openSUSE Security Announce
Threads by month
- ----- 2024 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
September 2005
- 3 participants
- 12 discussions
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2005:021
Date: Fri, 30 Sep 2005 14:00:00 +0000
Cross-References: CAN-2005-0941, CAN-2005-2558, CAN-2005-2794
CAN-2005-2796, CAN-2005-2876
Content of this advisory:
1) Solved Security Vulnerabilities:
- storeBackup insecure /tmp usage and permissions
- squid remote denial of service problems
- mysql stack overflow in function handling
- util-linux umount privilege escalation
- OpenOffice_org version upgrade
- mediawiki cross site scripting problems
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
None
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for minor
issues, SUSE Security releases weekly summary reports for the low profile
vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums
or download URLs like the SUSE Security Announcements that are released for
more severe vulnerabilities.
Fixed packages for the following incidents are already available on our FTP
server and via the YaST Online Update.
- storeBackup insecure /tmp usage and permissions
This update upgrades storeBackup to version 1.19 and fixes following
security issues:
- storeBackup used insecure /tmp filenames.
- storeBackup used insecure (world readable) file permissions for
the backup root.
Only SUSE Linux retail products contain storeBackup and are affected.
- squid remote denial of service problems
The web proxy squid was updated to fix two remotely exploitable
denial of service vulnerabilities. One can be triggered by aborting a
request and the other one occurs in sslConnectTimeout while handling
malformed requests.
This is tracked by the Mitre CVE IDs CAN-2005-2794 and CAN-2005-2796.
All SUSE Linux based products containing squid are affected.
- mysql stack overflow in function handling
This update fixes a stack-based buffer overflow in MySQL's init_syms
function that can be exploited by authenticated users with the
privilege to create user-defined functions.
This is tracked by the Mitre CVE ID CAN-2005-2558.
All SUSE Linux based products including mysql are affected.
- util-linux umount privilege escalation
The remount option of umount allowed local users to clear certain
security relevant flags such as the nosuid flag.
This is tracked by the Mitre CVE ID CAN-2005-2876. All SUSE Linux
based products are affected by this problem.
- OpenOffice_org version upgrade
OpenOffice.org on SUSE Linux 9.3 was upgraded to 2.0 Beta Milestone m125.
This includes a large number of bug fixes in all areas.
This update also fixes a buffer overflow in the MS Word document
reader. By creating a specially crafted Word document a remote
attacker could exploit this bug to execute arbitrary code under
the user id of the user viewing the document (CAN-2005-0941).
Note that this version will save files in the new, final XML format
that cannot be read by the original SUSE Linux 9.3 version.
Files saved with the original 9.3 version can be read without problems.
- Mediawiki cross site scripting problems
More cross site scripting problems were found in MediaWiki. The
problems fixed in the 1.4.9 release have been back ported and are
included in this security update.
Only SUSE Linux 9.3 contains MediaWiki.
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
None
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and integrity of a
package needs to be verified to ensure that it has not been tampered with.
The internal RPM package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on RPMv4-based
distributions) and the gpg key ring of 'root' during installation. You can
also find it on the first installation CD and included at the end of this
announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ)
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBQz0unney5gA9JdPZAQKnegf/dYaL6M6PtmR/enoXhjibG2ulKB4wLNqa
sOhQDA7Q2Ys02IZekV+njc3hjFynYnWNgj3jaBY1xMbXy/QT48MCQdle21llrsF7
5zlhePVveAOm2OBh+N+RDU1DDhSaqPQ6d56jX5QJQPcRQkuEmC/dDZVLHFgqZTEp
yuCVOfhrzHQLcHSdu+rMUUadIl+9+6BqLm+6Oj9sYM1kfREeem0eG88U/PiBYiWc
vnc+4B7TyzQsTqFE4mUTZfgfG64g2zkgjs2k7VF52K61Mm1VE3BRQnuUFY49RYdO
Z7ODPG9QJeU4KO395002CwJmIGYn99fTFYs1nu5cCsdGB4I2xgpGXQ==
=6Bdz
-----END PGP SIGNATURE-----
1
0
SUSE Security Announcement: Mozilla,Mozilla Firefox remote code execution (SUSE-SA:2005:058)
by Marcus Meissner 30 Sep '05
by Marcus Meissner 30 Sep '05
30 Sep '05
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: mozilla,MozillaFirefox
Announcement ID: SUSE-SA:2005:058
Date: Fri, 30 Sep 2005 10:00:00 +0000
Affected Products: Novell Linux Desktop 9
SuSE Linux 9.0
SUSE LINUX 9.1
SUSE LINUX 9.2
SUSE LINUX 9.3
SUSE LINUX 10.0
SUSE LINUX 10.0 OSS
SUSE Linux Enterprise Server 9
SuSE Linux Desktop 1.0
SuSE Linux Enterprise Server 8
UnitedLinux 1.0
Vulnerability Type: remote code execution
Severity (1-10): 8
SUSE Default Package: yes
Cross-References: CAN-2005-2701
CAN-2005-2702
CAN-2005-2703
CAN-2005-2704
CAN-2005-2705
CAN-2005-2706
CAN-2005-2707
Content of This Advisory:
1) Security Vulnerability Resolved:
various security problems in Mozilla based browsers
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The web browsers Mozilla and Mozilla Firefox have been updated to
contain fixes for the vulnerabilities fixed in:
- Mozilla browser suite version 1.7.12
- Mozilla Firefox version 1.0.7
The security problems with their corresponding Mitre CVE ID are:
- CAN-2005-2701: Heap overrun in XBM image processing
- CAN-2005-2702: Crash on "zero-width non-joiner" sequence
- CAN-2005-2703: XMLHttpRequest header spoofing
- CAN-2005-2704: Object spoofing using XBL <implements>
- CAN-2005-2705: Javascript integer overflow
- CAN-2005-2706: Privilege escalation using about: scheme
- CAN-2005-2707: Chrome window spoofing
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please close and restart all running instances of mozilla or Firefox after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
SUSE LINUX 10.0 OSS:
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/i586/MozillaFirefox-1.…
b070f22c50716e9793c6286e75d7f1d3
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/i586/MozillaFirefox-tr…
b7e3dbc40ec322b6b4baff3db1ab8f33
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/i586/mozilla-1.7.11-9.…
3d363104fbaccb6ed24bcbfdaf8d3e0b
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/i586/mozilla-calendar-…
dfeb241e004969274396918859ce9c29
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/i586/mozilla-devel-1.7…
9ccff14aedb21ded7a274de9452c68fb
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/i586/mozilla-dom-inspe…
c7fc87a1c63e9be69b5d32eea19d0779
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/i586/mozilla-irc-1.7.1…
cb8a2af71a14a9158c57717649766a74
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/i586/mozilla-mail-1.7.…
494909fceea44bd110e08482ae151a78
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/i586/mozilla-spellchec…
41d9c223405d9d94dfcc5b6fb98dc066
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/i586/mozilla-venkman-1…
292cc9a346d743de3144b71b1b61feb7
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaFirefox-1.0.7-…
b070f22c50716e9793c6286e75d7f1d3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaFirefox-transl…
b7e3dbc40ec322b6b4baff3db1ab8f33
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-1.7.11-9.2.i5…
3d363104fbaccb6ed24bcbfdaf8d3e0b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-calendar-1.7.…
dfeb241e004969274396918859ce9c29
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-devel-1.7.11-…
9ccff14aedb21ded7a274de9452c68fb
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-dom-inspector…
c7fc87a1c63e9be69b5d32eea19d0779
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-irc-1.7.11-9.…
cb8a2af71a14a9158c57717649766a74
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-mail-1.7.11-9…
494909fceea44bd110e08482ae151a78
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-spellchecker-…
41d9c223405d9d94dfcc5b6fb98dc066
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-venkman-1.7.1…
292cc9a346d743de3144b71b1b61feb7
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-1.0.7-0…
e98cdd73507000f7fa68c48821f37f04
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-transla…
e7faca0efbe75c279ffa99cd1f076f37
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-1.7.5-17.7.i58…
06712cf8c34b60c89e88d92b7ead910d
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-calendar-1.7.5…
059b7754c74ae3c84affe8df06a47794
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-devel-1.7.5-17…
a45be8b0f1276601f8dcf05485ea78e2
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-dom-inspector-…
0dc9f868e9ca4e232fa3da840d501c4f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-irc-1.7.5-17.7…
979c5dc463d2f1a56e1d9127ccc5710b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-mail-1.7.5-17.…
7f6abe44aa06eeac8a25475c2b751f57
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-spellchecker-1…
f9952790bb4be571626b25d08fd1e342
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-venkman-1.7.5-…
cf5a35adb33f12a0395b847566a4a6f9
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/MozillaFirefox-1.0.7-0…
58e9886032fe946144548daf1b4e47b8
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/MozillaFirefox-transla…
eea987167c75d56ace45d361cb4cc924
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/epiphany-1.2.10-0.4.i5…
5b79318a93799582dc072ccf20ad30e0
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/epiphany-doc-1.2.10-0.…
d30905577f54fa8b62f15ddc258f74a7
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/epiphany-extensions-0.…
c2f24bd8207dd6f66d393d96e3df38c4
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/epiphany-extensions-de…
670ac56681d0e07805df24ea6ab250b1
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/galeon-1.3.19-6.2.i586…
3716981c5488f9f91ae0591a6d078301
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-1.7.2-17.14.i5…
cf222da855dba56dad4183944c999c63
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-calendar-1.7.2…
d4fbc3fd3516101ad4bc1a0c7f54b004
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-devel-1.7.2-17…
101f9906054da65fa796c84d8c61e257
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-dom-inspector-…
4a96a0f7b9f804b4a50f719702e7fcd6
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-irc-1.7.2-17.1…
0a9b0eff1927fb41097d04c92f31ec91
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-mail-1.7.2-17.…
7d43bc0f6efdba8ec8d2bee4708cac9d
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-spellchecker-1…
cdcdb5714caac35a0e1a54deb20a37aa
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-venkman-1.7.2-…
a871f995700d1a3ddf9511c10fd1caac
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/MozillaFirefox-1.0.7-0…
37080fb2690efd9be2c43e8256a682dc
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/MozillaFirefox-transla…
dba6e7624528c385d92f9060326763ea
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-1.7.8-5.13.i58…
79f25c5c016aa6ba5b5e03edaa5250b0
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-calendar-1.7.8…
e1a17720cb3e02365dfff9e827cbbc07
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-cs-1.7.5-4.5.i…
f39e3c1a52914234ecad41921f873107
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-deat-1.7.6-0.5…
56204c9d290201e272e4ec4e9facfacb
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-devel-1.7.8-5.…
d596bfa47dfdbab3b0875cb04c296572
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-dom-inspector-…
c1d2f354fa2a213ab5fce5a59db8b561
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-hu-1.78-0.6.i5…
f7870dc318dab84dc53c446460524eff
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-irc-1.7.8-5.13…
7ebe1eeba553ece769f914f7c09f2ba0
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-ja-1.7.7-0.6.i…
d53222a37715570d1db4b1baeb6f36ba
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-ko-1.75-0.6.i5…
b9a321e8fd0f67e677be6efc125359b2
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-mail-1.7.8-5.1…
8fcddcef60122566c180938c6bcd0b99
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-spellchecker-1…
4bb1efcd97b8066dd4913c9223d18dc8
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-venkman-1.7.8-…
51421590af63afa139ac0622a1baf684
SuSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/MozillaFirebird-1.0.7-…
4e53eabcd32f3abad4c3b1b5e407f318
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-1.7.8-22.i586.…
5371abafdf197f561b42cbb62a3955cd
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-calendar-1.7.8…
05af99fbab21e29a4dc20b5b3aa48350
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-cs-1.7.5-8.i58…
c99f2fb5bc86968de3e16f420923984c
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-deat-1.7.6-5.i…
ee755cccefdb8f16ddff4f636a26fe11
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-devel-1.7.8-22…
2029374bce342b76df4217dc3529b71d
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-dom-inspector-…
95db2c6e045a546811d35808c76431f1
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-hu-1.78-6.i586…
5b641188c547f742399c1fa1d3a1ba3c
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-irc-1.7.8-22.i…
19935f7e9f70ad9825f110cc8b7a8f36
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-mail-1.7.8-22.…
57e5689880bacdedc82874f66f51704a
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-spellchecker-1…
1f64833df09e7c5f17fa384ae392f943
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-venkman-1.7.8-…
20b1ecc87577dedaa7db1633e8e58bc5
Power PC Platform:
SUSE LINUX 10.0 OSS:
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/ppc/mozilla-1.7.11-9.2…
430e1c4f054bcb88b715b5ca34ba9725
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/ppc/mozilla-calendar-1…
95c070ad06d421ff645ed898fe4066c2
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/ppc/mozilla-devel-1.7.…
a57b62e27f94ae3156adfea528b55bc4
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/ppc/mozilla-dom-inspec…
fd030f1a7c191ea06c3c63300a52dd2c
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/ppc/mozilla-irc-1.7.11…
7394df9566dc9b52cdacdc6ae91cbaf4
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/ppc/mozilla-mail-1.7.1…
0515073dafedc53d0ec5d5c3b0cfa144
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/ppc/mozilla-spellcheck…
55d8e9f1d9110e965b5c6c7b84ca8c15
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/ppc/mozilla-venkman-1.…
493263b3ec34285c9bac277b99b762fc
x86-64 Platform:
SUSE LINUX 10.0 OSS:
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/x86_64/mozilla-1.7.11-…
f4069ccda839c1146e478e8927b42ae0
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/x86_64/mozilla-calenda…
e059af96039f550a0eb1dbdcaa51d691
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/x86_64/mozilla-devel-1…
eba511d40cc67672c9d4461b551543a1
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/x86_64/mozilla-dom-ins…
1afaabbf461d0d7d439861efd638bf82
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/x86_64/mozilla-irc-1.7…
13a5d28dffe9fb8f4eaee758a03d54c5
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/x86_64/mozilla-mail-1.…
01a2b53726e958516315bf2e11390fff
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/x86_64/mozilla-spellch…
5b5cdd12fc9002ca41cf3efcca1025f0
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/x86_64/mozilla-venkman…
02740535ecb1adc8534e4ebd2d28ced1
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-1.7.11-9.2.…
f4069ccda839c1146e478e8927b42ae0
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-calendar-1.…
e059af96039f550a0eb1dbdcaa51d691
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-devel-1.7.1…
eba511d40cc67672c9d4461b551543a1
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-dom-inspect…
1afaabbf461d0d7d439861efd638bf82
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-irc-1.7.11-…
13a5d28dffe9fb8f4eaee758a03d54c5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-mail-1.7.11…
01a2b53726e958516315bf2e11390fff
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-spellchecke…
5b5cdd12fc9002ca41cf3efcca1025f0
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-venkman-1.7…
02740535ecb1adc8534e4ebd2d28ced1
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-1.7.5-17.7.x…
ad132a0176b38d35aa5a59f5dddd48e9
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-32bit-9.3-7.…
3ca7760002db72b56644085727877b40
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-calendar-1.7…
87efa7a30315bcc8bdd2f580141f4ebe
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-devel-1.7.5-…
91e920dc2e883d38c0fe362cfeaaedb3
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-dom-inspecto…
ac3b0bbf03ded04a2b7e7991a724d59a
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-irc-1.7.5-17…
86afd380a362338baeb96ba1e1673071
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-mail-1.7.5-1…
3548f885148faf1d6d8f31a2149693c9
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-spellchecker…
ea4339aa06d16ef076193368be577788
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-venkman-1.7.…
d1f485c3cea08964be5cfc935d6476db
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/MozillaFirefox-1.0.7…
5cffdac01a15a951168244554255c832
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/MozillaFirefox-trans…
c49627cf05e2a069e3d540edc434da1f
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/epiphany-1.2.10-0.4.…
719c1d18b869185e45f349898ffaa4b0
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/epiphany-doc-1.2.10-…
597c527c061a6758b87bd392cc7e85fd
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/epiphany-extensions-…
99d2fad0d66ca029ae13606e0b38a678
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/epiphany-extensions-…
02e692e00a2401301e9dc8ea3eff25b1
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/galeon-1.3.19-6.2.x8…
7eb3ca48f665999523d3fe2ffa69fb99
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-1.7.2-17.14.…
28e756cebc948024d3d7eb19090fb8b8
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-calendar-1.7…
68388f461bf620f6b8050f706cfd87a4
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-devel-1.7.2-…
e2a710fc8344c9e96bd0dc11bccb5de2
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-dom-inspecto…
d10426280e0a7daafcad9c52f8cc90a6
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-irc-1.7.2-17…
24d8f99ca3b83f2f647e2e3a69814fbc
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-mail-1.7.2-1…
73ee0e42d82b38e3a1420e72366782b0
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-spellchecker…
1dd0a5bc9598750c6417afdf9eb89a2b
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-venkman-1.7.…
92fbc53b7e94cb6b736b134a201da6f0
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/MozillaFirefox-1.0…
00c2104c2a6cfced9254fd529e2a3eb0
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/MozillaFirefox-tra…
d9c05812c47c81d65664feb010af7891
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-1.7.8-5.13…
b630d42f44fa70f5c41216fc42beaa06
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-calendar-1…
9de2513892aed768d01ba77853400bf5
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-cs-1.7.5-4…
8298d98b7fd64707227b97ccf8e2ccf8
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-deat-1.7.6…
5b7c071a12a0867107dcdb4b26ea3965
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-devel-1.7.…
2c2c42b0f518a5e139338f0083073add
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-dom-inspec…
43924915be1555fa119bf8a0fb50ac39
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-hu-1.78-0.…
182349498b15b1c8cd1bfa6b7087a2a6
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-irc-1.7.8-…
af2a1dcacbda6ef35c456c4cf5be4729
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-ja-1.7.7-0…
cd694a201d6e9416be5634ff2b4ed08a
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-ko-1.75-0.…
e542067f8c9565e0e5ea018ae69a6eb5
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-mail-1.7.8…
78606b9b9a607dde560e7bc58047363c
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-spellcheck…
e669c013cd3a564909464d466cf004de
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-venkman-1.…
0ac108535f987e0d37fab840f24e820d
SuSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/MozillaFirebird-1.…
ee62a8fa3053951b7069a7523bac87bc
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-1.7.8-22.x…
59be47c90cc3a5134d6856df4a3453ad
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-calendar-1…
99b376ba53d6bce9e006cfb6b471843a
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-cs-1.7.5-8…
c85120938f7111382804d9ffeb7d80f2
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-deat-1.7.6…
952a6ba1d1c52fb715606570eeb4d69e
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-devel-1.7.…
b643663a2fd73baa85b1cb2a0388fb9f
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-dom-inspec…
a6d1b59b10bd06d0359a507401c2735b
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-hu-1.78-6.…
82d3508a125302620ba6762eeb0c76a4
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-irc-1.7.8-…
cb45dc7828a793cf841b4a26829a0b0a
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-mail-1.7.8…
b3c39f74bd1b3a6c3d28a9f47e590c8a
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-spellcheck…
5c8c42792d29095560b734109f37c01f
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-venkman-1.…
27eca70e1e49b9bcbea2c00fbdc6ca98
Sources:
SUSE LINUX 10.0 OSS:
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/src/MozillaFirefox-1.0…
d09caffc894595153a79d1b97f016954
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/src/mozilla-1.7.11-9.2…
d83a9eacb5faa1c095ab8158146f077b
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/MozillaFirefox-1.0.7-0…
d09caffc894595153a79d1b97f016954
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-1.7.11-9.2.src…
0be969f1998e2619aa06af9403fb1f71
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/MozillaFirefox-1.0.7-0.…
593d44805da6927c4f6d0f8baba9a39e
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/mozilla-1.7.5-17.7.src.…
9e3cb1bcc89d282ba1867778eb59cf41
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/MozillaFirefox-1.0.7-0.…
5d29e5a760c0c7c47294a64604a06cf0
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/epiphany-1.2.10-0.4.src…
345a1cd4936264eb420624bee8e117ec
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/epiphany-extensions-0.8…
51eb4a5a6dbc77afea461563493f590b
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/galeon-1.3.19-6.2.src.r…
886a6b86ffec1f3a513f49ef95321340
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/mozilla-1.7.2-17.14.src…
1bb1d4a94210c6dc7371fe09a8dfba98
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/MozillaFirefox-1.0.7-0.…
1f9d95f57d6a80a36dce9d8f84c3963a
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-1.7.8-5.13.src.…
80533e066eaed0a657bf5cb8e25234ab
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-cs-1.7.5-4.5.sr…
47220d851a53e7a63fbf12dea62b1cc6
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-deat-1.7.6-0.5.…
07c014a5492f61a68320863281db4c96
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-hu-1.78-0.6.src…
bdbc740b3c37c17103aa56d219351e4c
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-ja-1.7.7-0.6.sr…
14aecf150956f4635f021b64f554f78d
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-ko-1.75-0.6.src…
7a1ea397402d592477e5310a3250e549
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/MozillaFirefox-1.0.7-…
b77f775d1e92864fbe8023a24b1720e0
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-1.7.8-5.13.sr…
30b43409cd492ae0656d752732b95d86
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-cs-1.7.5-4.5.…
3c1170db7e139b7f6ea4e15784c8ff38
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-deat-1.7.6-0.…
bbc9ac1ef35c3d86103fa6fc6d7f8537
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-hu-1.78-0.6.s…
e43906af2dee9bf63a9e1089b8a3f368
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-ja-1.7.7-0.6.…
2a82cf5cbb535a285ce0ba81b9201c8c
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-ko-1.75-0.6.s…
45d09732344464d46c0dc702c7c543f0
SuSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/MozillaFirebird-1.0.7-2…
580b76681deef6804eab49cf69a173f3
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mozilla-1.7.8-22.src.rpm
34de2c3f3f025eebf20eaef3a67cd163
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mozilla-cs-1.7.5-8.src.…
0722c1ed3f1876b5aaeb9beb461ff94d
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mozilla-deat-1.7.6-5.sr…
d692de86ba4705d68b4601fe98ef9a34
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mozilla-hu-1.78-6.src.r…
67ee232260f2e968666ead52e61b0733
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/MozillaFirebird-1.0.7…
c2990ece2e6034aa2d3018f5bd715f0c
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mozilla-1.7.8-22.src.…
c94b039006cc2fa88d427892c02817bd
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mozilla-cs-1.7.5-8.sr…
b3de942cf3bca2fd421a9eea038b59f9
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mozilla-deat-1.7.6-5.…
23abbabf17c82104fc795dcaac639352
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mozilla-hu-1.78-6.src…
27827ab4dc20eba79ed514a0f6a40f92
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/4f19e198bd78960…
http://portal.suse.com/psdb/4f19e198bd78960e9bfc40d41f8aafae.html
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/5a2d044b1e43fb7…
http://portal.suse.com/psdb/5a2d044b1e43fb74c91034c754c71c07.html
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/b310b00e5cb76ad…
http://portal.suse.com/psdb/b310b00e5cb76adf21b02190e55fb6a2.html
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/8de3ea0ba7cd0da…
http://portal.suse.com/psdb/8de3ea0ba7cd0da892d902baee1e6d60.html
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBQzz/5Xey5gA9JdPZAQIODgf+ON5YV7r+Jv06IHHxJ737lfp4tv6nTu9y
wmUkcS52amcUH9gDVvgu8rLaD5YvtDi4mmZWUNtKqpw2kY9d1z/446piTCityu8c
8m2t9T/OWDPPxV5MB7XV86wRI6LEJlHJ239278RTR0tbWa4U1L8mHzwurNHWwGBw
jxLdYUuq6ci/oBqqoK2xpsjgMRHRjWSayXGkMzntLkfVe86OGOiwjsJ7dpC0cVe/
hVV+NqpgMYh6KTkY0UG1KHe3ImpvaYLJaY1M/JJWALpFRcJYgs6AMaW5MkI9IQaE
SKc2j10xpZKAtxBcJfysBzHXET4cI4M6/fe/Zy0rLFCMaW++BOwbRA==
=deqq
-----END PGP SIGNATURE-----
1
0
SUSE Security Announcement: opera remote script insertion (SUSE-SA:2005:057)
by Marcus Meissner 26 Sep '05
by Marcus Meissner 26 Sep '05
26 Sep '05
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: opera
Announcement ID: SUSE-SA:2005:057
Date: Mon, 26 Sep 2005 15:00:00 +0000
Affected Products: SUSE LINUX 10.0
SUSE LINUX OSS 10.0
SUSE LINUX 9.3
SUSE LINUX 9.2
SUSE LINUX 9.1
SuSE Linux 9.0
Vulnerability Type: remote code execution
Severity (1-10): 6
SUSE Default Package: yes
Cross-References: CAN-2005-3006
CAN-2005-3007
Content of This Advisory:
1) Security Vulnerability Resolved:
opera script insertion problems
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
This update upgrades the Opera web browser to the 8.50 release.
Besides the changes in 8.50 that are listed in
http://www.opera.com/docs/changelogs/linux/850/
following security problems were fixed:
1. Attached files are opened without any warnings directly from the
user's cache directory. This can be exploited to execute arbitrary
Javascript in context of "file://".
2. Normally, filename extensions are determined by the "Content-Type"
in Opera Mail. However, by appending an additional '.' to the end of
a filename, an HTML file could be spoofed to be e.g. "image.jpg.".
These two vulnerabilities combined may be exploited to conduct script
insertion attacks if the user chooses to view an attachment named
e.g. "image.jpg." e.g. resulting in disclosure of local files.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please restart running instances of Opera after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/opera-8.50-2.1.i586.rpm
14d5e5fa885cdcbfe295bf14e78cc597
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/opera-8.50-2.1.i586.rpm
d49cde72a2ca0a577b1f46d642177a2c
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/opera-8.50-1.1.i586.rpm
37d049f6e1c74d93d53c8369e3c7d38a
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/opera-8.50-1.1.nosrc.rpm
d186e1294cee84c3472df1ac84a3d6a2
SuSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/opera-8.50-3.i586.rpm
c9e8a2b20726590afafed2acf33878e5
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/opera-8.50-3.nosrc.rpm
ba618d920bd3c67198a6cfe81417f505
SUSE LINUX OSS 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/opera-8.50-2.1.i586.r…
f6fd16f597c24c44ff22d3079d67bf04
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/opera-8.50-2.1.nosrc.r…
f4d1a6f0d53de4d0a3c66342b39a1090
x86-64 Platform:
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/opera-8.50-2.1.x86_6…
5e7cc77dffeeb6f7f49040fe57a24436
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/opera-8.50-2.1.nosrc.rpm
51bdcf29e4838f37c513db2fda7ce4cb
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/opera-8.50-2.1.x86_6…
92ae1f3adca409fc7504f75eb9a048cd
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/opera-8.50-2.1.nosrc.rpm
0068542ea265d222909b1a7afb2efd5d
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/opera-8.50-1.1.x86…
26e585d3cd1b813a5fc5905d00ea8c41
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/opera-8.50-1.1.nosrc.…
e1d6ab204a6b53257f883e0319001862
SuSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/opera-8.50-3.x86_6…
eb553979fd5085a91fa2d31faff03f8f
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/opera-8.50-3.nosrc.rpm
6495e097ae44fb75e9db8407bc2ce793
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/opera-8.50-2.1.x86_…
150053c82d63a0e33472eaa656417b32
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/opera-8.50-2.1.nosrc.r…
db1da6ab611d0c70f46602585d0868d4
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBQzgIC3ey5gA9JdPZAQIMZwf+NeomwRfdx1Emj1WdFL9UibePgJORmLr/
Eg/SFXZnpl8Vzq/0MFZ4uV1kBAyRKuY9CGv1mTAHF9u+6CFEiRUEaDlkI9oZfZzn
OeIaeW0e96CTButsVNGc40LaOHk+OZsZHsg1WDLnR4T49fh0fN3oMSg14aFRGllX
32axj+Sa21s926465zlnVPWyM/wchpCOXHbnXT3Q0yMIV7kr/QjTrC0eyMOmfTAO
FgZbssUrEPTUvqSVcRki6XqlKmAVt7DuqspdnOTkeBQVVYQYcjAbuQKtF7QudtwM
CEqqiyqlBWL+mYhRIDK5YaXSk2b2eSdXxV+tvx1qJXb5EWm7oEqf4w==
=/IqC
-----END PGP SIGNATURE-----
1
0
SUSE Security Announcement: XFree86-server,xorg-x11-server (SUSE-SA:2005:056)
by Thomas Biege 26 Sep '05
by Thomas Biege 26 Sep '05
26 Sep '05
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SUSE Security Announcement
Package: XFree86-server,xorg-x11-server
Announcement ID: SUSE-SA:2005:056
Date: Mon, 26 Sep 2005 14:00:00 +0000
Affected Products: SUSE LINUX 9.0, 9.1, 9.2, 9.3
SUSE Linux Desktop 1.0
SUSE Linux Enterprise Server 8, 9
Novell Linux Desktop 9
Vulnerability Type: remote command execution
Severity (1-10): 9
SUSE Default Package: yes
Cross-References: CAN-2005-2495
Content of This Advisory:
1) Security Vulnerability Resolved:
pixmap integer overflow
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
none
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The X server memory can be accessed my a malicious X client by exploiting
a missing range check in the function XCreatePixmap(). This bug can probably
be used to execute arbitrary code with the privileges of the X server (root).
2) Solution or Work-Around
There is no work-around known.
3) Special Instructions and Notes
Please restart your X system completely. (Logout of your Windowmanager,
run "init3;init 5" as root on a console.)
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/xorg-x11-server-6.8.2-…
dc41dbe04424ef869811323b76c567ef
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/xorg-x11-server-6.8.2-…
cb854e1f0042916a731e2fce9028fcc5
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/xorg-x11-6.8.2-30.4.src…
ca3baf4c2d1df7bfcb0af630bbef1a6d
SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/xorg-x11-server-6.8.1-…
a08df5563bc23ce0a304a488657f1d53
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/xorg-x11-server-6.8.1-…
9739cdfa5157b5aa9ba5f0a21129edfd
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/xorg-x11-6.8.1-15.9.src…
de447aaeae832d524d1b292e83a9e6aa
SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/XFree86-server-4.3.99.…
c101e4dfb938ab0b6afb4e480971cb98
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/XFree86-server-4.3.99.…
9117e86e254c3a6ebf73395307382179
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/XFree86-4.3.99.902-43.5…
ec3f9bfed9da411ddbc55f8f3bc48729
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/XFree86-server-4.3.0.1…
d85636745eefd2fe67d4ef0d7491bd44
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/XFree86-server-4.3.0.1…
a205fbaef7d98c3ce599f71f8dd51864
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/XFree86-4.3.0.1-60.src.…
3c5c345435ff6310ce8479497a6a80af
x86-64 Platform:
SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/xorg-x11-server-6.…
15895f47f57e2507e8d5ae4e854c3e3a
patch rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/xorg-x11-server-6.…
6e58d518d719d901fe4b41ba1a2bd8fa
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/src/xorg-x11-6.8.2-30.4.s…
ca3baf4c2d1df7bfcb0af630bbef1a6d
SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/xorg-x11-server-6.…
f6c86f558fd5ae340f98eb85cbcb5d8d
patch rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/xorg-x11-server-6.…
2393163cd16ec2db996f927121f5b6a7
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/src/xorg-x11-6.8.1-15.9.s…
de447aaeae832d524d1b292e83a9e6aa
SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/XFree86-server-4.3…
9b8f7d8ef0992b6664071f8416243c25
patch rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/XFree86-server-4.3…
918bad600f482fd524da5efc8f7aeb7a
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/XFree86-4.3.99.902-43…
0cd5570ed44f6dcf2dcfaf28dd1d29f5
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/XFree86-server-4.3…
fbb16e807e443d1176e346f500abe14f
patch rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/XFree86-server-4.3…
69c56321cba9860b092183f78bdf9d85
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/XFree86-4.3.0.1-60.sr…
0e6a2a4f3a79421c9ab7042f3500e109
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/6b16ab65d43c461…
http://portal.suse.com/psdb/6b16ab65d43c461fec64068bc1210288.html
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/3d6df3814d44ff2…
http://portal.suse.com/psdb/3d6df3814d44ff22980e1553b6d66fab.html
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
none
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iQEVAwUBQzftKney5gA9JdPZAQHnaQgAnUoTfWcnHJxKTFjPWcUJX1EDWQjukiQB
knQ4CIhQzMUB4qwa0Wro/tiZP1byO+Qm/GX37b63jcTXLjAy+1yntRvGXINPxghS
i/dK4O1wKZdllQBPGaTsHjn7jlVQfC4QNh3fzyFoguYuipRZr2PeGHoBiCEZVUrn
tIFBp4Um/c1kvRBh/grhlVYe6Hm/WpGSN3F7hHwX9AFZlVxXIK825WITKRaN0Ce5
8knKkA5BXqg1RtDY2j7P85LNlPZDgPOjywCmGywQwjllk4SYx2AX1fuqPfoMooI+
+zEVV9OY2RkUlwnQkLN94ArXaerUbcmMPBSZ3158eTAwSk9DL8kX7A==
=BkY5
-----END PGP SIGNATURE-----
1
0
SUSE Security Advisory: clamav remote code execution (SUSE-SA:2005:055)
by Marcus Meissner 26 Sep '05
by Marcus Meissner 26 Sep '05
26 Sep '05
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: clamav
Announcement ID: SUSE-SA:2005:055
Date: Mon, 26 Sep 2005 12:00:00 +0000
Affected Products: SUSE LINUX 9.1, 9.2, 9.3, 10.0
SUSE Linux Enterprise Server 9
Vulnerability Type: remote code execution
Severity (1-10): 5
SUSE Default Package: no
Cross-References: CAN-2005-2919
CAN-2005-2920
Content of This Advisory:
1) Security Vulnerability Resolved:
clamav problems in UPX and FSG EXE compressors
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
This update upgrades clamav to version 0.87.
It fixes vulnerabilities in handling of UPX and FSG compressed executables,
which could lead to a remote attacker executing code within the daemon
using clamav.
These are tracked by the Mitre CVE IDs CAN-2005-2919 and CAN-2005-2920.
Also following bugs were fixed:
- Support for PE files, Zip and Cabinet archives has been improved and
other small bugfixes have been made.
- The new option "--on-outdated-execute" allows freshclam to run a command
when system reports a new engine version.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Make sure you restart all daemons linking against the clamav engine directly
after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/clamav-0.87-1.1.i586.r…
6c55b69bec8ac76df879610e398c57f5
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/clamav-0.87-1.1.i586.r…
51e99e851de3af05a1e10ce5d21d0f8d
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/clamav-0.87-1.2.i586.r…
243b8a505a83a1fe449961a1b6dfcff3
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/clamav-0.87-1.2.src.rpm
95eeec2ea8731c364b10eb50b1d200b9
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/clamav-0.87-1.1.i586.…
45c46b8f2ebb6a097ec253a4f930ee9d
Power PC Platform:
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/ppc/clamav-0.87-1.1.pp…
2ba2c1b077598f08c24e4b8d5edee68c
x86-64 Platform:
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/clamav-0.87-1.1.x86_…
db4063e9b447132b6b6fe780d6af54da
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/clamav-0.87-1.1.src.rpm
d46fadec2816d9577979b67a7f66c282
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/clamav-0.87-1.1.x86_…
60b1f27bad3ef7b857bae850c866b011
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/clamav-0.87-1.1.src.rpm
667c9deb85b25b20dbf01c2b6095791f
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/clamav-0.87-1.2.x8…
fcfc56602da9cb6f7442ba52561d8701
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/clamav-0.87-1.2.src.r…
a3a648d1657d1a90132af05996c18241
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/clamav-0.87-1.1.x86…
a40edb865bcd89b302969b1b7df8ead6
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/clamav-0.87-1.1.src.rpm
e384d8586359dfe548fdc96a4d9f7700
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/3952d0ed7bf90e0…
http://portal.suse.com/psdb/3952d0ed7bf90e0e933aa1ba609705c2.html
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBQzfTaney5gA9JdPZAQKF1wgAgl+IzNxP8Etn1X1qSdNvvbMgIKsSg9Jc
yCVjKswJXh1fAykR24OVErjsCr8uwBpky8kbn61lYKAG3ZSzbori+WtQtk9APdI/
ZuQbGBAlUHkPMzgkw4Ef5x9mWBxJhjnsrr2dyoBmKxdOM11bUeAt/yP9JjpyAKv8
AeJ8PaXXAY+xgstBVoMpPDAvqg3XZYkgYRJrglLnzjEllHcIIEMAdZF5QXfAfMlm
Odk6ZE+QeUcXcgp1r6Cs4DERWLJq/wWYY/FlvFACM79IRlp7FDhQXRFHXuWTG1hx
KLZ4E+sXRx+tbbt/gEZm1IwNDOYtm9bbeAlAYatXJLJEcAr2mXTFpA==
=E8mw
-----END PGP SIGNATURE-----
1
0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: evolution
Announcement ID: SUSE-SA:2005:054
Date: Fri, 16 Sep 2005 13:00:00 +0000
Affected Products: Novell Linux Desktop 9
SUSE LINUX 9.2
SUSE LINUX 9.3
Vulnerability Type: remote code execution
Severity (1-10): 6
SUSE Default Package: yes
Cross-References: CAN-2005-2549, CAN-2005-2550
Content of This Advisory:
1) Security Vulnerability Resolved:
evolution format string bugs
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
- See SUSE Security Summary Report
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
Several format string bugs allowed remote attackers to cause
evolution to crash or even execute code via full vCard data, contact
data from remote LDAP servers, task list data from remote servers
(CAN-2005-2549) or calendar entries (CAN-2005-2550).
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please close and restart all running instances of evolution after
the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/evolution-2.2.1-7.4.i5…
efce1fe443ee6ed166b54b1a5e3b98d5
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/evolution-data-server-…
40a63375e5251616fbc09eb60af677c0
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/evolution-data-server-…
d2402cf9eb95f22f4a51ef2649f16c85
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/evolution-devel-2.2.1-…
3859e68fc6cb698320eb79eae81b4539
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/evolution-pilot-2.2.1-…
31492dd7d6e1b033adbd2bc6a3db2b9f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/evolution-data-serve…
08122624504e8bd0e2761e1ca628ddb6
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/evolution-2.0.1-6.8.i5…
fdf65a48e6cbc5b6643c50c4eef5ae5a
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/evolution-devel-2.0.1-…
5050f1a2f4291f0a5c6b6fdf12c1fe81
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/evolution-pilot-2.0.1-…
d64777fb32d0693af25d8e79e7fc9775
x86-64 Platform:
SuSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/evolution-2.2.1-7.4.…
7afad6527cf6975154de0d30954a089e
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/evolution-data-serve…
c986668e572836b02e8329d438fd366b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/evolution-data-serve…
b8bd4014dbf302a1b1a87ebf5a0df0f3
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/evolution-devel-2.2.…
b8104af8109a4d87cf90498af3fdc715
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/evolution-pilot-2.2.…
d17145cd0fcb2d54169a185a990c3c65
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/evolution-2.2.1-7.4.src…
2fe71a8fd727fe03b7f6e1a3604b4528
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/evolution-data-server-1…
e8fa87abca06e333bc6ceb16db771124
SuSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/evolution-2.0.1-6.8.…
ed6ab2108d1a2f7325f582455e2cec87
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/evolution-devel-2.0.…
df0b35e88427feec0724857b9d6af05d
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/evolution-pilot-2.0.…
c7e60d7e67d51d89608da804c5d1b9cf
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/evolution-2.0.1-6.8.src…
0365c61c839221763ff51d9594e5a765
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/c4057f5954b5370…
http://portal.suse.com/psdb/c4057f5954b5370db387b3407e4a9192.html
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
- See SUSE Security Summary Report
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBQyq7nXey5gA9JdPZAQLC7wf/cqczXqVwz+fZQR/WwTXO2Lu6c+thIv7K
y/XkvywyM2N9h49K64oD3sfpQcPYyh/gn2oHpEIzBUhNPCn4dqm5DGoWC6FGq8nU
25xQ1Cze+YU+9dWBO3JIRaYhCN2cUbTTjq9gXs3SEHMfA71z4UshOaajMvk+q9ZY
zDdRxeMA01rXdEmlKs/pNwITjQotBTaheWhb8KLWrpKAYDQkxpW8Td47kHFU9nML
pO9sq4EkZ+4Bcrg3y4Eg1e3zbII42jAidg56bXMAaYyetW+Oi/XgO07eoMFkyYd+
fzijgCkB8uaCL0NICfE5Z7w9qN+2TMCGQOj1uH7ypvj4/SR0wVxLsw==
=UKTf
-----END PGP SIGNATURE-----
1
0
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SUSE Security Announcement
Package: squid
Announcement ID: SUSE-SA:2005:053
Date: Fri, 16 Sep 2005 14:28:00 +0000
Affected Products: 9.0, 9.1, 9.2, 9.3
SUSE Linux Enterprise Server 8, 9
Open Enterprise Server 9
Vulnerability Type: remote denial of service
Severity (1-10): 4
SUSE Default Package: no
Cross-References: CAN-2005-2794
CAN-2005-2796
Content of This Advisory:
1) Security Vulnerability Resolved:
- remote denial of service
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Workarounds:
none
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
This update of the Squid web-proxy fixes two remotely exploitable denial
of service vulnerabilities.
One can be triggered by aborting a request (CAN-2005-2794) due to a faulty
assertion.
The other one occurs in sslConnectTimeout while handling malformated
requests (CAN-2005-2796).
The latter one does not affect SUSE LINUX 9.3.
2) Solution or Workaround
There are no workarounds known.
3) Special Instructions and Notes
Please restart the Squid web-proxy after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web.
x86 Platform:
SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/squid-2.5.STABLE9-4.4.…
eea572b10ecf573753af16ecf1fbdaa7
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/squid-2.5.STABLE9-4.4.…
becf331a849332d734d72f90801d8338
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/squid-2.5.STABLE9-4.4.s…
8c0ffeccd0c8fd64418164f275adbd27
SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/squid-2.5.STABLE6-6.15…
93720922d4f7ae4370b2c4e493fae592
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/squid-2.5.STABLE6-6.15…
9e4d07f1f11c8c1cbf7564c8d2164ca7
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/squid-2.5.STABLE6-6.15.…
236cb11582b4983350ef81e5e8508c39
SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/squid-2.5.STABLE5-42.4…
dc9848a817367dfe278a6f3954c6677f
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/squid-2.5.STABLE5-42.4…
5c534d9df125a3ff02c5fa32bf216f64
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/squid-2.5.STABLE5-42.41…
4dd683495e578ec59bd34260caf9a565
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/squid-2.5.STABLE3-126.…
6d094da21806166dde5f6da8307ca2a2
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/squid-2.5.STABLE3-126.…
02172274b15a28b918c54d470203d029
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/squid-2.5.STABLE3-126.s…
3cfae65a6cee24e6cfe8adc4226fa601
x86-64 Platform:
SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/squid-2.5.STABLE9-…
d07ae04a018a3abb082cd0b130c145a0
patch rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/squid-2.5.STABLE9-…
cbcb39ccc9ee0340692ae3cf048453ff
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/src/squid-2.5.STABLE9-4.4…
8c0ffeccd0c8fd64418164f275adbd27
SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/squid-2.5.STABLE6-…
915b0b2955f878a2e89b171d1335274c
patch rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/squid-2.5.STABLE6-…
c488ab4031de911b6675a785a4d2a4dd
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/src/squid-2.5.STABLE6-6.1…
236cb11582b4983350ef81e5e8508c39
SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/squid-2.5.STABLE5-…
6fc9746898681ee217f884f6aaca8e68
patch rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/squid-2.5.STABLE5-…
37ada616c159242b53e2dfbf5f94597c
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/squid-2.5.STABLE5-42.…
310321fd1232ea45ccb06fd5b24ba664
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/squid-2.5.STABLE3-…
f39071c7802d8bb77ed00038e095a6af
patch rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/squid-2.5.STABLE3-…
05f996332331ddebf848cc2726fcbc87
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/squid-2.5.STABLE3-126…
3c7e8fc9a5e0cf4c6638d57fed2fdf53
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Workarounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iQEVAwUBQyq803ey5gA9JdPZAQHlrgf9Hft0fRxo23f+I7UvrY+JimUMzjq7//TB
robXj4r96MdI4jWOOk+0pzi2dQy1LHkHv/UQBKYAWdZvKvDRYtehvUKFFFI0ALS+
yaEWsfIAiGGrQZllqYOIKDd+bpwVSrD80xS5nsKz7C0D1EX25XmyxothbjRNWUOm
KBkD1zwbUzTH02qS+473uW1uZc+GpHuqt8sVOFGkYC13Sk5KGqTWQI3E00/116Fk
wYfq6gppi7Uwqv8qE3BCkbVi/jqgIRgdp2lcNlq9jDJKE7x9Ve3VzfDjges5MFMA
STdqeoTwqppS8ODIcDCQJK0lGr1C7QwSl4nX8PmQ2ZDy7H8276PSWw==
=jO0s
-----END PGP SIGNATURE-----
1
0
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SUSE Security Announcement
Package: apache2
Announcement ID: SUSE-SA:2005:052
Date: Mon, 12 Sep 2005 09:00:00 +0000
Affected Products: 9.0, 9.1, 9.2, 9.3
SUSE Linux Enterprise Server 8, 9
Open Enterprise Server 9
Vulnerability Type: local command execution, authentication bypass,
memory consumption
Severity (1-10): 5
SUSE Default Package: yes
Cross-References: CAN-2005-2491
CAN-2005-2728
CAN-2005-2700
Content of This Advisory:
1) Security Vulnerability Resolved:
- integer overflow in PCRE
- memory consumption bug in byterange splitting
- SSL client-certificate authentication bypass
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
none
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
PLEASE NOTE: This advisory is a re-release of SUSE-SA:2005:051 with a
new SA ID because the ID SUSE-SA:2005:051 was already used.
This update of apache2 fixes an integer overflow in the PCRE quantifier
parsing which can be triggered by a local untrusted user by using a carefully
crafted regex in a .htaccess file to execute arbitrary code. (CAN-2005-2491)
A memory consumption bug in the byterange handling code (CAN-2005-2728)
was fixed.
And a flaw in mod_ssl which allows to bypass the client-certificate
authentication in a vhost context (CAN-2005-2700) was solved.
2) Solution or Workaround
There are no workarounds known.
3) Special Instructions and Notes
Please restart the Apache web server after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web.
x86 Platform:
SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-2.0.53-9.5.i58…
a240d419004e61a3c94208bc297ffb5b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/libapr0-2.0.53-9.5.i58…
6084268b6e5b47130846f69555485a54
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-worker-2.0.53-…
b66c2ba932bddc7d5d7b6193500f5a2b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-prefork-2.0.53…
8cf9d900a458eaf328ad7e5475b06098
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-devel-2.0.53-9…
ccd9f70705c6d171e4989140cdab73f0
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-2.0.53-9.5.i58…
f67b79935f4b65789ddca57902b17786
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/libapr0-2.0.53-9.5.i58…
2c88ae4c308184d2433fa4e3c1812cde
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-worker-2.0.53-…
3579b413ec105c2de9ccf3fe45d067f7
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-prefork-2.0.53…
6f54201023745d49189cf1b32692b192
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-devel-2.0.53-9…
fb7d8de4c15b248fd72649a31e48c44b
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/apache2-2.0.53-9.5.src.…
78e432f045b43ca1d62afd9d44d96ab0
SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-2.0.50-7.7.i58…
99b8339418a1e641bd2fffd7fa94ddb4
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/libapr0-2.0.50-7.7.i58…
dc24744dd9212dd9fa788cbe568369fe
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-worker-2.0.50-…
bb84d16ffa1863a3421f7c3b8770f55b
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-prefork-2.0.50…
db4a38f8922eba3be59954c311b00de7
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-devel-2.0.50-7…
c5423ce0e107b1b8e4b015ffd25f5566
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-2.0.50-7.7.i58…
88aa0c386dce473cf0521345a999c932
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/libapr0-2.0.50-7.7.i58…
f0683744ed767289109406441ea7e4ea
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-worker-2.0.50-…
f680997a55ec3bcdaad8694b3aa5ecbc
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-prefork-2.0.50…
1ff03c55df428f8e71c205fa600b3d7e
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-devel-2.0.50-7…
036c6e06fb97ef635fb835116b33103d
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/apache2-2.0.50-7.7.src.…
84d688673cabbf8b319cafc019dd795b
SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-2.0.49-27.34.i…
4fe736dedb51da0df880612571a4bbc0
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libapr0-2.0.49-27.34.i…
52df06eed158aa8b0cec885d92f103cf
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-worker-2.0.49-…
6fe17a0f1f3a770e9ae8e680e411db99
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-prefork-2.0.49…
c7ae2f36175f28a041961e8a50f4753c
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-devel-2.0.49-2…
ca9f6a43373627af3cb1ddc296175ebe
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-2.0.49-27.34.i…
d02098187f6ea05bb5bdf91fbf072457
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libapr0-2.0.49-27.34.i…
ac3187c44fe0cae9fbd74c7b228df60a
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-worker-2.0.49-…
14838a3ea06746a4beb6a4e5f4a0a9e8
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-prefork-2.0.49…
4cb390242eb43a46532f6fdf7f0420b4
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-devel-2.0.49-2…
ef53edc46eb040e7dd11356c926a8bf5
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/apache2-2.0.49-27.34.sr…
f7e6698966a0f65a07aade7d9e369269
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-2.0.48-155.i58…
807308aa43e757cfdf21073d6aa137f7
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/libapr0-2.0.48-155.i58…
1a7af28c99748ac8b9995a3c786cd066
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-worker-2.0.48-…
78fba9bf9b95ac4627d74d15d4b155f4
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-prefork-2.0.48…
cd1e5cc7e4a0cf85cb188e49dfbccdc2
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-devel-2.0.48-1…
3ea067001e1978cd0a5652d29ac1aa3d
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-leader-2.0.48-…
5b92673c9bd200792ccf57b36a76f1a5
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-metuxmpm-2.0.4…
d1aa4577b80d7202d2873fc60d779889
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-2.0.48-155.i58…
9a23aaf0e488b5c8edb61062d69fb425
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/libapr0-2.0.48-155.i58…
09e8a34d4138be61c48d61a12e9281b8
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-worker-2.0.48-…
39e0a2070d88a9edea81118250cc6bed
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-prefork-2.0.48…
f8212bfb1c488a6d53d00726e5158858
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-devel-2.0.48-1…
6132f24e5a56d678550851ad7088b0b7
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-leader-2.0.48-…
cb04a0221afe61a06c302d2fdd1bb883
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-metuxmpm-2.0.4…
51d3d131014076252bcab6744f935bcf
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/apache2-2.0.48-155.src.…
af3ad54cf46206e152eba60c9117fb0e
x86-64 Platform:
SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-2.0.53-9.5…
85b907f4d5a2ec7bd27497aedac4c47e
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/libapr0-2.0.53-9.5…
15aa356ae44de0930c318227cb10829b
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-worker-2.0…
881993b3901d83a96743057cf761c076
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-prefork-2.…
783f0f9bb1cbf75883f414d4a5386fdb
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-devel-2.0.…
a69631d3a1e50e89203ce145f67ecb24
patch rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-2.0.53-9.5…
3600699732c5033e9904667311720bb4
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/libapr0-2.0.53-9.5…
06fef852a80007dace6f79c88b5a70c5
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-worker-2.0…
3f6c720b867d09826e83050bfbac866b
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-prefork-2.…
39d58d57fe57f00faaf9c1c1259ebb1f
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-devel-2.0.…
64682ae163dad142e07bc1e6ea6b136d
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/src/apache2-2.0.53-9.5.sr…
78e432f045b43ca1d62afd9d44d96ab0
SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-2.0.50-7.7…
82797e22daf1b7e45f19f76b1bbb2f2a
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/libapr0-2.0.50-7.7…
2315bf905e875d4bd18df0fea9791ed2
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-worker-2.0…
7d7f9d6d2542ba689b08dd9e39d5378f
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-prefork-2.…
31fb42fb5888b83a5539dad2f375dfb1
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-devel-2.0.…
929c857dc61df1f3923d6e4348ed8036
patch rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-2.0.50-7.7…
d3583d0536314cf3c251ebb8f651270b
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/libapr0-2.0.50-7.7…
b4f2c134ed3becd179429e9aee4794aa
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-worker-2.0…
389ffba19d5e79f8433c06210b9b6a47
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-prefork-2.…
5877685363ba342c48b6786e8006bf46
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-devel-2.0.…
2f40f2eb81881bd1f43246eed07cf998
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/src/apache2-2.0.50-7.7.sr…
84d688673cabbf8b319cafc019dd795b
SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-2.0.49-27.…
eaabd50f11cb054e1bc312e6c3c4d77c
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libapr0-2.0.49-27.…
b01ef03e4d893483b731cf52f953b99d
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-worker-2.0…
0ad003dc0ac805a939b1fd582750f24f
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-prefork-2.…
4035479cecb2a8974eb5520c03bacd44
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-devel-2.0.…
f02d5e885195dfef2f290f0960e91da9
patch rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-2.0.49-27.…
87e46223583fad63819e12e8a7d80f7f
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libapr0-2.0.49-27.…
2a23e71a8807111fc3007809af259786
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-worker-2.0…
3f298e957f5071e0d9ea3a4fae438701
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-prefork-2.…
10455ff34e03fde9dba013fbe203087e
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-devel-2.0.…
3aac1003eb82a13c4760742bd2831ccf
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/apache2-2.0.49-27.34.…
3b809b2754a78471090157c04b08c3e2
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-2.0.48-155…
d6b39a54ebfbdc9d5a9c9fa72b842d4c
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/libapr0-2.0.48-155…
d2592d72f35ca1cf0d2dca098fd51b40
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-worker-2.0…
f6664337bbfeba977b83097fa07b55d9
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-prefork-2.…
7c804a339ee05b6282db5ac9a5cd8ac0
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-devel-2.0.…
9d493ef6d3ae7bd395369405efb4135d
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-leader-2.0…
4afef015d327ee6e4df071e92441b0cd
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-metuxmpm-2…
96897499420e553ba4ac97a821082530
patch rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-2.0.48-155…
c70d2452cca409c3d46d008bbd56a444
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/libapr0-2.0.48-155…
f91808259c4b87dfd3333360efbce9ff
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-worker-2.0…
53149c85a2a09b2732986d1e548e4635
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-prefork-2.…
8e6fa8a245d4e1c2e7c0f3e7003cd567
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-devel-2.0.…
60250857238c01c3f3524817e608fb60
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-leader-2.0…
5acdeba16329ccbdefcd4d9d05284e61
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-metuxmpm-2…
b712fd7071094be210ab0a5651c22fa2
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/apache2-2.0.48-155.sr…
3c2acceb99e8916f24d636607ae8d68e
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Workarounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iQEVAwUBQyq6x3ey5gA9JdPZAQGEOAf+IhzfvBvUoE2m58AKv7deDFnZdHsEiPSJ
Ir7EfedFCSBS83LFBzqK5VH8cAEK84y6CdJl9NPz3Snkk+GfsFetBERjLbv4ziAi
+DCBblu7F1eryKcCWFkra50xyvN0PDQZAIAmVGxHKjIB/rpF73+9a63tEbuTu2JA
r0hWLMfA2fe0/YIxtgpnaSg9krpgilxooATXFPKrXLlY2dKUjpsNwscDCF9s1akD
grwAy6HqLh/FI3ZRZSiVL223ype+l+3WNVX6kRaYeTSl56fgI5VwfKOsThnrVerp
gmpWd0SVG2EzcilFVjRiCRpQj4bJY6HtMwbnVd1EnBX6V64U3PCA2g==
=uDMc
-----END PGP SIGNATURE-----
1
0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2005:020
Date: Mon, 12 Sep 2005 13:00:00 +0000
Cross-References: CAN-2005-2626
CAN-2005-2627
CAN-2005-2069
CAN-2005-2531
Content of this advisory:
1) Solved Security Vulnerabilities:
- kismet remote buffer overflow
- openvpn denial of service attack
- gaim AOL bugfix
- ldap TLS forwarding problem
- kaudiocreator cddb file overwrite problem
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
- evolution format string problems
- Mozilla "Host:" overflow problem
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for minor
issues, SUSE Security releases weekly summary reports for the low profile
vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums
or download URLs like the SUSE Security Announcements that are released for
more severe vulnerabilities.
Fixed packages for the following incidents are already available on our FTP
server and via the YaST Online Update.
- kismet remote buffer overflow
This update fixes two buffer overflow bugs in kismet that could
probably be exploited to execute commands remotely.
This issue affects SUSE Linux 9.0 up to 9.3 and is tracked by the Mitre
CVE IDs CAN-2005-2626 and CAN-2005-2627.
- openvpn denial of service attack
A denial of service problem was fixed in openvpn:
With disabled TLS authentication a malicious client could close
OpenVPN connections of other clients.
This is tracked by the Mitre CVE ID CAN-2005-2531 and affects SUSE Linux
9.0 up to 9.2.
- gaim AOL bugfix
This update fixes a problem with an earlier GAIM security update which
broke the AIM protocol.
The bug affected SUSE Linux 9.0, 9.1 and 9.2.
- ldap TLS forwarding problem
A security update was released for openldap2 and pam_ldap.
This update adds a missing feature to the TLS support. Previously it was
possible that a password was sent in clear text over the network even with
TLS support when the connection was redirected to a slave LDAP server.
This issue is tracked by the Mitre CVE ID CAN-2005-2069.
All SUSE Linux products were affected by this issue.
- kaudiocreator cddb file overwrite problem
A bug in kaudiocreator was fixed which allows to overwrite files
with the privileges of the user running kaudiocreator by placing
'/../../' in the title of a CDDB entry (used by default).
No Mitre CVE Entry up to now.
2) Pending Vulnerabilities, Solutions, and Work-Arounds
- evolution format string problems
Format string problems were reported in the evolution mail client.
We are preparing updates for this issue.
- Mozilla "Host:" overflow problem
A buffer overflow in the IDN handling was announced for Mozilla based
browsers.
We are preparing updates for this issue.
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and integrity of a
package needs to be verified to ensure that it has not been tampered with.
The internal RPM package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on RPMv4-based
distributions) and the gpg key ring of 'root' during installation. You can
also find it on the first installation CD and included at the end of this
announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ)
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBQyWFdHey5gA9JdPZAQJOFwf9Eg5EtaSOmdmW7UOhpVYOWgoWwCYHNlJ7
bxD229QWzztAjy1ciblpUQ+ww3g6kshmcwOjE1sH0/fdiAQe4HycRXgL+vpFTMqq
nEa3wxDiWfKvVJXORKMdmElB8HTvWpJnRlvnSPm3rvSUF7UCTUfU35A+CfYnG/FW
YIC0vxoDlVrqs1UZSsFh7ci5xWp7cLiWgZ2HhRhQC0Vz2TqoPqh9OpUEZEEicGpN
fHIDAKzrd0cJ7wmZnDMIpoWBJ+UEsJ93/9ClNPNOggpoZoUyWwct0IQmk1JIbEsg
z+RN9wozk7k6tn7GhLNUj0Eob3Rf0LATGbKSDt4mgjTpAbbkI1l8Dw==
=w6Po
-----END PGP SIGNATURE-----
1
0
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SUSE Security Announcement
Package: apache2
Announcement ID: SUSE-SA:2005:051
Date: Mon, 12 Sep 2005 09:00:00 +0000
Affected Products: 9.0, 9.1, 9.2, 9.3
SUSE Linux Enterprise Server 8, 9
Open Enterprise Server 9
Vulnerability Type: local command execution, authentication bypass,
memory consumption
Severity (1-10): 5
SUSE Default Package: yes
Cross-References: CAN-2005-2491
CAN-2005-2728
CAN-2005-2700
Content of This Advisory:
1) Security Vulnerability Resolved:
- integer overflow in PCRE
- memory consumption bug in byterange splitting
- SSL client-certificate authentication bypass
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
none
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
This update of apache2 fixes an integer overflow in the PCRE quantifier
parsing which can be triggered by a local untrusted user by using a carefully
crafted regex in a .htaccess file to execute arbitrary code. (CAN-2005-2491)
A memory consumption bug in the byterange handling code (CAN-2005-2728)
was fixed.
And a flaw in mod_ssl which allows to bypass the client-certificate
authentication in a vhost context (CAN-2005-2700) was solved.
2) Solution or Workaround
There are no workarounds known.
3) Special Instructions and Notes
Please restart the Apache web server after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web.
x86 Platform:
SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-2.0.53-9.5.i58…
a240d419004e61a3c94208bc297ffb5b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/libapr0-2.0.53-9.5.i58…
6084268b6e5b47130846f69555485a54
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-worker-2.0.53-…
b66c2ba932bddc7d5d7b6193500f5a2b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-prefork-2.0.53…
8cf9d900a458eaf328ad7e5475b06098
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-devel-2.0.53-9…
ccd9f70705c6d171e4989140cdab73f0
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-2.0.53-9.5.i58…
f67b79935f4b65789ddca57902b17786
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/libapr0-2.0.53-9.5.i58…
2c88ae4c308184d2433fa4e3c1812cde
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-worker-2.0.53-…
3579b413ec105c2de9ccf3fe45d067f7
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-prefork-2.0.53…
6f54201023745d49189cf1b32692b192
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-devel-2.0.53-9…
fb7d8de4c15b248fd72649a31e48c44b
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/apache2-2.0.53-9.5.src.…
78e432f045b43ca1d62afd9d44d96ab0
SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-2.0.50-7.7.i58…
99b8339418a1e641bd2fffd7fa94ddb4
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/libapr0-2.0.50-7.7.i58…
dc24744dd9212dd9fa788cbe568369fe
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-worker-2.0.50-…
bb84d16ffa1863a3421f7c3b8770f55b
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-prefork-2.0.50…
db4a38f8922eba3be59954c311b00de7
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-devel-2.0.50-7…
c5423ce0e107b1b8e4b015ffd25f5566
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-2.0.50-7.7.i58…
88aa0c386dce473cf0521345a999c932
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/libapr0-2.0.50-7.7.i58…
f0683744ed767289109406441ea7e4ea
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-worker-2.0.50-…
f680997a55ec3bcdaad8694b3aa5ecbc
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-prefork-2.0.50…
1ff03c55df428f8e71c205fa600b3d7e
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-devel-2.0.50-7…
036c6e06fb97ef635fb835116b33103d
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/apache2-2.0.50-7.7.src.…
84d688673cabbf8b319cafc019dd795b
SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-2.0.49-27.34.i…
4fe736dedb51da0df880612571a4bbc0
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libapr0-2.0.49-27.34.i…
52df06eed158aa8b0cec885d92f103cf
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-worker-2.0.49-…
6fe17a0f1f3a770e9ae8e680e411db99
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-prefork-2.0.49…
c7ae2f36175f28a041961e8a50f4753c
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-devel-2.0.49-2…
ca9f6a43373627af3cb1ddc296175ebe
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-2.0.49-27.34.i…
d02098187f6ea05bb5bdf91fbf072457
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libapr0-2.0.49-27.34.i…
ac3187c44fe0cae9fbd74c7b228df60a
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-worker-2.0.49-…
14838a3ea06746a4beb6a4e5f4a0a9e8
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-prefork-2.0.49…
4cb390242eb43a46532f6fdf7f0420b4
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-devel-2.0.49-2…
ef53edc46eb040e7dd11356c926a8bf5
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/apache2-2.0.49-27.34.sr…
f7e6698966a0f65a07aade7d9e369269
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-2.0.48-155.i58…
807308aa43e757cfdf21073d6aa137f7
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/libapr0-2.0.48-155.i58…
1a7af28c99748ac8b9995a3c786cd066
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-worker-2.0.48-…
78fba9bf9b95ac4627d74d15d4b155f4
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-prefork-2.0.48…
cd1e5cc7e4a0cf85cb188e49dfbccdc2
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-devel-2.0.48-1…
3ea067001e1978cd0a5652d29ac1aa3d
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-leader-2.0.48-…
5b92673c9bd200792ccf57b36a76f1a5
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-metuxmpm-2.0.4…
d1aa4577b80d7202d2873fc60d779889
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-2.0.48-155.i58…
9a23aaf0e488b5c8edb61062d69fb425
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/libapr0-2.0.48-155.i58…
09e8a34d4138be61c48d61a12e9281b8
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-worker-2.0.48-…
39e0a2070d88a9edea81118250cc6bed
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-prefork-2.0.48…
f8212bfb1c488a6d53d00726e5158858
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-devel-2.0.48-1…
6132f24e5a56d678550851ad7088b0b7
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-leader-2.0.48-…
cb04a0221afe61a06c302d2fdd1bb883
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-metuxmpm-2.0.4…
51d3d131014076252bcab6744f935bcf
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/apache2-2.0.48-155.src.…
af3ad54cf46206e152eba60c9117fb0e
x86-64 Platform:
SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-2.0.53-9.5…
85b907f4d5a2ec7bd27497aedac4c47e
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/libapr0-2.0.53-9.5…
15aa356ae44de0930c318227cb10829b
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-worker-2.0…
881993b3901d83a96743057cf761c076
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-prefork-2.…
783f0f9bb1cbf75883f414d4a5386fdb
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-devel-2.0.…
a69631d3a1e50e89203ce145f67ecb24
patch rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-2.0.53-9.5…
3600699732c5033e9904667311720bb4
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/libapr0-2.0.53-9.5…
06fef852a80007dace6f79c88b5a70c5
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-worker-2.0…
3f6c720b867d09826e83050bfbac866b
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-prefork-2.…
39d58d57fe57f00faaf9c1c1259ebb1f
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-devel-2.0.…
64682ae163dad142e07bc1e6ea6b136d
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/src/apache2-2.0.53-9.5.sr…
78e432f045b43ca1d62afd9d44d96ab0
SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-2.0.50-7.7…
82797e22daf1b7e45f19f76b1bbb2f2a
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/libapr0-2.0.50-7.7…
2315bf905e875d4bd18df0fea9791ed2
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-worker-2.0…
7d7f9d6d2542ba689b08dd9e39d5378f
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-prefork-2.…
31fb42fb5888b83a5539dad2f375dfb1
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-devel-2.0.…
929c857dc61df1f3923d6e4348ed8036
patch rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-2.0.50-7.7…
d3583d0536314cf3c251ebb8f651270b
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/libapr0-2.0.50-7.7…
b4f2c134ed3becd179429e9aee4794aa
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-worker-2.0…
389ffba19d5e79f8433c06210b9b6a47
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-prefork-2.…
5877685363ba342c48b6786e8006bf46
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-devel-2.0.…
2f40f2eb81881bd1f43246eed07cf998
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/src/apache2-2.0.50-7.7.sr…
84d688673cabbf8b319cafc019dd795b
SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-2.0.49-27.…
eaabd50f11cb054e1bc312e6c3c4d77c
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libapr0-2.0.49-27.…
b01ef03e4d893483b731cf52f953b99d
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-worker-2.0…
0ad003dc0ac805a939b1fd582750f24f
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-prefork-2.…
4035479cecb2a8974eb5520c03bacd44
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-devel-2.0.…
f02d5e885195dfef2f290f0960e91da9
patch rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-2.0.49-27.…
87e46223583fad63819e12e8a7d80f7f
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libapr0-2.0.49-27.…
2a23e71a8807111fc3007809af259786
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-worker-2.0…
3f298e957f5071e0d9ea3a4fae438701
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-prefork-2.…
10455ff34e03fde9dba013fbe203087e
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-devel-2.0.…
3aac1003eb82a13c4760742bd2831ccf
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/apache2-2.0.49-27.34.…
3b809b2754a78471090157c04b08c3e2
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-2.0.48-155…
d6b39a54ebfbdc9d5a9c9fa72b842d4c
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/libapr0-2.0.48-155…
d2592d72f35ca1cf0d2dca098fd51b40
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-worker-2.0…
f6664337bbfeba977b83097fa07b55d9
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-prefork-2.…
7c804a339ee05b6282db5ac9a5cd8ac0
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-devel-2.0.…
9d493ef6d3ae7bd395369405efb4135d
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-leader-2.0…
4afef015d327ee6e4df071e92441b0cd
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-metuxmpm-2…
96897499420e553ba4ac97a821082530
patch rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-2.0.48-155…
c70d2452cca409c3d46d008bbd56a444
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/libapr0-2.0.48-155…
f91808259c4b87dfd3333360efbce9ff
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-worker-2.0…
53149c85a2a09b2732986d1e548e4635
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-prefork-2.…
8e6fa8a245d4e1c2e7c0f3e7003cd567
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-devel-2.0.…
60250857238c01c3f3524817e608fb60
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-leader-2.0…
5acdeba16329ccbdefcd4d9d05284e61
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-metuxmpm-2…
b712fd7071094be210ab0a5651c22fa2
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/apache2-2.0.48-155.sr…
3c2acceb99e8916f24d636607ae8d68e
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Workarounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iQEVAwUBQyV6fney5gA9JdPZAQFYbQf8DjDUWhMI6fXarQtaJ8JJXuFaNAHa7hWb
x+Inaz2HFy1TMYeXl4i7E0JRM6hE/9PR27+BaDW1xRtpVeVR2gl2C3GALgvAGdG8
WyDD7ldmb5ccCQHKrdkcKH0OAiKMXkCVEGIfGnWcUwcy9jSAbedNWa8M7z0pJMuT
7Q6UKJJlGxqkMajaIy2xJeZ0JTTbD3wKi4AlXIgoiHlFdQXa7wkZVw9ZsWVpp9Oy
OeorYV/lHykvJS+M5UFCo/FPlW63qSx0hj6g9uj5DiIWE1jkRSnJv9ageFwjbaFv
yxgy2qnbdcJ6AY3Cog5C4TAhhVCF1pU9QgW9luFM/qC7C9R6WbzbdQ==
=Jwuk
-----END PGP SIGNATURE-----
1
0