE ID: CAN-2005-2103
For the SUSE Linux 9.3 and 9.2 distributions a memory alignment
bug within libgadu has been fixed too, tracked by the Mitre CVE
ID CAN-2005-1852.
All SUSE Linux versions including gaim are affected.
- kopete gadu denial of service attack
The KDE instant messenging program 'kopete' was affected by a
problem within the "gadu" protocol handling. A specially crafted
'gadu' message could crash the program.
This is tracked by the Mitre CVE ID CAN-2005-1852. Only SUSE Linux
9.3 contained the vulnerable code, no other versions were affected.
- squirrelmail various cross site scripting issues
The web mailer squirrelmail had several more cross site scripting
problems which were fixed upstream. This patch integrates them into
our packages.
This is tracked by the Mitre CVE ID CAN-2004-0519.
This issue affects SUSE Linux Professional 9.0 up to 9.3.
- awstats remote code execution
The web statistics program 'awstats' contains an invalid usage
of the eval() function within the awstats perl script. This
vulnerability can be used by remote attackers to execute arbitrary
code.
This issue is tracked by the Mitre CVE ID CAN-2005-1527 and affects
SUSE Linux 9.0 up to 9.3.
- powerdns denial of service attack
The PowerDNS nameserver was updated to fix the following security
issues:
- The LDAP backend could fail and not respond anymore.
This is tracked by the Mitre CVE ID CAN-2005-2301.
- Recursive Queries of unauthorized clients could temporarily block
queries of authorized clients.
This is tracked by the Mitre CVE ID CAN-2005-2302.
Only SUSE Linux 9.3 contains the pdns package and is affected.
- gpdf and kpdf denial of service attack
Broken as well as specially crafted PDF files can cause the GNOME
PDF viewer gpdf and the KDE PDF viewer PDF to create large files
in /tmp until the filesystem runs out of space.
This is tracked by the Mitre CVE ID CAN-2005-2097.
Only gpdf and kpdf in SUSE Linux 9.3 are affected by this problem.
- MediaWiki cross site scripting problem
Several cross site scripting (XSS) bugs were found and fixed in
MediaWiki.
- in the page move template, tracked by the Mitre CVE ID
CAN-2005-2215.
- with HTML attributes In page templates, tracked by the Mitre CVE
ID CAN-2005-1888.
Only SUSE Linux 9.3 includes MediaWiki and is affected by this
problem.
- wipe left around backup copies
Due to bad path handling the secure file deletion tool 'wipe' in
some cases leaves around a copy of the original file.
This problem affects SUSE Linux 9.1 up to 9.3.
- ethereal various security issues
This update upgrades ethereal to version 0.10.12 which has all
known security bugs fixed. Bugs fixed are tracked by the Mitre CVE
IDs CAN-2005-2360, CAN-2005-2361, CAN-2005-2362, CAN-2005-2363,
CAN-2005-2364, CAN-2005-2365, CAN-2005-2366, and CAN-2005-2367.
A detailed list of bugs fixed can be found at:
http://ethereal.com/appnotes/enpa-sa-00020.html
All SUSE Linux versions were affected by this problem.
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
- acroread plugin buffer overflow
A buffer overflow was reported in the Acrobat Reader plugin, allowing
remote attackers to potentially execute code as the viewing user.
This is tracked by the Mitre CVE ID CAN-2005-2470, we are
currently testing updates.
- various kernel security issues
We are currently preparing a security kernel update for
the 2.6 lines of kernels fixing currently known issues.
We expect it to be released end of next week.
- evolution format string problems
Format string problems were reported in the evolution mail client.
We are preparing updates for this issue.
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and integrity of a
package needs to be verified to ensure that it has not been tampered with.
The internal RPM package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on RPMv4-based
distributions) and the gpg key ring of 'root' during installation. You can
also find it on the first installation CD and included at the end of this
announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ)
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBQwXq8Xey5gA9JdPZAQKw8wf/diJKq2F/OF8jobHIIhGOJSHJ9UpOJQ0o
S1iiZaZ5uRYV7TtFA++DXzTSVn68hA7OE2TV89oz9S7dMUzf1i8xb8fhOGla8cAa
Y6te2qe/cfY/PiyRl6H9n6O3RJrf8WBhiSJ6GNUOPdt6mPOSHpfQNfoYNuyKvyPw
nS76BWPc42i2CxO7vGS/ITf62L6Mz1sgvYsrqZg4LxHzMXfdtVkddbiFV/HmcZz1
NUlUEK/m3Tz0dcNjU+IRSO2DkKb2N9EvOY3k3r1s4HRW1DecrSRxv+TPJjGt7nuS
zqBaqGgoSkH+QQHZNSE5D9vnXNQU/0w9QZVgwVkZf2SlpCpsN9IaRQ==
=3+tK
-----END PGP SIGNATURE-----
1
0
SUSE Security Announcement: apache, apache2 request smuggling problem (SUSE-SA:2005:046)
by Marcus Meissner 16 Aug '05
by Marcus Meissner 16 Aug '05
16 Aug '05
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: apache,apache2
Announcement ID: SUSE-SA:2005:046
Date: Tue, 16 Aug 2005 07:00:00 +0000
Affected Products: 8.2, 9.0, 9.1, 9.2, 9.3
SUSE Linux Enterprise Server 8, 9
Vulnerability Type: authentication bypass
Severity (1-10): 6
SUSE Default Package: no
Cross-References: CAN-2005-2088
CAN-2005-1268
Content of This Advisory:
1) Security Vulnerability Resolved:
apache and apache2 request smuggling
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
A security flaw was found in the Apache and Apache2 web servers which
allows remote attacker to "smuggle" requests past filters by providing
handcrafted header entries.
Fixed Apache 2 server packages were released on July 26th,
fixed Apache 1 server packages were released on August 15th.
This issue is tracked by the Mitre CVE ID CAN-2005-2088.
The Apache2 packages additionally fix a single byte overflow in the SSL
CRL handling functionality, tracked by the Mitre CVE ID CAN-2005-1268.
The Apache1 packages additionally fix a harmless local buffer overflow
in htpasswd.
2) Solution or Work-Around
None, please install the updated packages.
3) Special Instructions and Notes
Please restart the Apache web server after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web.
x86 Platform:
SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-2.0.53-9.2.i58…
f139e14297b5e62c297bdeeb91a72cfb
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-prefork-2.0.53…
f3b91a27ce46603221423ce450f64b91
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-worker-2.0.53-…
8085487fab1bd301013e4f4268cd5515
SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-2.0.50-7.4.i58…
3bcb58b4cfb08896be787bb62328197c
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-prefork-2.0.50…
1e520e3c81f6b7ec84bb4127f9c0ec52
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-worker-2.0.50-…
ff8b691c1d44e33ef43f46f0bd2e9016
SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-2.0.49-27.29.i…
5bc20e44e197e7b9af2d26984c511950
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-devel-2.0.49-2…
ec6a62ab160adebecbf5800fb0bde028
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-doc-2.0.49-27.…
dfee5fdccd1fba307a0e580d08920114
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-example-pages-…
6ba6fde3121ce95efed896b55b3616b4
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-prefork-2.0.49…
825ff943742470dcf2deb459094dfc77
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-worker-2.0.49-…
cab6bc047c236ca9c19445103bf2b08a
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libapr0-2.0.49-27.29.i…
df114a68dc94134f1f78266c8a9b4162
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/apache2-2.0.49-27.29.sr…
64a3415d384bae98734bfb029a0bfd74
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache-1.3.28-79.i586.…
3ea2571ee8b8f7533cfa19254ce76000
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-2.0.48-152.i58…
e79c7b6cd99c86101dbae77d66a355b7
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-devel-2.0.48-1…
59f010b8e181975da80ea656104f7a1e
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-doc-2.0.48-152…
65969fcd4b69912398b0ac133995dd6c
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-example-pages-…
39efd1a9f7bf2693021642ef5d5f8fba
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-leader-2.0.48-…
1fe7b5b73f73a747d1290bc495432a50
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-metuxmpm-2.0.4…
da0a791f90e62f5ab3f49a52b7ad037b
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-prefork-2.0.48…
0fdf9b7ab16b03354ee17b305b6e46a5
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-worker-2.0.48-…
d1a4d5a06d9ca6b64ee6c7d0fe2ef434
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/libapr0-2.0.48-152.i58…
8d2f2b1d0e058fd51fa211adb997815c
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_ssl-2.8.15-79.i586…
241b06b75109f29623e48355a22e5cc5
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/apache-1.3.28-79.src.rpm
34ce607ad6ce1cd5ce400540ff0fc5c8
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/apache2-2.0.48-152.src.…
5b4e779401060cdef792aec5a83e298d
SUSE Linux 8.2:
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-2.0.48-152.i58…
3a3ce9aaf22ef266e4465dd845540103
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-devel-2.0.48-1…
891f721003c52433a230d88b6a674740
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-doc-2.0.48-152…
9c91e87e0c4305a006c041ab56c5bb4a
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-example-pages-…
a95d8a3e01285ab512e67ff99544e738
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-leader-2.0.48-…
830692c995bf913b308ef992b122d8d3
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-prefork-2.0.48…
c9f022344948a3af810e0f706003b605
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-worker-2.0.48-…
6c23c596575d6dc4e4c5ed8484b96bc5
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/libapr0-2.0.48-152.i58…
0a9dcbdfcbf4b862b8b2da9970032ad3
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/apache2-2.0.48-152.src.…
8ed1800dc6ae23fdde92aeaab8467277
x86-64 Platform:
SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-2.0.53-9.2.x…
b0191eba7fbb1bc9f9c154b48f19f41e
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-prefork-2.0.…
feec5b490afdbd30249923ccf791e5e1
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-worker-2.0.5…
418f4b6310bb98177b477a8c2af0fd3e
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/apache2-2.0.53-9.2.src.…
51cd4351f98f32df47c5d15beeeb055c
SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/apache2-2.0.50-7.4.x…
2a5421e418e43d552a4782d3bc9a2486
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/apache2-prefork-2.0.…
1617072b6ebfe834251e8e6084acf71b
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/apache2-worker-2.0.5…
a0ee7a530aefc0c902b45ffc5f140758
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/apache2-2.0.50-7.4.src.…
038265691d3d304c63301d1900d9c8f5
SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-2.0.49-27.…
8d5268bb9772648aea84ab6c96f729e5
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-devel-2.0.…
cd24e073b85c1ad2ae0f4f9ac7f03833
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-doc-2.0.49…
aa96fe4043dadd434bfdbbcbda5b9e3c
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-example-pa…
fdef881a458ce47c4ab3852bc03b03c3
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-prefork-2.…
4949d1b12846fc5ba998ba828f1d3aa2
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-worker-2.0…
db46554809bdcdb0d680f950a37d1a67
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libapr0-2.0.49-27.…
cd742baacc51deb46e77abf44ee7852b
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/apache2-2.0.49-27.29.…
2bf68594e45e71944ae666b9d05f042d
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache-1.3.28-79.x…
383bb73f15037bdf193b43e8356c24e2
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-2.0.48-152…
5a91de1118c01e36103bed561afaf461
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-devel-2.0.…
0fe7ab322847c94c8346f259ab666973
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-doc-2.0.48…
e02b174d4b8312c9370d04e531c6cb6f
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-example-pa…
5cbf2baf68a56df0e95149a209dcc5bb
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-leader-2.0…
0512d0806364982cb77e300807f0c2ab
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-metuxmpm-2…
66e024c176e86ae70f9cce5f68bbbb6e
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-prefork-2.…
42046fedac25e435a87048895ba892a3
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-worker-2.0…
2cf1c65663e16108cb25300e171a195b
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/libapr0-2.0.48-152…
87b741b0402f03064de4619dff361086
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_ssl-2.8.15-79.…
09458018034cfffbc419d816c5dd31ce
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/apache-1.3.28-79.src.…
ae182ca0cb6e47559f250feca8c67e2e
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/apache2-2.0.48-152.sr…
e87c50cda40a5c9097bab2e20c1098d6
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBQwGmnXey5gA9JdPZAQLHqQf/bSN3E38pqLmDl8IOVTHhNMd0WlmB/Plt
Dzwi3xpL7poZmZkkFMjQWQv5w8rM+D46wZWzS280T8al8sQFu3K96f29lJVaNBgu
mLd/RnxVZjq9D365mMYIW+fImOCNzp+DLo55yVw6uD9Rayw4TyIgtyvZmvrtDOqH
UA+mqbHiR3zds3r0P7oLXh69tVFQeYjdtWUMEnQV2E7SuIAQ/b3yUVGQvWGe/KJG
ezYfoa1+NRJcyCdY3gQRsea9n1awwA5icSn1agPgPaSXUDJEJSFw4mo9GTLPejNY
4MVGf49g84tF9+1J156k6B3cfzrdAQo8XZB4s7b2C4M9tmduajW2UQ==
=IfdC
-----END PGP SIGNATURE-----
1
0
SUSE Security Announcement: Mozilla various security problems (SUSE-SA:2005:045)
by Marcus Meissner 11 Aug '05
by Marcus Meissner 11 Aug '05
11 Aug '05
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: mozilla,MozillaFirefox,epiphany,galeon
Announcement ID: SUSE-SA:2005:045
Date: Thu, 11 Aug 2005 15:00:00 +0000
Affected Products: 8.2, 9.0, 9.1, 9.2, 9.3
SUSE Linux Desktop 1.0
SUSE Linux Enterprise Server 8, 9
Novell Linux Desktop 9
Vulnerability Type: information leak
Severity (1-10): 7
SUSE Default Package: yes
Cross-References: MFSA 2005-56 CAN-2005-2270
MFSA 2005-55 CAN-2005-2269
MFSA 2005-54 CAN-2005-2268
MFSA 2005-53 CAN-2005-2267
MFSA 2005-52 CAN-2005-2266
MFSA 2005-51 CAN-2005-1937
MFSA 2005-50 CAN-2005-2265
MFSA 2005-49 CAN-2005-2264
MFSA 2005-48 CAN-2005-2263
MFSA 2005-47 CAN-2005-2262
MFSA 2005-46 CAN-2005-2261
MFSA 2005-45 CAN-2005-2260
Content of This Advisory:
1) Security Vulnerability Resolved:
Various security problems in the Mozilla suite and Mozilla Firefox
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
Various security vulnerabilities in the mozilla browser suite and
the Mozilla Firefox browser have been reported and fixed upstream.
The Mozilla suite browser has been updated to a security fix level
of Mozilla 1.7.11, the Mozilla Firefox browser has been updated to
a fix level of Firefox 1.0.6.
Security relevant bugs that are fixed include (but are not limited to):
MFSA 2005-56 Code execution through shared function objects
MFSA 2005-55 XHTML node spoofing
MFSA 2005-54 Javascript prompt origin spoofing
MFSA 2005-52 Same origin violation: frame calling top.focus()
MFSA 2005-51 The return of frame-injection spoofing
MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo()
MFSA 2005-49 Stealing of sensitive information via _search and the Firefox sidebar
MFSA 2005-48 Same-origin violation with InstallTrigger callback
MFSA 2005-47 "Set as wallpaper" javascript: privilege escalation
MFSA 2005-46 XBL scripts ran even when Javascript disabled
MFSA 2005-45 Content-generated event vulnerabilities
This update also upgrades the version of the Mozilla suite for the
following products:
* SUSE Linux Desktop 1.0:
The original Mozilla 1.4 branch browser is upgraded to the Mozilla
1.7 branch version.
We were not able to port the galeon web browser included in SUSE
Linux Desktop 1.0 to support Mozilla 1.7 in time, so we no longer
support it.
The galeon package on SUSE Linux Desktop 1.0 is removed by this update.
* SUSE Linux Enterprise Server 8:
The original Mozilla 1.4 branch browser is upgraded to the Mozilla
1.7 branch version.
* SUSE Linux Enterprise Server 9:
The Mozilla version 1.6 shipped with GA of the SUSE Linux Enterprise
Server 9 was replaced by the Mozilla 1.7 branch version in Service
Pack 2.
* SUSE Linux 8.2, 9.0, 9.1:
The Mozilla version 1.4 and 1.6 contained in the SUSE Linux versions
8.2 up to 9.1 was replaced by the Mozilla 1.7 branch version.
We were not able to port the galeon and the epiphany web browsers
included in SUSE Linux 9.0 up to 9.1 to support Mozilla 1.7 in time,
so we will no longer support it.
The galeon and epiphany packages on SUSE Linux 9.0 and 9.1 are removed
by this update.
2) Solution or Work-Around
Please install the upgraded packages and make sure you restart your
browsers after the update.
A workaround would be to deinstall the Mozilla browser suite and/or
the Firefox web browser.
3) Special Instructions and Notes
Please note that galeon will be de installed by this update on SUSE
Linux Desktop 1.0, SUSE Linux 8.2, 9.0 and 9.1.
Also note that epiphany will be de installed by this update on SUSE
Linux 9.0 and 9.1.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web.
x86 Platform:
SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-1.0.6-4…
166c3b4abffa53c7a8f6727c25f864fc
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-transla…
030877cffa160bdb73fb83ecf203beeb
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-1.7.5-17.5.i58…
23b21c1570e805548cbb4ff838ef3a3a
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-calendar-1.7.5…
357af3e740a6afcbe93d30df2ba6f8c0
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-devel-1.7.5-17…
056837d21e79bf9685db9a5a6107e314
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-dom-inspector-…
d44ac8b3f9f3a872cce217213fc75d5f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-irc-1.7.5-17.5…
c5372426942a4e7edd93e76c262f902b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-mail-1.7.5-17.…
f99441b4557a52f19e691769ff3586bf
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-spellchecker-1…
dab29a38878bdccb0a2adcfd54695022
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-venkman-1.7.5-…
e77fa1183e8550d7d76463ca5175cdff
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-32bit-9.3-7.…
6f31d1cb01eed1b1d824d4997cf9b74e
SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/MozillaFirefox-1.0.6-4…
3a5028572220d317b5b36cbd204be28a
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/MozillaFirefox-transla…
6cf1065e8f4e106bd4b4b7db81279886
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/epiphany-1.2.10-0.2.i5…
4fb955c43973dcf210cb88bda26eb2bc
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/epiphany-extensions-0.…
110ff4ef92560f2c769240a98956501e
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/epiphany-extensions-de…
5315f6fcb9f9948350a3aabd1bff97b7
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/galeon-1.3.19-6.1.i586…
7a6a9eea59e272d8a9c552e614215262
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-1.7.2-17.12.i5…
9ffdaf54b21aa1195d424679060f382b
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-calendar-1.7.2…
a8ed8fc7e43fa6551e6a6df9ea77a2d6
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-devel-1.7.2-17…
0d7dff63430002e604b0d3c08a262a2d
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-dom-inspector-…
42a00ad1de897f70e2a73e654213c0a6
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-irc-1.7.2-17.1…
ed16008085e96426bf00d7fe2f7f8141
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-mail-1.7.2-17.…
3bf5bb5e315240b0d8a98382328460f8
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-spellchecker-1…
5bfee4a99f2f56c4e0087d26df7317e8
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-venkman-1.7.2-…
8427dc7f4c86e252b74b7bef6abf0738
SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/MozillaFirefox-1.0.6-4…
478fd9555b6cc78148938cc50d78ff36
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/MozillaFirefox-transla…
b2aa6c73c1f63fc73658f10e7d6f3bb8
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-1.7.8-5.10.i58…
a0ec30a46e482ed5883b404a2769da9d
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-calendar-1.7.8…
f0ccbea190ddbbdc3af3926de1933965
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-cs-1.7.5-4.4.i…
793f620d87d5d2226d9c26cbad4f7489
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-deat-1.7.6-0.4…
0eff1dee760d0a9ff60fd796d76e4868
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-devel-1.7.8-5.…
32d36ec02e9804a218992f7f0246a501
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-dom-inspector-…
6b0f76b8249de7571d87f439da4f00e0
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-hu-1.78-0.5.i5…
59470d7d277f6c99d1568f3fc5767cf7
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-irc-1.7.8-5.10…
f71d29d90481552db60eb538f4c0ab73
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-ja-1.7.7-0.5.i…
a7d6df35c11a6b2ac3d5f8a13e4f3ce8
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-ko-1.75-0.5.i5…
1bab3281cd69ae52e5272336f0accff8
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-mail-1.7.8-5.1…
791161e361b85904facfc57ac67a885e
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-spellchecker-1…
91f7f6f22ea820290e0cf665d7e52d77
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-venkman-1.7.8-…
04d2a3266da0292833fe9bb3eb6db4a0
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/MozillaFirefox-1.0.6-4.…
c5032babc3e8dda2b4fc793e0cedb6e3
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-1.7.8-5.10.src.…
7cd385922b4ef615f988d92ed0687c55
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-cs-1.7.5-4.4.sr…
09f2a48c0e6db1e9cdb16a31b4bf964e
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-deat-1.7.6-0.4.…
274b10f06271150d62f110747f84ec7d
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-hu-1.78-0.5.src…
d7b82478b0cbe502d192992eb9f32694
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-ja-1.7.7-0.5.sr…
88dd71414d170b19227b9e2ca8e438d1
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-ko-1.75-0.5.src…
3577e8db5bfc32928f410a50da21fff0
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/MozillaFirebird-1.0.6-…
d3f3667784ae8ffdb52d6fd684a60031
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-1.7.8-20.i586.…
1ac066a5cc32b7bf315e9865292026e0
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-calendar-1.7.8…
db3a421e7cc80dc37f9379fd34dc0a50
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-cs-1.7.5-7.i58…
7ae7dada10e5d594d37770fccc1a2c91
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-deat-1.7.6-4.i…
47820d48cab860da0c0e5284f3dd2151
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-devel-1.7.8-20…
1d11b924771353eb0e8446f734991869
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-dom-inspector-…
b5197d58cc39907749fada7860458088
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-hu-1.78-4.i586…
2c8f3366d8d4b4f4d1db9e5f629c99f4
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-irc-1.7.8-20.i…
2af9df9ba55ff5a598bf9a2770531545
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-mail-1.7.8-20.…
68b6bfdc62e530180e4e41025c6d690d
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-spellchecker-1…
05448c90532d7b138798342c933a086d
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-venkman-1.7.8-…
5c44dd021e2b6ba4fd1c2d1252360d45
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/MozillaFirebird-1.0.6-2…
e73b37663812b9707e2bfb4598f10bf8
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mozilla-1.7.8-20.src.rpm
af55dfd829630d7665bedf2c78ae6a4c
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mozilla-cs-1.7.5-7.src.…
459bbc0404efe46db849e018a1e0a044
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mozilla-deat-1.7.6-4.sr…
0dda29c6a940747cc0c5e4b57bc994b7
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mozilla-hu-1.78-4.src.r…
7c4316c175697f25667833a108bf4d38
SUSE Linux 8.2:
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mozilla-1.7.8-19.i586.…
ecf646af23f7acae815f96e75b05eb61
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mozilla-devel-1.7.8-19…
181d77f2943f788e68f3f73505620406
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mozilla-dom-inspector-…
1c1337d1632b5e9e96f73d62ed6bd108
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mozilla-irc-1.7.8-19.i…
7a28a07a12804eb60830e383fde3229b
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mozilla-mail-1.7.8-19.…
7d6d403e5032b118e4f805d90522f32e
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mozilla-venkman-1.7.8-…
3cbaf034630575f8d10de1fedb0d105f
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/noarch/mozilla-cs-1.4-158.n…
d7cc46deafd264d296b096d10fc66ab7
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/noarch/mozilla-deat-1.4.1-1…
aab00041a2f06eeacb4490cf0bbb3a20
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/noarch/mozilla-hu-1.4-159.n…
b7ae80a54d0f25aae696351da8508c6d
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/mozilla-1.7.8-19.src.rpm
fb01cf105b4f7a16955408863b99812d
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/mozilla-cs-1.4-158.src.…
e126a11f03476c844390c0d5b148cf9b
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/mozilla-deat-1.4.1-11.s…
ccbf0ebc3f1b80db016c49591a96e081
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/mozilla-hu-1.4-159.src.…
5805309872e732a6566742ade686f56d
x86-64 Platform:
SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-1.7.5-17.5.x…
818cd3658b021375bc60087bc7a61ce3
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-calendar-1.7…
3150933846de56e01769a52263be4f73
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-devel-1.7.5-…
14606ed7a0e86bc175592b01672eb004
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-dom-inspecto…
78472d39ed5aca6da4787f4482afe995
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-irc-1.7.5-17…
6c9f63d41c2c5ee7d9f2909e3bbddbaa
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-mail-1.7.5-1…
c5cc774513da309d20e550c9ef690e1a
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-spellchecker…
8a9b3c0f8526499bc2a52787fee8ee60
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-venkman-1.7.…
0641e898ce6072d9e72757318785e0cb
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/mozilla-1.7.5-17.5.src.…
cacbda15810bd6f5603ca9b9b3e1970e
SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/MozillaFirefox-1.0.6…
c4a4504f35d758e0c90def270d3895c4
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/MozillaFirefox-trans…
f2e8a8a66901d96b5267fe15650bd0d7
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/epiphany-1.2.10-0.2.…
63721c65c29312d85e0bd83d7e0e668d
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/epiphany-extensions-…
497653dd80813edc7512eaa89181514a
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/epiphany-extensions-…
fb2aedcb40e7865f50dd751cc8551c72
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/galeon-1.3.19-6.1.x8…
9f0cd31c9aace99836540295e0cae57f
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-1.7.2-17.12.…
3ca6505f0902de095686a066fcd49bcd
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-calendar-1.7…
49e14e285e25fec43f5d5f93ad66a98d
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-devel-1.7.2-…
1456a79695ccaa1b1887bc74f3eaad28
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-dom-inspecto…
381e0a5bd0b1766cdcb21d20099e9005
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-irc-1.7.2-17…
6ac315c96a9e5f886ec5ae1bc2d58b4b
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-mail-1.7.2-1…
23e0a2a2da3c8b0c2f54c5cfea54e853
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-spellchecker…
713540470613683cbc2ceda6cd30f32a
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-venkman-1.7.…
439c9618b88915dd0a9dd51614282926
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/MozillaFirefox-1.0.6-4.…
9465f6d549e794b6bfbe4c1e48dfde5a
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/epiphany-1.2.10-0.2.src…
56a820a30e1719fbe6f15b2333733fb4
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/epiphany-extensions-0.8…
6cad0702acba84800382db956ffa20fd
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/galeon-1.3.19-6.1.src.r…
096926ecce28109356aaef5ea3e5f059
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/mozilla-1.7.2-17.12.src…
4299ffe08939196c1e66df8d8bdd6936
SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/MozillaFirefox-1.0…
a370814658c6c59b22c0b26f152fd009
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/MozillaFirefox-tra…
b63680dbea5cdd2429a16e9ae8b3b62c
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-1.7.8-5.10…
f47c7eb99e793a4c84506d67598cb79e
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-calendar-1…
0f2a961352f58614cb09f228037e80b4
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-cs-1.7.5-4…
06a5a58c043624c2e1f3564a0aac48a5
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-deat-1.7.6…
143567942ced1976c1956aeb13c4e551
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-devel-1.7.…
b19f5a46930dac566ca79684da8072f3
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-dom-inspec…
ac5a2a6d97661771af4498729906c20a
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-hu-1.78-0.…
5ba3441864bd620f4df283359b3bf78a
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-irc-1.7.8-…
bd34182213c1df88c430051e76195e8f
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-ja-1.7.7-0…
6eae7f6519978d5fc630b65ddc6ea925
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-ko-1.75-0.…
cdf0841a48a0c70b01263edad0d1a41d
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-mail-1.7.8…
97d9a2831e01f14416565cda9e0b5893
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-spellcheck…
289f7ca0d17ae052d3d2b8bd3e83b613
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-venkman-1.…
47d7a9ccd5c760260aa23681050d061e
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/MozillaFirefox-1.0.6-…
00786352c76255079057effb9a810283
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-1.7.8-5.10.sr…
cf36f5e3a85d488133b0ebad42ca61c3
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-cs-1.7.5-4.4.…
592bd5c5902fd8e30f78dde0d2536843
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-deat-1.7.6-0.…
81186f752ad57deb1fe0c201c0f3ea6d
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-hu-1.78-0.5.s…
5ffc830758e55d0496d3d24c0581f16e
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-ja-1.7.7-0.5.…
7ad0667f296852266e642828f9c6a46b
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-ko-1.75-0.5.s…
a41ea52316a6f5a541c90663721f6b23
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/MozillaFirebird-1.…
8c424bcb147929ca3b25ede8c6d4230b
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-1.7.8-20.x…
71e2363debdc9ca95ac019a23880d7f0
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-calendar-1…
b9884210a7608e0470287194b5f81181
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-cs-1.7.5-7…
b32f908a5d0198bded47c068ecc5dfb7
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-deat-1.7.6…
365df64a69e4d830059902b412d9f06f
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-devel-1.7.…
951445bca390ea36cbddb097ae6fe800
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-dom-inspec…
1abf2651aefffa6d22c3dcde4f081d45
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-hu-1.78-4.…
a9f2e216f49958302455aca802e3b12d
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-irc-1.7.8-…
cc7d440ae25bbfd460892b9efee82664
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-mail-1.7.8…
2b279158c3a2131b30c54d6bf33c08cc
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-spellcheck…
994ba3dc0c7e8f2cd925fe92a969a3ad
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-venkman-1.…
8aa655a52453608c0fd7484f22425899
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/MozillaFirebird-1.0.6…
643de31a2b60aad00c33e788f6a676cb
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mozilla-1.7.8-20.src.…
420e4ebe9ca47c59e683ecec99fcbfcf
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mozilla-cs-1.7.5-7.sr…
7ca8e9bd16cf1fd5b8b176be436e6d9e
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mozilla-deat-1.7.6-4.…
c5d85e3d18ac3eba4b2eda9e777ea1a1
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mozilla-hu-1.78-4.src…
cfac61dc8b7ca512f31a31cca35ff9b1
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBQvtuSHey5gA9JdPZAQLg3gf+KRYqHPdXDXMRtT/e5BhX4eaKJC7tLd7O
RH/z1CbnhKSXigy7WbrS/hfPpYwE764uXNNt78RX8iPMaDmJ7t90lJCvFWHzpJQm
z4MTqrNXpGOCSVGBJs7dbzLAeFj/gDeMhLIWMTZEwMXKNhTYuxO3btKznx9h3lgA
WN/nfiRlWaIxtlg1kf4KCvDPZVRlUPCUiT0O3+/Qgfh6FQPg4CCYYepzOns1Ym0/
aI6nhPOK/IczqtwBZPGr+Np9xzddNfdrzRhHmUojoZ5TCNTRHp5Y4I9CoNLctwnl
gYkWfPA7q1GoKzthbUzvPBWKh8X8aywYuH6/+upWWR8G5woP86xufw==
=ZJnB
-----END PGP SIGNATURE-----
1
0
SUSE Security Announcement: several kernel security problems (SUSE-SA:2005:044)
by Ludwig Nussel 04 Aug '05
by Ludwig Nussel 04 Aug '05
04 Aug '05
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: kernel
Announcement ID: SUSE-SA:2005:044
Date: Thu, 04 Aug 2005 08:00:00 +0000
Affected Products: 9.0, 9.1, 9.2, 9.3
SUSE Linux Desktop 1.0
SUSE Linux Enterprise Server 8, 9
Novell Linux Desktop 9
Open Enterprise Server 9
Vulnerability Type: local privilege escalation
Severity (1-10): 7
SUSE Default Package: yes
Cross-References: CAN-2005-1761
CAN-2005-1767
CAN-2005-1768
Content of This Advisory:
1) Security Vulnerability Resolved:
several kernel security problems
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
- see SUSE Security Summary Report
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The Linux kernel is the core component of the Linux system.
This update fixes various security as well as non-security problems
discovered since the last round of kernel updates.
Not all kernels are affected by all the problems, each of the problems
has an affected note attached to it.
The CAN-YYYY-NNNN IDs are Mitre CVE Candidate IDs, please see
http://www.mitre.org for more information.
The following security problems have been fixed:
- local users could crash the system by causing stack fault
exceptions (CAN-2005-1767)
SUSE Linux 9.0 and SLES8 are affected.
- local users could use ptrace to crash the kernel
(CAN-2005-1761).
SLES8 on the ia64 architecture is affected.
- by causing an overflow in the 32bit execve function users could
crash the kernel or even execute code (CAN-2005-1768).
SLES 9 on the x86-64 and ia64 architectures and SUSE Linux 9.1
on the x86-64 architecture are affected.
- an overflow when validating XDR data for the nfsacl protocol
could crash the kernel.
SUSE Linux 9.2 and 9.3 are affected.
- local users could crash the kernel by reading from large
offsets in sysfs files
SUSE Linux 9.2 is affected.
On SUSE Linux 9.1 this update contains the kernel used by the
SUSE Linux Enterprise Server 9, Service Pack 2. This kernel adds
among many bugfixes and driver updates support for non-executable
pages (NX) on x86 CPUs and improves dual core CPU support.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
SPECIAL INSTALLATION INSTRUCTIONS
=================================
The following paragraphs guide you through the installation
process in a step-by-step fashion. The character sequence "****"
marks the beginning of a new paragraph. In some cases, the steps
outlined in a particular paragraph may or may not be applicable
to your situation. Therefore, make sure that you read through
all of the steps below before attempting any of these
procedures. All of the commands that need to be executed must be
run as the superuser 'root'. Each step relies on the steps
before it to complete successfully.
**** Step 1: Determine the needed kernel type.
Use the following command to determine which kind of kernel is
installed on your system:
rpm -qf --qf '%{name}\n' /boot/vmlinuz
**** Step 2: Download the packages for your system.
Download the kernel RPM package for your distribution with the
name indicated by Step 1. Starting from SUSE LINUX 9.2, kernel
modules that are not free were moved to a separate package with
the suffix '-nongpl' in its name. Download that package as well
if you rely on hardware that requires non-free drivers, such as
some ISDN adapters. The list of all kernel RPM packages is
appended below.
The kernel-source package does not contain a binary kernel in
bootable form. Instead, it contains the sources that correspond
with the binary kernel RPM packages. This package is required to
build third party add-on modules.
**** Step 3: Verify authenticity of the packages.
Verify the authenticity of the kernel RPM package using the
methods as listed in Section 6 of this SUSE Security
Announcement.
**** Step 4: Installing your kernel rpm package.
Install the rpm package that you have downloaded in Step 2 with
the command
rpm -Uhv <FILE>
replacing <FILE> with the filename of the RPM package
downloaded.
Warning: After performing this step, your system may not boot
unless the following steps have been followed
completely.
**** Step 5: Configuring and creating the initrd.
The initrd is a RAM disk that is loaded into the memory of your
system together with the kernel boot image by the boot loader.
The kernel uses the content of this RAM disk to execute commands
that must be run before the kernel can mount its root file
system. The initrd is typically used to load hard disk
controller drivers and file system modules. The variable
INITRD_MODULES in /etc/sysconfig/kernel determines which kernel
modules are loaded in the initrd.
After a new kernel rpm has been installed, the initrd must be
recreated to include the updated kernel modules. Usually this
happens automatically when installing the kernel rpm. If
creating the initrd fails for some reason, manually run the
command
/sbin/mkinitrd
**** Step 6: Update the boot loader, if necessary.
Depending on your software configuration, you either have the
LILO or GRUB boot loader installed and initialized on your
system. Use the command
grep LOADER_TYPE /etc/sysconfig/bootloader
to find out which boot loader is configured.
The GRUB boot loader does not require any further action after a
new kernel has been installed. You may proceed to the next step
if you are using GRUB.
If you use the LILO boot loader, lilo must be run to
reinitialize the boot sector of the hard disk. Usually this
happens automatically when installing the kernel RPM. In case
this step fails, run the command
/sbin/lilo
Warning: An improperly installed boot loader will render your
system unbootable.
**** Step 7: Reboot.
If all of the steps above have been successfully completed on
your system, the new kernel including the kernel modules and the
initrd are ready to boot. The system needs to be rebooted for
the changes to be active. Make sure that all steps have been
completed then reboot using the command
/sbin/shutdown -r now
Your system will now shut down and restart with the new kernel.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web.
x86 Platform:
SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/Intel-536ep-4.69-10.2.…
05a238ad052efca5071097cdc915df17
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/dprobes-3.6.5-8.3.i586…
bfeb0c950feeaa75c79a4a57cc87f551
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-bigsmp-2.6.11.4…
ebf02e94b3c2ec1026a55e25373f8116
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-bigsmp-nongpl-2…
542f4ccc7e75110569e10ab477d31dc5
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-default-2.6.11.…
72dd929e09d816a765465bc9c3ab9ce3
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-default-nongpl-…
656b7c959ee5306740cc8f22ce6d82a7
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-smp-2.6.11.4-21…
42582b11fffd615eb29670e4f85601ee
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-smp-nongpl-2.6.…
73d4f9dca2fb4dda5f696a085e7b2055
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-source-2.6.11.4…
d3a123fcfdbd7325fd8df02010d8092a
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-syms-2.6.11.4-2…
e1d4701ada55009074f0716b52de3c71
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-um-2.6.11.4-21.…
94b16ac6039c5acf9ed6839bd3a42e5e
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-um-nongpl-2.6.1…
2be56cc3c69f259e1bc1069a80886d00
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-xen-2.6.11.4-21…
2d1da7bd73fe7b7281b6f3da75866f1e
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-xen-nongpl-2.6.…
5188ad0125447cb5dc7d9d890661aff6
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/ltmodem-8.31a10-7.2.i5…
dc2f268a8d34608a398a072b0828894d
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/um-host-install-initrd…
bea2f498ef755159877132808fcc67b4
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/um-host-kernel-2.6.11.…
4e43301928440f85de5416becaf4dd80
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/noarch/kernel-docs-2.6.11.4…
0d1daffc2d7e0d94f994ee260be87cc4
SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/Intel-536ep-4.69-5.10.…
0d8d7462b5d396c9aeec58879f41ace3
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-bigsmp-2.6.8-24…
0eaaa279a6dd6b9e1a01be9a05d978fb
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-bigsmp-nongpl-2…
e3653101d73a0bede0ac40b4fa29d9dc
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-default-2.6.8-2…
f795ecb51ef90a0bb241ea4e6bbc3bba
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-default-nongpl-…
e322aa000bed8e34db575a0db6bd72a7
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-smp-2.6.8-24.17…
6ae5087a6026c40d8abc1e5d3c9d79ed
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-smp-nongpl-2.6.…
07ab3b8e2fe7566efe7745042e36b869
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-source-2.6.8-24…
bc27ddec86fab10c92a626ccc9b52125
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-syms-2.6.8-24.1…
9996748f30aa51f3f7edc2bb57bf33f0
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-um-2.6.8-24.17.…
ec997c83e8b8f5ff1237b824333a03a6
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-um-nongpl-2.6.8…
73f6f4c7b2573612d7bdc218900bd259
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/ltmodem-8.31a8-6.10.i5…
8bb6fb7a7bb16d5dcfa546eb166cd0a5
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/um-host-install-initrd…
5e94647cfa4a9ea1bb051160ce469a8d
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/um-host-kernel-2.6.8-2…
a724edf0312eac59fe79620e83c4875b
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/noarch/kernel-docs-2.6.8-24…
a0a2b0320011b726a8333566986c0adf
SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-bigsmp-2.6.5-7.…
cc7d96f52dd7c0764c692dc13fd53cec
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-default-2.6.5-7…
e386360521fb20a2e538fbfbded5a811
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-smp-2.6.5-7.193…
d7af0f43d7f7244715ce0b08c801e949
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-source-2.6.5-7.…
cbd5fe9db7294b3f59b22e7b4305c68d
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-syms-2.6.5-7.19…
b09fc2db0298d8cddc7f563f5c70c72a
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/ltmodem-2.6.2-38.17.i5…
6bede3ceed177c7d878fc7da3f86a324
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mkinitrd-1.2-27.12.i58…
c1cf2903606be5a12bad9f1eab2eae81
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/noarch/kernel-docs-2.6.5-7.…
77f4fe83be8c81f88117ec52521ffe81
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-bigsmp-2.6.5-7.1…
3a1b93dc227e264b3dd4facbfa14e1ef
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-default-2.6.5-7.…
cfea9bd165db64ced6293308812ea4ee
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-docs-2.6.5-7.193…
6a92646a4271ccf3478a10ea1926de6d
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-smp-2.6.5-7.193.…
bc2ee08fd05f1bc8d60b49d767f0f513
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-source-2.6.5-7.1…
1a3a88bc0618b78353de3e2947f28979
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-syms-2.6.5-7.193…
e7f672c81b506567857e90ddfd820c7f
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/ltmodem-2.6.2-38.17.src…
89687a12bb4c32f724f2297fc503af7d
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mkinitrd-1.2-27.12.src.…
53003b04f9b047e9e9b23f0e93d7750f
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/Intel-536ep-4.62-26.i5…
1bae954d54dc935445c4d759ec4781c6
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/Intel-v92ham-4.53-26.i…
f33a23b16531dbb31e86235aecea5af0
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_athlon-2.4.21-297.i5…
f36353243bc41416484ac3b83b99cf54
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_deflt-2.4.21-297.i58…
9c38ed804c03d68e9140b048efed0d1b
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_smp-2.4.21-297.i586.…
f0adf768e915c3af251828b7b31fc9aa
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_smp4G-2.4.21-297.i58…
5a13e58bb1210a4e908655eb176c0fb8
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_um-2.4.21-297.i586.r…
6d48fec139aadda5d471cf4c7e1b9f0b
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/kernel-source-2.4.21-2…
e3768ecf5b9ac848976cabef5fb3809a
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/ltmodem-8.26a-215.i586…
3fd2674fce2a1d50072dc22f254872bc
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/Intel-536ep-4.62-26.src…
359859f0c2cb8f827adb1dcdb37e07a5
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/Intel-v92ham-4.53-26.sr…
c44cc10e6d607229244ec17cdc6e3684
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/k_athlon-2.4.21-297.src…
fc16ff423a1e61efe5bf540f6238540a
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/k_deflt-2.4.21-297.src.…
704de65cefa1879236ef9e422ca15829
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/k_smp-2.4.21-297.src.rpm
bc6d49efe5f3586ee387440ab8549fab
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/k_smp4G-2.4.21-297.src.…
09833f9243a18d534e2c436a97253b45
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/k_um-2.4.21-297.src.rpm
8ac4b4cf7dd9c8fb231c5039e53f1cfd
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/kernel-source-2.4.21-29…
11151763f415842946ee60325ee01d3c
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/ltmodem-8.26a-215.src.r…
febc3670da245f8d78bb89a006765d35
x86-64 Platform:
SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-default-2.6.1…
cfaefcc7e6a70ab33b14407f1b65f80a
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-default-nongp…
31c72377eea1d62a1e7acd59549e92ec
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-smp-2.6.11.4-…
e28191a62427f1804ce96ad3ff84e65f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-smp-nongpl-2.…
99078de1a8b126aa7f10dcffee178d15
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-source-2.6.11…
76a2eabf1217625e7daf12140b2eec13
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-syms-2.6.11.4…
f608f35bdb90e29f8b2f7b0d9ebe55ad
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-default-2.6.11.4…
0026116fa23db0619bec4c1cad7131bc
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-smp-2.6.11.4-21.…
687dc52d024ef4c29e0d8215ec06f43f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-source-2.6.11.4-…
d66859bc79ced127079cee1a58227d90
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-syms-2.6.11.4-21…
2df4bab28340ed5beea7cc641b37996f
SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-default-2.6.8…
c25dff3ebb63aa965967c3134b46044c
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-default-nongp…
2f431403b235eb60cb5aac4e2cfb0129
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-smp-2.6.8-24.…
c26d75ff5551d8cf96e9d0c76e103eed
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-smp-nongpl-2.…
4651a609fe14cb138d1338baf037a446
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-source-2.6.8-…
79d4e5e9943057b18363964c106ed68b
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-syms-2.6.8-24…
9087ce46d4533afc3665d9270ccb15d4
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-default-2.6.8-24…
93789c90324bd74589d188ca28bb90fb
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-smp-2.6.8-24.17.…
cd29ff98ea1e4966e9ef9728f31550c0
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-source-2.6.8-24.…
0fd3efc9a17a8a6dd4ba4412f156001d
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-syms-2.6.8-24.17…
ca8ed47420d9dd89e632934f9ea3c7e3
SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/noarch/kernel-docs-2.6.5-…
9e55e1c6ad4224a6aba51f7e8e741f64
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-default-2.6…
8f11a22c99a750c75dab36e76f4a2258
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-smp-2.6.5-7…
1c5ac7a96d946e7102b81f2899be001b
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-source-2.6.…
808e3ee17e3be2e3eab1f2570326690a
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-syms-2.6.5-…
a62089a8df14b58353cd35ff554f47fb
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mkinitrd-1.2-27.12…
31fbf23ab758e9a7b1253e15aae2bf50
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-default-2.6.5-…
d6284bac1d04f9bc4b6133a2a2af527c
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-docs-2.6.5-7.1…
51c2c136a047595ff3e16b5b9e7e6718
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-smp-2.6.5-7.19…
8672f0b590d95373fec4aefb6a065161
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-source-2.6.5-7…
5e47cb20a39df305cb8055e40ed57b51
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-syms-2.6.5-7.1…
6291bb3e37b8ae990e7c2b1454bfd407
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mkinitrd-1.2-27.12.sr…
58e7f56bf7dcc95db8b893775a7b5322
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/k_deflt-2.4.21-297…
f91b1ea439a0d2246b66c38c401b6356
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/k_smp-2.4.21-297.x…
d35d0e61e2fc4573364f1d796957c684
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/kernel-source-2.4.…
e60dc4818a39287185fe1bd90611e0ed
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/k_deflt-2.4.21-297.sr…
ec45006a680174e5fb1335efebedc63b
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/k_smp-2.4.21-297.src.…
f2ada5581d73c90298150b29e870527b
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/kernel-source-2.4.21-…
f57382aa59ae24eda94255eb52edb4b6
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
- see SUSE Security Summary Report
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iQEVAwUBQvHF/3ey5gA9JdPZAQIApQgAm8sQo0lqnuXNZab3LMZfy5yTdF3aK5Zg
y0pG1nm4izsk/KzqdzGHvLRozl84D5lsJraQPLAM+Fibsq14u9w9fi5b1hQ6XuEB
F+/Ml4/0VS3y9PN4hmTePtIilz8+sX57OYgFpnVKXYOxbDQ1y7M6EdamkBZlSN6m
Fb8myZxao8M6k72li2ebJtrd4BNoqxuhqBv4Lm64UQZHu+jpjnEyGM+Sv+7EnP6S
fdeo8J5iLoJGQveBgN8koaqLYxaM4xcQKztnJtEAmv4Ttp2Ok834zJvXj2NuRLUd
tQ7v4dJuZbSvJJxLqMa7G7YnytkqOk/9a03D+nHTN0KDtjqHpzqb8w==
=ssi7
-----END PGP SIGNATURE-----
1
0