September 2005 - openSUSE Security Announce

SUSE Security Summary Report SUSE-SR:2005:021
by Marcus Meissner 30 Sep '05

30 Sep '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2005:021 Date: Fri, 30 Sep 2005 14:00:00 +0000 Cross-References: CAN-2005-0941, CAN-2005-2558, CAN-2005-2794 CAN-2005-2796, CAN-2005-2876 Content of this advisory: 1) Solved Security Vulnerabilities: - storeBackup insecure /tmp usage and permissions - squid remote denial of service problems - mysql stack overflow in function handling - util-linux umount privilege escalation - OpenOffice_org version upgrade - mediawiki cross site scripting problems 2) Pending Vulnerabilities, Solutions, and Work-Arounds: None 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for the following incidents are already available on our FTP server and via the YaST Online Update. - storeBackup insecure /tmp usage and permissions This update upgrades storeBackup to version 1.19 and fixes following security issues: - storeBackup used insecure /tmp filenames. - storeBackup used insecure (world readable) file permissions for the backup root. Only SUSE Linux retail products contain storeBackup and are affected. - squid remote denial of service problems The web proxy squid was updated to fix two remotely exploitable denial of service vulnerabilities. One can be triggered by aborting a request and the other one occurs in sslConnectTimeout while handling malformed requests. This is tracked by the Mitre CVE IDs CAN-2005-2794 and CAN-2005-2796. All SUSE Linux based products containing squid are affected. - mysql stack overflow in function handling This update fixes a stack-based buffer overflow in MySQL's init_syms function that can be exploited by authenticated users with the privilege to create user-defined functions. This is tracked by the Mitre CVE ID CAN-2005-2558. All SUSE Linux based products including mysql are affected. - util-linux umount privilege escalation The remount option of umount allowed local users to clear certain security relevant flags such as the nosuid flag. This is tracked by the Mitre CVE ID CAN-2005-2876. All SUSE Linux based products are affected by this problem. - OpenOffice_org version upgrade OpenOffice.org on SUSE Linux 9.3 was upgraded to 2.0 Beta Milestone m125. This includes a large number of bug fixes in all areas. This update also fixes a buffer overflow in the MS Word document reader. By creating a specially crafted Word document a remote attacker could exploit this bug to execute arbitrary code under the user id of the user viewing the document (CAN-2005-0941). Note that this version will save files in the new, final XML format that cannot be read by the original SUSE Linux 9.3 version. Files saved with the original 9.3 version can be read without problems. - Mediawiki cross site scripting problems More cross site scripting problems were found in MediaWiki. The problems fixed in the 1.4.9 release have been back ported and are included in this security update. Only SUSE Linux 9.3 contains MediaWiki. ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds None ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and included at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ) send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM 523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q 2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ 1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol 0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ 8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X 11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA 8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= =LRKC - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBQz0unney5gA9JdPZAQKnegf/dYaL6M6PtmR/enoXhjibG2ulKB4wLNqa sOhQDA7Q2Ys02IZekV+njc3hjFynYnWNgj3jaBY1xMbXy/QT48MCQdle21llrsF7 5zlhePVveAOm2OBh+N+RDU1DDhSaqPQ6d56jX5QJQPcRQkuEmC/dDZVLHFgqZTEp yuCVOfhrzHQLcHSdu+rMUUadIl+9+6BqLm+6Oj9sYM1kfREeem0eG88U/PiBYiWc vnc+4B7TyzQsTqFE4mUTZfgfG64g2zkgjs2k7VF52K61Mm1VE3BRQnuUFY49RYdO Z7ODPG9QJeU4KO395002CwJmIGYn99fTFYs1nu5cCsdGB4I2xgpGXQ== =6Bdz -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: Mozilla,Mozilla Firefox remote code execution (SUSE-SA:2005:058)
by Marcus Meissner 30 Sep '05

30 Sep '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: mozilla,MozillaFirefox Announcement ID: SUSE-SA:2005:058 Date: Fri, 30 Sep 2005 10:00:00 +0000 Affected Products: Novell Linux Desktop 9 SuSE Linux 9.0 SUSE LINUX 9.1 SUSE LINUX 9.2 SUSE LINUX 9.3 SUSE LINUX 10.0 SUSE LINUX 10.0 OSS SUSE Linux Enterprise Server 9 SuSE Linux Desktop 1.0 SuSE Linux Enterprise Server 8 UnitedLinux 1.0 Vulnerability Type: remote code execution Severity (1-10): 8 SUSE Default Package: yes Cross-References: CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704 CAN-2005-2705 CAN-2005-2706 CAN-2005-2707 Content of This Advisory: 1) Security Vulnerability Resolved: various security problems in Mozilla based browsers Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The web browsers Mozilla and Mozilla Firefox have been updated to contain fixes for the vulnerabilities fixed in: - Mozilla browser suite version 1.7.12 - Mozilla Firefox version 1.0.7 The security problems with their corresponding Mitre CVE ID are: - CAN-2005-2701: Heap overrun in XBM image processing - CAN-2005-2702: Crash on "zero-width non-joiner" sequence - CAN-2005-2703: XMLHttpRequest header spoofing - CAN-2005-2704: Object spoofing using XBL <implements> - CAN-2005-2705: Javascript integer overflow - CAN-2005-2706: Privilege escalation using about: scheme - CAN-2005-2707: Chrome window spoofing 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please close and restart all running instances of mozilla or Firefox after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 10.0 OSS: ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/i586/MozillaFirefox-1.… b070f22c50716e9793c6286e75d7f1d3 ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/i586/MozillaFirefox-tr… b7e3dbc40ec322b6b4baff3db1ab8f33 ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/i586/mozilla-1.7.11-9.… 3d363104fbaccb6ed24bcbfdaf8d3e0b ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/i586/mozilla-calendar-… dfeb241e004969274396918859ce9c29 ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/i586/mozilla-devel-1.7… 9ccff14aedb21ded7a274de9452c68fb ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/i586/mozilla-dom-inspe… c7fc87a1c63e9be69b5d32eea19d0779 ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/i586/mozilla-irc-1.7.1… cb8a2af71a14a9158c57717649766a74 ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/i586/mozilla-mail-1.7.… 494909fceea44bd110e08482ae151a78 ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/i586/mozilla-spellchec… 41d9c223405d9d94dfcc5b6fb98dc066 ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/i586/mozilla-venkman-1… 292cc9a346d743de3144b71b1b61feb7 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaFirefox-1.0.7-… b070f22c50716e9793c6286e75d7f1d3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaFirefox-transl… b7e3dbc40ec322b6b4baff3db1ab8f33 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-1.7.11-9.2.i5… 3d363104fbaccb6ed24bcbfdaf8d3e0b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-calendar-1.7.… dfeb241e004969274396918859ce9c29 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-devel-1.7.11-… 9ccff14aedb21ded7a274de9452c68fb ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-dom-inspector… c7fc87a1c63e9be69b5d32eea19d0779 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-irc-1.7.11-9.… cb8a2af71a14a9158c57717649766a74 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-mail-1.7.11-9… 494909fceea44bd110e08482ae151a78 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-spellchecker-… 41d9c223405d9d94dfcc5b6fb98dc066 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-venkman-1.7.1… 292cc9a346d743de3144b71b1b61feb7 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-1.0.7-0… e98cdd73507000f7fa68c48821f37f04 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-transla… e7faca0efbe75c279ffa99cd1f076f37 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-1.7.5-17.7.i58… 06712cf8c34b60c89e88d92b7ead910d ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-calendar-1.7.5… 059b7754c74ae3c84affe8df06a47794 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-devel-1.7.5-17… a45be8b0f1276601f8dcf05485ea78e2 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-dom-inspector-… 0dc9f868e9ca4e232fa3da840d501c4f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-irc-1.7.5-17.7… 979c5dc463d2f1a56e1d9127ccc5710b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-mail-1.7.5-17.… 7f6abe44aa06eeac8a25475c2b751f57 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-spellchecker-1… f9952790bb4be571626b25d08fd1e342 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-venkman-1.7.5-… cf5a35adb33f12a0395b847566a4a6f9 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/MozillaFirefox-1.0.7-0… 58e9886032fe946144548daf1b4e47b8 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/MozillaFirefox-transla… eea987167c75d56ace45d361cb4cc924 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/epiphany-1.2.10-0.4.i5… 5b79318a93799582dc072ccf20ad30e0 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/epiphany-doc-1.2.10-0.… d30905577f54fa8b62f15ddc258f74a7 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/epiphany-extensions-0.… c2f24bd8207dd6f66d393d96e3df38c4 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/epiphany-extensions-de… 670ac56681d0e07805df24ea6ab250b1 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/galeon-1.3.19-6.2.i586… 3716981c5488f9f91ae0591a6d078301 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-1.7.2-17.14.i5… cf222da855dba56dad4183944c999c63 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-calendar-1.7.2… d4fbc3fd3516101ad4bc1a0c7f54b004 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-devel-1.7.2-17… 101f9906054da65fa796c84d8c61e257 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-dom-inspector-… 4a96a0f7b9f804b4a50f719702e7fcd6 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-irc-1.7.2-17.1… 0a9b0eff1927fb41097d04c92f31ec91 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-mail-1.7.2-17.… 7d43bc0f6efdba8ec8d2bee4708cac9d ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-spellchecker-1… cdcdb5714caac35a0e1a54deb20a37aa ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mozilla-venkman-1.7.2-… a871f995700d1a3ddf9511c10fd1caac SUSE LINUX 9.1: ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/MozillaFirefox-1.0.7-0… 37080fb2690efd9be2c43e8256a682dc ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/MozillaFirefox-transla… dba6e7624528c385d92f9060326763ea ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-1.7.8-5.13.i58… 79f25c5c016aa6ba5b5e03edaa5250b0 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-calendar-1.7.8… e1a17720cb3e02365dfff9e827cbbc07 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-cs-1.7.5-4.5.i… f39e3c1a52914234ecad41921f873107 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-deat-1.7.6-0.5… 56204c9d290201e272e4ec4e9facfacb ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-devel-1.7.8-5.… d596bfa47dfdbab3b0875cb04c296572 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-dom-inspector-… c1d2f354fa2a213ab5fce5a59db8b561 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-hu-1.78-0.6.i5… f7870dc318dab84dc53c446460524eff ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-irc-1.7.8-5.13… 7ebe1eeba553ece769f914f7c09f2ba0 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-ja-1.7.7-0.6.i… d53222a37715570d1db4b1baeb6f36ba ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-ko-1.75-0.6.i5… b9a321e8fd0f67e677be6efc125359b2 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-mail-1.7.8-5.1… 8fcddcef60122566c180938c6bcd0b99 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-spellchecker-1… 4bb1efcd97b8066dd4913c9223d18dc8 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mozilla-venkman-1.7.8-… 51421590af63afa139ac0622a1baf684 SuSE Linux 9.0: ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/MozillaFirebird-1.0.7-… 4e53eabcd32f3abad4c3b1b5e407f318 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-1.7.8-22.i586.… 5371abafdf197f561b42cbb62a3955cd ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-calendar-1.7.8… 05af99fbab21e29a4dc20b5b3aa48350 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-cs-1.7.5-8.i58… c99f2fb5bc86968de3e16f420923984c ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-deat-1.7.6-5.i… ee755cccefdb8f16ddff4f636a26fe11 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-devel-1.7.8-22… 2029374bce342b76df4217dc3529b71d ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-dom-inspector-… 95db2c6e045a546811d35808c76431f1 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-hu-1.78-6.i586… 5b641188c547f742399c1fa1d3a1ba3c ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-irc-1.7.8-22.i… 19935f7e9f70ad9825f110cc8b7a8f36 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-mail-1.7.8-22.… 57e5689880bacdedc82874f66f51704a ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-spellchecker-1… 1f64833df09e7c5f17fa384ae392f943 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mozilla-venkman-1.7.8-… 20b1ecc87577dedaa7db1633e8e58bc5 Power PC Platform: SUSE LINUX 10.0 OSS: ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/ppc/mozilla-1.7.11-9.2… 430e1c4f054bcb88b715b5ca34ba9725 ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/ppc/mozilla-calendar-1… 95c070ad06d421ff645ed898fe4066c2 ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/ppc/mozilla-devel-1.7.… a57b62e27f94ae3156adfea528b55bc4 ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/ppc/mozilla-dom-inspec… fd030f1a7c191ea06c3c63300a52dd2c ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/ppc/mozilla-irc-1.7.11… 7394df9566dc9b52cdacdc6ae91cbaf4 ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/ppc/mozilla-mail-1.7.1… 0515073dafedc53d0ec5d5c3b0cfa144 ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/ppc/mozilla-spellcheck… 55d8e9f1d9110e965b5c6c7b84ca8c15 ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/ppc/mozilla-venkman-1.… 493263b3ec34285c9bac277b99b762fc x86-64 Platform: SUSE LINUX 10.0 OSS: ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/x86_64/mozilla-1.7.11-… f4069ccda839c1146e478e8927b42ae0 ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/x86_64/mozilla-calenda… e059af96039f550a0eb1dbdcaa51d691 ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/x86_64/mozilla-devel-1… eba511d40cc67672c9d4461b551543a1 ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/x86_64/mozilla-dom-ins… 1afaabbf461d0d7d439861efd638bf82 ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/x86_64/mozilla-irc-1.7… 13a5d28dffe9fb8f4eaee758a03d54c5 ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/x86_64/mozilla-mail-1.… 01a2b53726e958516315bf2e11390fff ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/x86_64/mozilla-spellch… 5b5cdd12fc9002ca41cf3efcca1025f0 ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/x86_64/mozilla-venkman… 02740535ecb1adc8534e4ebd2d28ced1 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-1.7.11-9.2.… f4069ccda839c1146e478e8927b42ae0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-calendar-1.… e059af96039f550a0eb1dbdcaa51d691 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-devel-1.7.1… eba511d40cc67672c9d4461b551543a1 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-dom-inspect… 1afaabbf461d0d7d439861efd638bf82 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-irc-1.7.11-… 13a5d28dffe9fb8f4eaee758a03d54c5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-mail-1.7.11… 01a2b53726e958516315bf2e11390fff ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-spellchecke… 5b5cdd12fc9002ca41cf3efcca1025f0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-venkman-1.7… 02740535ecb1adc8534e4ebd2d28ced1 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-1.7.5-17.7.x… ad132a0176b38d35aa5a59f5dddd48e9 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-32bit-9.3-7.… 3ca7760002db72b56644085727877b40 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-calendar-1.7… 87efa7a30315bcc8bdd2f580141f4ebe ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-devel-1.7.5-… 91e920dc2e883d38c0fe362cfeaaedb3 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-dom-inspecto… ac3b0bbf03ded04a2b7e7991a724d59a ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-irc-1.7.5-17… 86afd380a362338baeb96ba1e1673071 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-mail-1.7.5-1… 3548f885148faf1d6d8f31a2149693c9 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-spellchecker… ea4339aa06d16ef076193368be577788 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-venkman-1.7.… d1f485c3cea08964be5cfc935d6476db SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/MozillaFirefox-1.0.7… 5cffdac01a15a951168244554255c832 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/MozillaFirefox-trans… c49627cf05e2a069e3d540edc434da1f ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/epiphany-1.2.10-0.4.… 719c1d18b869185e45f349898ffaa4b0 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/epiphany-doc-1.2.10-… 597c527c061a6758b87bd392cc7e85fd ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/epiphany-extensions-… 99d2fad0d66ca029ae13606e0b38a678 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/epiphany-extensions-… 02e692e00a2401301e9dc8ea3eff25b1 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/galeon-1.3.19-6.2.x8… 7eb3ca48f665999523d3fe2ffa69fb99 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-1.7.2-17.14.… 28e756cebc948024d3d7eb19090fb8b8 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-calendar-1.7… 68388f461bf620f6b8050f706cfd87a4 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-devel-1.7.2-… e2a710fc8344c9e96bd0dc11bccb5de2 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-dom-inspecto… d10426280e0a7daafcad9c52f8cc90a6 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-irc-1.7.2-17… 24d8f99ca3b83f2f647e2e3a69814fbc ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-mail-1.7.2-1… 73ee0e42d82b38e3a1420e72366782b0 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-spellchecker… 1dd0a5bc9598750c6417afdf9eb89a2b ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mozilla-venkman-1.7.… 92fbc53b7e94cb6b736b134a201da6f0 SUSE LINUX 9.1: ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/MozillaFirefox-1.0… 00c2104c2a6cfced9254fd529e2a3eb0 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/MozillaFirefox-tra… d9c05812c47c81d65664feb010af7891 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-1.7.8-5.13… b630d42f44fa70f5c41216fc42beaa06 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-calendar-1… 9de2513892aed768d01ba77853400bf5 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-cs-1.7.5-4… 8298d98b7fd64707227b97ccf8e2ccf8 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-deat-1.7.6… 5b7c071a12a0867107dcdb4b26ea3965 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-devel-1.7.… 2c2c42b0f518a5e139338f0083073add ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-dom-inspec… 43924915be1555fa119bf8a0fb50ac39 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-hu-1.78-0.… 182349498b15b1c8cd1bfa6b7087a2a6 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-irc-1.7.8-… af2a1dcacbda6ef35c456c4cf5be4729 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-ja-1.7.7-0… cd694a201d6e9416be5634ff2b4ed08a ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-ko-1.75-0.… e542067f8c9565e0e5ea018ae69a6eb5 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-mail-1.7.8… 78606b9b9a607dde560e7bc58047363c ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-spellcheck… e669c013cd3a564909464d466cf004de ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mozilla-venkman-1.… 0ac108535f987e0d37fab840f24e820d SuSE Linux 9.0: ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/MozillaFirebird-1.… ee62a8fa3053951b7069a7523bac87bc ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-1.7.8-22.x… 59be47c90cc3a5134d6856df4a3453ad ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-calendar-1… 99b376ba53d6bce9e006cfb6b471843a ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-cs-1.7.5-8… c85120938f7111382804d9ffeb7d80f2 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-deat-1.7.6… 952a6ba1d1c52fb715606570eeb4d69e ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-devel-1.7.… b643663a2fd73baa85b1cb2a0388fb9f ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-dom-inspec… a6d1b59b10bd06d0359a507401c2735b ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-hu-1.78-6.… 82d3508a125302620ba6762eeb0c76a4 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-irc-1.7.8-… cb45dc7828a793cf841b4a26829a0b0a ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-mail-1.7.8… b3c39f74bd1b3a6c3d28a9f47e590c8a ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-spellcheck… 5c8c42792d29095560b734109f37c01f ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mozilla-venkman-1.… 27eca70e1e49b9bcbea2c00fbdc6ca98 Sources: SUSE LINUX 10.0 OSS: ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/src/MozillaFirefox-1.0… d09caffc894595153a79d1b97f016954 ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/src/mozilla-1.7.11-9.2… d83a9eacb5faa1c095ab8158146f077b SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/MozillaFirefox-1.0.7-0… d09caffc894595153a79d1b97f016954 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-1.7.11-9.2.src… 0be969f1998e2619aa06af9403fb1f71 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/MozillaFirefox-1.0.7-0.… 593d44805da6927c4f6d0f8baba9a39e ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/mozilla-1.7.5-17.7.src.… 9e3cb1bcc89d282ba1867778eb59cf41 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/MozillaFirefox-1.0.7-0.… 5d29e5a760c0c7c47294a64604a06cf0 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/epiphany-1.2.10-0.4.src… 345a1cd4936264eb420624bee8e117ec ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/epiphany-extensions-0.8… 51eb4a5a6dbc77afea461563493f590b ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/galeon-1.3.19-6.2.src.r… 886a6b86ffec1f3a513f49ef95321340 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/mozilla-1.7.2-17.14.src… 1bb1d4a94210c6dc7371fe09a8dfba98 SUSE LINUX 9.1: ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/MozillaFirefox-1.0.7-0.… 1f9d95f57d6a80a36dce9d8f84c3963a ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-1.7.8-5.13.src.… 80533e066eaed0a657bf5cb8e25234ab ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-cs-1.7.5-4.5.sr… 47220d851a53e7a63fbf12dea62b1cc6 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-deat-1.7.6-0.5.… 07c014a5492f61a68320863281db4c96 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-hu-1.78-0.6.src… bdbc740b3c37c17103aa56d219351e4c ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-ja-1.7.7-0.6.sr… 14aecf150956f4635f021b64f554f78d ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mozilla-ko-1.75-0.6.src… 7a1ea397402d592477e5310a3250e549 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/MozillaFirefox-1.0.7-… b77f775d1e92864fbe8023a24b1720e0 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-1.7.8-5.13.sr… 30b43409cd492ae0656d752732b95d86 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-cs-1.7.5-4.5.… 3c1170db7e139b7f6ea4e15784c8ff38 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-deat-1.7.6-0.… bbc9ac1ef35c3d86103fa6fc6d7f8537 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-hu-1.78-0.6.s… e43906af2dee9bf63a9e1089b8a3f368 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-ja-1.7.7-0.6.… 2a82cf5cbb535a285ce0ba81b9201c8c ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mozilla-ko-1.75-0.6.s… 45d09732344464d46c0dc702c7c543f0 SuSE Linux 9.0: ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/MozillaFirebird-1.0.7-2… 580b76681deef6804eab49cf69a173f3 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mozilla-1.7.8-22.src.rpm 34de2c3f3f025eebf20eaef3a67cd163 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mozilla-cs-1.7.5-8.src.… 0722c1ed3f1876b5aaeb9beb461ff94d ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mozilla-deat-1.7.6-5.sr… d692de86ba4705d68b4601fe98ef9a34 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mozilla-hu-1.78-6.src.r… 67ee232260f2e968666ead52e61b0733 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/MozillaFirebird-1.0.7… c2990ece2e6034aa2d3018f5bd715f0c ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mozilla-1.7.8-22.src.… c94b039006cc2fa88d427892c02817bd ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mozilla-cs-1.7.5-8.sr… b3de942cf3bca2fd421a9eea038b59f9 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mozilla-deat-1.7.6-5.… 23abbabf17c82104fc795dcaac639352 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mozilla-hu-1.78-6.src… 27827ab4dc20eba79ed514a0f6a40f92 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/4f19e198bd78960… http://portal.suse.com/psdb/4f19e198bd78960e9bfc40d41f8aafae.html http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/5a2d044b1e43fb7… http://portal.suse.com/psdb/5a2d044b1e43fb74c91034c754c71c07.html http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/b310b00e5cb76ad… http://portal.suse.com/psdb/b310b00e5cb76adf21b02190e55fb6a2.html http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/8de3ea0ba7cd0da… http://portal.suse.com/psdb/8de3ea0ba7cd0da892d902baee1e6d60.html ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM 523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q 2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ 1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol 0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ 8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X 11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA 8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= =LRKC - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBQzz/5Xey5gA9JdPZAQIODgf+ON5YV7r+Jv06IHHxJ737lfp4tv6nTu9y wmUkcS52amcUH9gDVvgu8rLaD5YvtDi4mmZWUNtKqpw2kY9d1z/446piTCityu8c 8m2t9T/OWDPPxV5MB7XV86wRI6LEJlHJ239278RTR0tbWa4U1L8mHzwurNHWwGBw jxLdYUuq6ci/oBqqoK2xpsjgMRHRjWSayXGkMzntLkfVe86OGOiwjsJ7dpC0cVe/ hVV+NqpgMYh6KTkY0UG1KHe3ImpvaYLJaY1M/JJWALpFRcJYgs6AMaW5MkI9IQaE SKc2j10xpZKAtxBcJfysBzHXET4cI4M6/fe/Zy0rLFCMaW++BOwbRA== =deqq -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: opera remote script insertion (SUSE-SA:2005:057)
by Marcus Meissner 26 Sep '05

26 Sep '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: opera Announcement ID: SUSE-SA:2005:057 Date: Mon, 26 Sep 2005 15:00:00 +0000 Affected Products: SUSE LINUX 10.0 SUSE LINUX OSS 10.0 SUSE LINUX 9.3 SUSE LINUX 9.2 SUSE LINUX 9.1 SuSE Linux 9.0 Vulnerability Type: remote code execution Severity (1-10): 6 SUSE Default Package: yes Cross-References: CAN-2005-3006 CAN-2005-3007 Content of This Advisory: 1) Security Vulnerability Resolved: opera script insertion problems Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion This update upgrades the Opera web browser to the 8.50 release. Besides the changes in 8.50 that are listed in http://www.opera.com/docs/changelogs/linux/850/ following security problems were fixed: 1. Attached files are opened without any warnings directly from the user's cache directory. This can be exploited to execute arbitrary Javascript in context of "file://". 2. Normally, filename extensions are determined by the "Content-Type" in Opera Mail. However, by appending an additional '.' to the end of a filename, an HTML file could be spoofed to be e.g. "image.jpg.". These two vulnerabilities combined may be exploited to conduct script insertion attacks if the user chooses to view an attachment named e.g. "image.jpg." e.g. resulting in disclosure of local files. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please restart running instances of Opera after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/opera-8.50-2.1.i586.rpm 14d5e5fa885cdcbfe295bf14e78cc597 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/opera-8.50-2.1.i586.rpm d49cde72a2ca0a577b1f46d642177a2c SUSE LINUX 9.1: ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/opera-8.50-1.1.i586.rpm 37d049f6e1c74d93d53c8369e3c7d38a source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/opera-8.50-1.1.nosrc.rpm d186e1294cee84c3472df1ac84a3d6a2 SuSE Linux 9.0: ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/opera-8.50-3.i586.rpm c9e8a2b20726590afafed2acf33878e5 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/opera-8.50-3.nosrc.rpm ba618d920bd3c67198a6cfe81417f505 SUSE LINUX OSS 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/opera-8.50-2.1.i586.r… f6fd16f597c24c44ff22d3079d67bf04 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/opera-8.50-2.1.nosrc.r… f4d1a6f0d53de4d0a3c66342b39a1090 x86-64 Platform: SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/opera-8.50-2.1.x86_6… 5e7cc77dffeeb6f7f49040fe57a24436 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/opera-8.50-2.1.nosrc.rpm 51bdcf29e4838f37c513db2fda7ce4cb SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/opera-8.50-2.1.x86_6… 92ae1f3adca409fc7504f75eb9a048cd source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/opera-8.50-2.1.nosrc.rpm 0068542ea265d222909b1a7afb2efd5d SUSE LINUX 9.1: ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/opera-8.50-1.1.x86… 26e585d3cd1b813a5fc5905d00ea8c41 source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/opera-8.50-1.1.nosrc.… e1d6ab204a6b53257f883e0319001862 SuSE Linux 9.0: ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/opera-8.50-3.x86_6… eb553979fd5085a91fa2d31faff03f8f source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/opera-8.50-3.nosrc.rpm 6495e097ae44fb75e9db8407bc2ce793 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/opera-8.50-2.1.x86_… 150053c82d63a0e33472eaa656417b32 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/opera-8.50-2.1.nosrc.r… db1da6ab611d0c70f46602585d0868d4 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM 523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q 2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ 1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol 0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ 8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X 11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA 8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= =LRKC - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBQzgIC3ey5gA9JdPZAQIMZwf+NeomwRfdx1Emj1WdFL9UibePgJORmLr/ Eg/SFXZnpl8Vzq/0MFZ4uV1kBAyRKuY9CGv1mTAHF9u+6CFEiRUEaDlkI9oZfZzn OeIaeW0e96CTButsVNGc40LaOHk+OZsZHsg1WDLnR4T49fh0fN3oMSg14aFRGllX 32axj+Sa21s926465zlnVPWyM/wchpCOXHbnXT3Q0yMIV7kr/QjTrC0eyMOmfTAO FgZbssUrEPTUvqSVcRki6XqlKmAVt7DuqspdnOTkeBQVVYQYcjAbuQKtF7QudtwM CEqqiyqlBWL+mYhRIDK5YaXSk2b2eSdXxV+tvx1qJXb5EWm7oEqf4w== =/IqC -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: XFree86-server,xorg-x11-server (SUSE-SA:2005:056)
by Thomas Biege 26 Sep '05

26 Sep '05

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SUSE Security Announcement Package: XFree86-server,xorg-x11-server Announcement ID: SUSE-SA:2005:056 Date: Mon, 26 Sep 2005 14:00:00 +0000 Affected Products: SUSE LINUX 9.0, 9.1, 9.2, 9.3 SUSE Linux Desktop 1.0 SUSE Linux Enterprise Server 8, 9 Novell Linux Desktop 9 Vulnerability Type: remote command execution Severity (1-10): 9 SUSE Default Package: yes Cross-References: CAN-2005-2495 Content of This Advisory: 1) Security Vulnerability Resolved: pixmap integer overflow Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The X server memory can be accessed my a malicious X client by exploiting a missing range check in the function XCreatePixmap(). This bug can probably be used to execute arbitrary code with the privileges of the X server (root). 2) Solution or Work-Around There is no work-around known. 3) Special Instructions and Notes Please restart your X system completely. (Logout of your Windowmanager, run "init3;init 5" as root on a console.) 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: SUSE Linux 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/xorg-x11-server-6.8.2-… dc41dbe04424ef869811323b76c567ef patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/xorg-x11-server-6.8.2-… cb854e1f0042916a731e2fce9028fcc5 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/xorg-x11-6.8.2-30.4.src… ca3baf4c2d1df7bfcb0af630bbef1a6d SUSE Linux 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/xorg-x11-server-6.8.1-… a08df5563bc23ce0a304a488657f1d53 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/xorg-x11-server-6.8.1-… 9739cdfa5157b5aa9ba5f0a21129edfd source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/xorg-x11-6.8.1-15.9.src… de447aaeae832d524d1b292e83a9e6aa SUSE Linux 9.1: ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/XFree86-server-4.3.99.… c101e4dfb938ab0b6afb4e480971cb98 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/XFree86-server-4.3.99.… 9117e86e254c3a6ebf73395307382179 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/XFree86-4.3.99.902-43.5… ec3f9bfed9da411ddbc55f8f3bc48729 SUSE Linux 9.0: ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/XFree86-server-4.3.0.1… d85636745eefd2fe67d4ef0d7491bd44 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/XFree86-server-4.3.0.1… a205fbaef7d98c3ce599f71f8dd51864 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/XFree86-4.3.0.1-60.src.… 3c5c345435ff6310ce8479497a6a80af x86-64 Platform: SUSE Linux 9.3: ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/xorg-x11-server-6.… 15895f47f57e2507e8d5ae4e854c3e3a patch rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/xorg-x11-server-6.… 6e58d518d719d901fe4b41ba1a2bd8fa source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/src/xorg-x11-6.8.2-30.4.s… ca3baf4c2d1df7bfcb0af630bbef1a6d SUSE Linux 9.2: ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/xorg-x11-server-6.… f6c86f558fd5ae340f98eb85cbcb5d8d patch rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/xorg-x11-server-6.… 2393163cd16ec2db996f927121f5b6a7 source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/src/xorg-x11-6.8.1-15.9.s… de447aaeae832d524d1b292e83a9e6aa SUSE Linux 9.1: ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/XFree86-server-4.3… 9b8f7d8ef0992b6664071f8416243c25 patch rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/XFree86-server-4.3… 918bad600f482fd524da5efc8f7aeb7a source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/XFree86-4.3.99.902-43… 0cd5570ed44f6dcf2dcfaf28dd1d29f5 SUSE Linux 9.0: ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/XFree86-server-4.3… fbb16e807e443d1176e346f500abe14f patch rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/XFree86-server-4.3… 69c56321cba9860b092183f78bdf9d85 source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/XFree86-4.3.0.1-60.sr… 0e6a2a4f3a79421c9ab7042f3500e109 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/6b16ab65d43c461… http://portal.suse.com/psdb/6b16ab65d43c461fec64068bc1210288.html http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/3d6df3814d44ff2… http://portal.suse.com/psdb/3d6df3814d44ff22980e1553b6d66fab.html ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM 523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q 2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ 1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol 0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ 8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X 11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA 8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= =LRKC - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iQEVAwUBQzftKney5gA9JdPZAQHnaQgAnUoTfWcnHJxKTFjPWcUJX1EDWQjukiQB knQ4CIhQzMUB4qwa0Wro/tiZP1byO+Qm/GX37b63jcTXLjAy+1yntRvGXINPxghS i/dK4O1wKZdllQBPGaTsHjn7jlVQfC4QNh3fzyFoguYuipRZr2PeGHoBiCEZVUrn tIFBp4Um/c1kvRBh/grhlVYe6Hm/WpGSN3F7hHwX9AFZlVxXIK825WITKRaN0Ce5 8knKkA5BXqg1RtDY2j7P85LNlPZDgPOjywCmGywQwjllk4SYx2AX1fuqPfoMooI+ +zEVV9OY2RkUlwnQkLN94ArXaerUbcmMPBSZ3158eTAwSk9DL8kX7A== =BkY5 -----END PGP SIGNATURE-----

1 0

SUSE Security Advisory: clamav remote code execution (SUSE-SA:2005:055)
by Marcus Meissner 26 Sep '05

26 Sep '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: clamav Announcement ID: SUSE-SA:2005:055 Date: Mon, 26 Sep 2005 12:00:00 +0000 Affected Products: SUSE LINUX 9.1, 9.2, 9.3, 10.0 SUSE Linux Enterprise Server 9 Vulnerability Type: remote code execution Severity (1-10): 5 SUSE Default Package: no Cross-References: CAN-2005-2919 CAN-2005-2920 Content of This Advisory: 1) Security Vulnerability Resolved: clamav problems in UPX and FSG EXE compressors Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion This update upgrades clamav to version 0.87. It fixes vulnerabilities in handling of UPX and FSG compressed executables, which could lead to a remote attacker executing code within the daemon using clamav. These are tracked by the Mitre CVE IDs CAN-2005-2919 and CAN-2005-2920. Also following bugs were fixed: - Support for PE files, Zip and Cabinet archives has been improved and other small bugfixes have been made. - The new option "--on-outdated-execute" allows freshclam to run a command when system reports a new engine version. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Make sure you restart all daemons linking against the clamav engine directly after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/clamav-0.87-1.1.i586.r… 6c55b69bec8ac76df879610e398c57f5 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/clamav-0.87-1.1.i586.r… 51e99e851de3af05a1e10ce5d21d0f8d SUSE LINUX 9.1: ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/clamav-0.87-1.2.i586.r… 243b8a505a83a1fe449961a1b6dfcff3 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/clamav-0.87-1.2.src.rpm 95eeec2ea8731c364b10eb50b1d200b9 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/clamav-0.87-1.1.i586.… 45c46b8f2ebb6a097ec253a4f930ee9d Power PC Platform: SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0-OSS/rpm/ppc/clamav-0.87-1.1.pp… 2ba2c1b077598f08c24e4b8d5edee68c x86-64 Platform: SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/clamav-0.87-1.1.x86_… db4063e9b447132b6b6fe780d6af54da source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/clamav-0.87-1.1.src.rpm d46fadec2816d9577979b67a7f66c282 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/clamav-0.87-1.1.x86_… 60b1f27bad3ef7b857bae850c866b011 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/clamav-0.87-1.1.src.rpm 667c9deb85b25b20dbf01c2b6095791f SUSE LINUX 9.1: ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/clamav-0.87-1.2.x8… fcfc56602da9cb6f7442ba52561d8701 source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/clamav-0.87-1.2.src.r… a3a648d1657d1a90132af05996c18241 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/clamav-0.87-1.1.x86… a40edb865bcd89b302969b1b7df8ead6 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/clamav-0.87-1.1.src.rpm e384d8586359dfe548fdc96a4d9f7700 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/3952d0ed7bf90e0… http://portal.suse.com/psdb/3952d0ed7bf90e0e933aa1ba609705c2.html ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM 523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q 2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ 1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol 0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ 8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X 11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA 8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= =LRKC - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBQzfTaney5gA9JdPZAQKF1wgAgl+IzNxP8Etn1X1qSdNvvbMgIKsSg9Jc yCVjKswJXh1fAykR24OVErjsCr8uwBpky8kbn61lYKAG3ZSzbori+WtQtk9APdI/ ZuQbGBAlUHkPMzgkw4Ef5x9mWBxJhjnsrr2dyoBmKxdOM11bUeAt/yP9JjpyAKv8 AeJ8PaXXAY+xgstBVoMpPDAvqg3XZYkgYRJrglLnzjEllHcIIEMAdZF5QXfAfMlm Odk6ZE+QeUcXcgp1r6Cs4DERWLJq/wWYY/FlvFACM79IRlp7FDhQXRFHXuWTG1hx KLZ4E+sXRx+tbbt/gEZm1IwNDOYtm9bbeAlAYatXJLJEcAr2mXTFpA== =E8mw -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: evolution (SUSE-SA:2005:054)
by Ludwig Nussel 16 Sep '05

16 Sep '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: evolution Announcement ID: SUSE-SA:2005:054 Date: Fri, 16 Sep 2005 13:00:00 +0000 Affected Products: Novell Linux Desktop 9 SUSE LINUX 9.2 SUSE LINUX 9.3 Vulnerability Type: remote code execution Severity (1-10): 6 SUSE Default Package: yes Cross-References: CAN-2005-2549, CAN-2005-2550 Content of This Advisory: 1) Security Vulnerability Resolved: evolution format string bugs Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: - See SUSE Security Summary Report 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Several format string bugs allowed remote attackers to cause evolution to crash or even execute code via full vCard data, contact data from remote LDAP servers, task list data from remote servers (CAN-2005-2549) or calendar entries (CAN-2005-2550). 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please close and restart all running instances of evolution after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/evolution-2.2.1-7.4.i5… efce1fe443ee6ed166b54b1a5e3b98d5 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/evolution-data-server-… 40a63375e5251616fbc09eb60af677c0 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/evolution-data-server-… d2402cf9eb95f22f4a51ef2649f16c85 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/evolution-devel-2.2.1-… 3859e68fc6cb698320eb79eae81b4539 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/evolution-pilot-2.2.1-… 31492dd7d6e1b033adbd2bc6a3db2b9f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/evolution-data-serve… 08122624504e8bd0e2761e1ca628ddb6 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/evolution-2.0.1-6.8.i5… fdf65a48e6cbc5b6643c50c4eef5ae5a ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/evolution-devel-2.0.1-… 5050f1a2f4291f0a5c6b6fdf12c1fe81 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/evolution-pilot-2.0.1-… d64777fb32d0693af25d8e79e7fc9775 x86-64 Platform: SuSE Linux 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/evolution-2.2.1-7.4.… 7afad6527cf6975154de0d30954a089e ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/evolution-data-serve… c986668e572836b02e8329d438fd366b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/evolution-data-serve… b8bd4014dbf302a1b1a87ebf5a0df0f3 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/evolution-devel-2.2.… b8104af8109a4d87cf90498af3fdc715 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/evolution-pilot-2.2.… d17145cd0fcb2d54169a185a990c3c65 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/evolution-2.2.1-7.4.src… 2fe71a8fd727fe03b7f6e1a3604b4528 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/evolution-data-server-1… e8fa87abca06e333bc6ceb16db771124 SuSE Linux 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/evolution-2.0.1-6.8.… ed6ab2108d1a2f7325f582455e2cec87 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/evolution-devel-2.0.… df0b35e88427feec0724857b9d6af05d ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/evolution-pilot-2.0.… c7e60d7e67d51d89608da804c5d1b9cf source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/evolution-2.0.1-6.8.src… 0365c61c839221763ff51d9594e5a765 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/c4057f5954b5370… http://portal.suse.com/psdb/c4057f5954b5370db387b3407e4a9192.html ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: - See SUSE Security Summary Report ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM 523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q 2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ 1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol 0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ 8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X 11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA 8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= =LRKC - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBQyq7nXey5gA9JdPZAQLC7wf/cqczXqVwz+fZQR/WwTXO2Lu6c+thIv7K y/XkvywyM2N9h49K64oD3sfpQcPYyh/gn2oHpEIzBUhNPCn4dqm5DGoWC6FGq8nU 25xQ1Cze+YU+9dWBO3JIRaYhCN2cUbTTjq9gXs3SEHMfA71z4UshOaajMvk+q9ZY zDdRxeMA01rXdEmlKs/pNwITjQotBTaheWhb8KLWrpKAYDQkxpW8Td47kHFU9nML pO9sq4EkZ+4Bcrg3y4Eg1e3zbII42jAidg56bXMAaYyetW+Oi/XgO07eoMFkyYd+ fzijgCkB8uaCL0NICfE5Z7w9qN+2TMCGQOj1uH7ypvj4/SR0wVxLsw== =UKTf -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: squid (SUSE-SA:2005:053)
by Thomas Biege 16 Sep '05

16 Sep '05

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SUSE Security Announcement Package: squid Announcement ID: SUSE-SA:2005:053 Date: Fri, 16 Sep 2005 14:28:00 +0000 Affected Products: 9.0, 9.1, 9.2, 9.3 SUSE Linux Enterprise Server 8, 9 Open Enterprise Server 9 Vulnerability Type: remote denial of service Severity (1-10): 4 SUSE Default Package: no Cross-References: CAN-2005-2794 CAN-2005-2796 Content of This Advisory: 1) Security Vulnerability Resolved: - remote denial of service Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Workarounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion This update of the Squid web-proxy fixes two remotely exploitable denial of service vulnerabilities. One can be triggered by aborting a request (CAN-2005-2794) due to a faulty assertion. The other one occurs in sslConnectTimeout while handling malformated requests (CAN-2005-2796). The latter one does not affect SUSE LINUX 9.3. 2) Solution or Workaround There are no workarounds known. 3) Special Instructions and Notes Please restart the Squid web-proxy after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web. x86 Platform: SUSE Linux 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/squid-2.5.STABLE9-4.4.… eea572b10ecf573753af16ecf1fbdaa7 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/squid-2.5.STABLE9-4.4.… becf331a849332d734d72f90801d8338 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/squid-2.5.STABLE9-4.4.s… 8c0ffeccd0c8fd64418164f275adbd27 SUSE Linux 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/squid-2.5.STABLE6-6.15… 93720922d4f7ae4370b2c4e493fae592 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/squid-2.5.STABLE6-6.15… 9e4d07f1f11c8c1cbf7564c8d2164ca7 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/squid-2.5.STABLE6-6.15.… 236cb11582b4983350ef81e5e8508c39 SUSE Linux 9.1: ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/squid-2.5.STABLE5-42.4… dc9848a817367dfe278a6f3954c6677f patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/squid-2.5.STABLE5-42.4… 5c534d9df125a3ff02c5fa32bf216f64 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/squid-2.5.STABLE5-42.41… 4dd683495e578ec59bd34260caf9a565 SUSE Linux 9.0: ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/squid-2.5.STABLE3-126.… 6d094da21806166dde5f6da8307ca2a2 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/squid-2.5.STABLE3-126.… 02172274b15a28b918c54d470203d029 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/squid-2.5.STABLE3-126.s… 3cfae65a6cee24e6cfe8adc4226fa601 x86-64 Platform: SUSE Linux 9.3: ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/squid-2.5.STABLE9-… d07ae04a018a3abb082cd0b130c145a0 patch rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/squid-2.5.STABLE9-… cbcb39ccc9ee0340692ae3cf048453ff source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/src/squid-2.5.STABLE9-4.4… 8c0ffeccd0c8fd64418164f275adbd27 SUSE Linux 9.2: ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/squid-2.5.STABLE6-… 915b0b2955f878a2e89b171d1335274c patch rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/squid-2.5.STABLE6-… c488ab4031de911b6675a785a4d2a4dd source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/src/squid-2.5.STABLE6-6.1… 236cb11582b4983350ef81e5e8508c39 SUSE Linux 9.1: ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/squid-2.5.STABLE5-… 6fc9746898681ee217f884f6aaca8e68 patch rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/squid-2.5.STABLE5-… 37ada616c159242b53e2dfbf5f94597c source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/squid-2.5.STABLE5-42.… 310321fd1232ea45ccb06fd5b24ba664 SUSE Linux 9.0: ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/squid-2.5.STABLE3-… f39071c7802d8bb77ed00038e095a6af patch rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/squid-2.5.STABLE3-… 05f996332331ddebf848cc2726fcbc87 source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/squid-2.5.STABLE3-126… 3c7e8fc9a5e0cf4c6638d57fed2fdf53 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Workarounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM 523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q 2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ 1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol 0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ 8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X 11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA 8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= =LRKC - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iQEVAwUBQyq803ey5gA9JdPZAQHlrgf9Hft0fRxo23f+I7UvrY+JimUMzjq7//TB robXj4r96MdI4jWOOk+0pzi2dQy1LHkHv/UQBKYAWdZvKvDRYtehvUKFFFI0ALS+ yaEWsfIAiGGrQZllqYOIKDd+bpwVSrD80xS5nsKz7C0D1EX25XmyxothbjRNWUOm KBkD1zwbUzTH02qS+473uW1uZc+GpHuqt8sVOFGkYC13Sk5KGqTWQI3E00/116Fk wYfq6gppi7Uwqv8qE3BCkbVi/jqgIRgdp2lcNlq9jDJKE7x9Ve3VzfDjges5MFMA STdqeoTwqppS8ODIcDCQJK0lGr1C7QwSl4nX8PmQ2ZDy7H8276PSWw== =jO0s -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: apache2 (SUSE-SA:2005:052)
by Thomas Biege 16 Sep '05

16 Sep '05

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SUSE Security Announcement Package: apache2 Announcement ID: SUSE-SA:2005:052 Date: Mon, 12 Sep 2005 09:00:00 +0000 Affected Products: 9.0, 9.1, 9.2, 9.3 SUSE Linux Enterprise Server 8, 9 Open Enterprise Server 9 Vulnerability Type: local command execution, authentication bypass, memory consumption Severity (1-10): 5 SUSE Default Package: yes Cross-References: CAN-2005-2491 CAN-2005-2728 CAN-2005-2700 Content of This Advisory: 1) Security Vulnerability Resolved: - integer overflow in PCRE - memory consumption bug in byterange splitting - SSL client-certificate authentication bypass Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion PLEASE NOTE: This advisory is a re-release of SUSE-SA:2005:051 with a new SA ID because the ID SUSE-SA:2005:051 was already used. This update of apache2 fixes an integer overflow in the PCRE quantifier parsing which can be triggered by a local untrusted user by using a carefully crafted regex in a .htaccess file to execute arbitrary code. (CAN-2005-2491) A memory consumption bug in the byterange handling code (CAN-2005-2728) was fixed. And a flaw in mod_ssl which allows to bypass the client-certificate authentication in a vhost context (CAN-2005-2700) was solved. 2) Solution or Workaround There are no workarounds known. 3) Special Instructions and Notes Please restart the Apache web server after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web. x86 Platform: SUSE Linux 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-2.0.53-9.5.i58… a240d419004e61a3c94208bc297ffb5b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/libapr0-2.0.53-9.5.i58… 6084268b6e5b47130846f69555485a54 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-worker-2.0.53-… b66c2ba932bddc7d5d7b6193500f5a2b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-prefork-2.0.53… 8cf9d900a458eaf328ad7e5475b06098 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-devel-2.0.53-9… ccd9f70705c6d171e4989140cdab73f0 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-2.0.53-9.5.i58… f67b79935f4b65789ddca57902b17786 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/libapr0-2.0.53-9.5.i58… 2c88ae4c308184d2433fa4e3c1812cde ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-worker-2.0.53-… 3579b413ec105c2de9ccf3fe45d067f7 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-prefork-2.0.53… 6f54201023745d49189cf1b32692b192 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-devel-2.0.53-9… fb7d8de4c15b248fd72649a31e48c44b source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/apache2-2.0.53-9.5.src.… 78e432f045b43ca1d62afd9d44d96ab0 SUSE Linux 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-2.0.50-7.7.i58… 99b8339418a1e641bd2fffd7fa94ddb4 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/libapr0-2.0.50-7.7.i58… dc24744dd9212dd9fa788cbe568369fe ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-worker-2.0.50-… bb84d16ffa1863a3421f7c3b8770f55b ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-prefork-2.0.50… db4a38f8922eba3be59954c311b00de7 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-devel-2.0.50-7… c5423ce0e107b1b8e4b015ffd25f5566 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-2.0.50-7.7.i58… 88aa0c386dce473cf0521345a999c932 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/libapr0-2.0.50-7.7.i58… f0683744ed767289109406441ea7e4ea ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-worker-2.0.50-… f680997a55ec3bcdaad8694b3aa5ecbc ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-prefork-2.0.50… 1ff03c55df428f8e71c205fa600b3d7e ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-devel-2.0.50-7… 036c6e06fb97ef635fb835116b33103d source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/apache2-2.0.50-7.7.src.… 84d688673cabbf8b319cafc019dd795b SUSE Linux 9.1: ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-2.0.49-27.34.i… 4fe736dedb51da0df880612571a4bbc0 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libapr0-2.0.49-27.34.i… 52df06eed158aa8b0cec885d92f103cf ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-worker-2.0.49-… 6fe17a0f1f3a770e9ae8e680e411db99 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-prefork-2.0.49… c7ae2f36175f28a041961e8a50f4753c ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-devel-2.0.49-2… ca9f6a43373627af3cb1ddc296175ebe patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-2.0.49-27.34.i… d02098187f6ea05bb5bdf91fbf072457 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libapr0-2.0.49-27.34.i… ac3187c44fe0cae9fbd74c7b228df60a ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-worker-2.0.49-… 14838a3ea06746a4beb6a4e5f4a0a9e8 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-prefork-2.0.49… 4cb390242eb43a46532f6fdf7f0420b4 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-devel-2.0.49-2… ef53edc46eb040e7dd11356c926a8bf5 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/apache2-2.0.49-27.34.sr… f7e6698966a0f65a07aade7d9e369269 SUSE Linux 9.0: ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-2.0.48-155.i58… 807308aa43e757cfdf21073d6aa137f7 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/libapr0-2.0.48-155.i58… 1a7af28c99748ac8b9995a3c786cd066 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-worker-2.0.48-… 78fba9bf9b95ac4627d74d15d4b155f4 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-prefork-2.0.48… cd1e5cc7e4a0cf85cb188e49dfbccdc2 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-devel-2.0.48-1… 3ea067001e1978cd0a5652d29ac1aa3d ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-leader-2.0.48-… 5b92673c9bd200792ccf57b36a76f1a5 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-metuxmpm-2.0.4… d1aa4577b80d7202d2873fc60d779889 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-2.0.48-155.i58… 9a23aaf0e488b5c8edb61062d69fb425 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/libapr0-2.0.48-155.i58… 09e8a34d4138be61c48d61a12e9281b8 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-worker-2.0.48-… 39e0a2070d88a9edea81118250cc6bed ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-prefork-2.0.48… f8212bfb1c488a6d53d00726e5158858 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-devel-2.0.48-1… 6132f24e5a56d678550851ad7088b0b7 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-leader-2.0.48-… cb04a0221afe61a06c302d2fdd1bb883 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-metuxmpm-2.0.4… 51d3d131014076252bcab6744f935bcf source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/apache2-2.0.48-155.src.… af3ad54cf46206e152eba60c9117fb0e x86-64 Platform: SUSE Linux 9.3: ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-2.0.53-9.5… 85b907f4d5a2ec7bd27497aedac4c47e ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/libapr0-2.0.53-9.5… 15aa356ae44de0930c318227cb10829b ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-worker-2.0… 881993b3901d83a96743057cf761c076 ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-prefork-2.… 783f0f9bb1cbf75883f414d4a5386fdb ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-devel-2.0.… a69631d3a1e50e89203ce145f67ecb24 patch rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-2.0.53-9.5… 3600699732c5033e9904667311720bb4 ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/libapr0-2.0.53-9.5… 06fef852a80007dace6f79c88b5a70c5 ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-worker-2.0… 3f6c720b867d09826e83050bfbac866b ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-prefork-2.… 39d58d57fe57f00faaf9c1c1259ebb1f ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-devel-2.0.… 64682ae163dad142e07bc1e6ea6b136d source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/src/apache2-2.0.53-9.5.sr… 78e432f045b43ca1d62afd9d44d96ab0 SUSE Linux 9.2: ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-2.0.50-7.7… 82797e22daf1b7e45f19f76b1bbb2f2a ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/libapr0-2.0.50-7.7… 2315bf905e875d4bd18df0fea9791ed2 ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-worker-2.0… 7d7f9d6d2542ba689b08dd9e39d5378f ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-prefork-2.… 31fb42fb5888b83a5539dad2f375dfb1 ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-devel-2.0.… 929c857dc61df1f3923d6e4348ed8036 patch rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-2.0.50-7.7… d3583d0536314cf3c251ebb8f651270b ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/libapr0-2.0.50-7.7… b4f2c134ed3becd179429e9aee4794aa ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-worker-2.0… 389ffba19d5e79f8433c06210b9b6a47 ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-prefork-2.… 5877685363ba342c48b6786e8006bf46 ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-devel-2.0.… 2f40f2eb81881bd1f43246eed07cf998 source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/src/apache2-2.0.50-7.7.sr… 84d688673cabbf8b319cafc019dd795b SUSE Linux 9.1: ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-2.0.49-27.… eaabd50f11cb054e1bc312e6c3c4d77c ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libapr0-2.0.49-27.… b01ef03e4d893483b731cf52f953b99d ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-worker-2.0… 0ad003dc0ac805a939b1fd582750f24f ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-prefork-2.… 4035479cecb2a8974eb5520c03bacd44 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-devel-2.0.… f02d5e885195dfef2f290f0960e91da9 patch rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-2.0.49-27.… 87e46223583fad63819e12e8a7d80f7f ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libapr0-2.0.49-27.… 2a23e71a8807111fc3007809af259786 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-worker-2.0… 3f298e957f5071e0d9ea3a4fae438701 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-prefork-2.… 10455ff34e03fde9dba013fbe203087e ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-devel-2.0.… 3aac1003eb82a13c4760742bd2831ccf source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/apache2-2.0.49-27.34.… 3b809b2754a78471090157c04b08c3e2 SUSE Linux 9.0: ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-2.0.48-155… d6b39a54ebfbdc9d5a9c9fa72b842d4c ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/libapr0-2.0.48-155… d2592d72f35ca1cf0d2dca098fd51b40 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-worker-2.0… f6664337bbfeba977b83097fa07b55d9 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-prefork-2.… 7c804a339ee05b6282db5ac9a5cd8ac0 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-devel-2.0.… 9d493ef6d3ae7bd395369405efb4135d ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-leader-2.0… 4afef015d327ee6e4df071e92441b0cd ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-metuxmpm-2… 96897499420e553ba4ac97a821082530 patch rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-2.0.48-155… c70d2452cca409c3d46d008bbd56a444 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/libapr0-2.0.48-155… f91808259c4b87dfd3333360efbce9ff ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-worker-2.0… 53149c85a2a09b2732986d1e548e4635 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-prefork-2.… 8e6fa8a245d4e1c2e7c0f3e7003cd567 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-devel-2.0.… 60250857238c01c3f3524817e608fb60 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-leader-2.0… 5acdeba16329ccbdefcd4d9d05284e61 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-metuxmpm-2… b712fd7071094be210ab0a5651c22fa2 source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/apache2-2.0.48-155.sr… 3c2acceb99e8916f24d636607ae8d68e ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Workarounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM 523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q 2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ 1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol 0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ 8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X 11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA 8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= =LRKC - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iQEVAwUBQyq6x3ey5gA9JdPZAQGEOAf+IhzfvBvUoE2m58AKv7deDFnZdHsEiPSJ Ir7EfedFCSBS83LFBzqK5VH8cAEK84y6CdJl9NPz3Snkk+GfsFetBERjLbv4ziAi +DCBblu7F1eryKcCWFkra50xyvN0PDQZAIAmVGxHKjIB/rpF73+9a63tEbuTu2JA r0hWLMfA2fe0/YIxtgpnaSg9krpgilxooATXFPKrXLlY2dKUjpsNwscDCF9s1akD grwAy6HqLh/FI3ZRZSiVL223ype+l+3WNVX6kRaYeTSl56fgI5VwfKOsThnrVerp gmpWd0SVG2EzcilFVjRiCRpQj4bJY6HtMwbnVd1EnBX6V64U3PCA2g== =uDMc -----END PGP SIGNATURE-----

1 0

SUSE Security Summary Report SUSE-SR:2005:020
by Marcus Meissner 12 Sep '05

12 Sep '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2005:020 Date: Mon, 12 Sep 2005 13:00:00 +0000 Cross-References: CAN-2005-2626 CAN-2005-2627 CAN-2005-2069 CAN-2005-2531 Content of this advisory: 1) Solved Security Vulnerabilities: - kismet remote buffer overflow - openvpn denial of service attack - gaim AOL bugfix - ldap TLS forwarding problem - kaudiocreator cddb file overwrite problem 2) Pending Vulnerabilities, Solutions, and Work-Arounds: - evolution format string problems - Mozilla "Host:" overflow problem 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for the following incidents are already available on our FTP server and via the YaST Online Update. - kismet remote buffer overflow This update fixes two buffer overflow bugs in kismet that could probably be exploited to execute commands remotely. This issue affects SUSE Linux 9.0 up to 9.3 and is tracked by the Mitre CVE IDs CAN-2005-2626 and CAN-2005-2627. - openvpn denial of service attack A denial of service problem was fixed in openvpn: With disabled TLS authentication a malicious client could close OpenVPN connections of other clients. This is tracked by the Mitre CVE ID CAN-2005-2531 and affects SUSE Linux 9.0 up to 9.2. - gaim AOL bugfix This update fixes a problem with an earlier GAIM security update which broke the AIM protocol. The bug affected SUSE Linux 9.0, 9.1 and 9.2. - ldap TLS forwarding problem A security update was released for openldap2 and pam_ldap. This update adds a missing feature to the TLS support. Previously it was possible that a password was sent in clear text over the network even with TLS support when the connection was redirected to a slave LDAP server. This issue is tracked by the Mitre CVE ID CAN-2005-2069. All SUSE Linux products were affected by this issue. - kaudiocreator cddb file overwrite problem A bug in kaudiocreator was fixed which allows to overwrite files with the privileges of the user running kaudiocreator by placing '/../../' in the title of a CDDB entry (used by default). No Mitre CVE Entry up to now. 2) Pending Vulnerabilities, Solutions, and Work-Arounds - evolution format string problems Format string problems were reported in the evolution mail client. We are preparing updates for this issue. - Mozilla "Host:" overflow problem A buffer overflow in the IDN handling was announced for Mozilla based browsers. We are preparing updates for this issue. ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and included at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ) send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM 523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q 2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ 1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol 0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ 8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X 11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA 8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= =LRKC - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBQyWFdHey5gA9JdPZAQJOFwf9Eg5EtaSOmdmW7UOhpVYOWgoWwCYHNlJ7 bxD229QWzztAjy1ciblpUQ+ww3g6kshmcwOjE1sH0/fdiAQe4HycRXgL+vpFTMqq nEa3wxDiWfKvVJXORKMdmElB8HTvWpJnRlvnSPm3rvSUF7UCTUfU35A+CfYnG/FW YIC0vxoDlVrqs1UZSsFh7ci5xWp7cLiWgZ2HhRhQC0Vz2TqoPqh9OpUEZEEicGpN fHIDAKzrd0cJ7wmZnDMIpoWBJ+UEsJ93/9ClNPNOggpoZoUyWwct0IQmk1JIbEsg z+RN9wozk7k6tn7GhLNUj0Eob3Rf0LATGbKSDt4mgjTpAbbkI1l8Dw== =w6Po -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: apache2 (SUSE-SA:2005:051)
by Thomas Biege 12 Sep '05

12 Sep '05

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SUSE Security Announcement Package: apache2 Announcement ID: SUSE-SA:2005:051 Date: Mon, 12 Sep 2005 09:00:00 +0000 Affected Products: 9.0, 9.1, 9.2, 9.3 SUSE Linux Enterprise Server 8, 9 Open Enterprise Server 9 Vulnerability Type: local command execution, authentication bypass, memory consumption Severity (1-10): 5 SUSE Default Package: yes Cross-References: CAN-2005-2491 CAN-2005-2728 CAN-2005-2700 Content of This Advisory: 1) Security Vulnerability Resolved: - integer overflow in PCRE - memory consumption bug in byterange splitting - SSL client-certificate authentication bypass Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion This update of apache2 fixes an integer overflow in the PCRE quantifier parsing which can be triggered by a local untrusted user by using a carefully crafted regex in a .htaccess file to execute arbitrary code. (CAN-2005-2491) A memory consumption bug in the byterange handling code (CAN-2005-2728) was fixed. And a flaw in mod_ssl which allows to bypass the client-certificate authentication in a vhost context (CAN-2005-2700) was solved. 2) Solution or Workaround There are no workarounds known. 3) Special Instructions and Notes Please restart the Apache web server after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web. x86 Platform: SUSE Linux 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-2.0.53-9.5.i58… a240d419004e61a3c94208bc297ffb5b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/libapr0-2.0.53-9.5.i58… 6084268b6e5b47130846f69555485a54 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-worker-2.0.53-… b66c2ba932bddc7d5d7b6193500f5a2b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-prefork-2.0.53… 8cf9d900a458eaf328ad7e5475b06098 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-devel-2.0.53-9… ccd9f70705c6d171e4989140cdab73f0 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-2.0.53-9.5.i58… f67b79935f4b65789ddca57902b17786 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/libapr0-2.0.53-9.5.i58… 2c88ae4c308184d2433fa4e3c1812cde ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-worker-2.0.53-… 3579b413ec105c2de9ccf3fe45d067f7 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-prefork-2.0.53… 6f54201023745d49189cf1b32692b192 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-devel-2.0.53-9… fb7d8de4c15b248fd72649a31e48c44b source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/apache2-2.0.53-9.5.src.… 78e432f045b43ca1d62afd9d44d96ab0 SUSE Linux 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-2.0.50-7.7.i58… 99b8339418a1e641bd2fffd7fa94ddb4 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/libapr0-2.0.50-7.7.i58… dc24744dd9212dd9fa788cbe568369fe ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-worker-2.0.50-… bb84d16ffa1863a3421f7c3b8770f55b ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-prefork-2.0.50… db4a38f8922eba3be59954c311b00de7 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-devel-2.0.50-7… c5423ce0e107b1b8e4b015ffd25f5566 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-2.0.50-7.7.i58… 88aa0c386dce473cf0521345a999c932 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/libapr0-2.0.50-7.7.i58… f0683744ed767289109406441ea7e4ea ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-worker-2.0.50-… f680997a55ec3bcdaad8694b3aa5ecbc ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-prefork-2.0.50… 1ff03c55df428f8e71c205fa600b3d7e ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-devel-2.0.50-7… 036c6e06fb97ef635fb835116b33103d source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/apache2-2.0.50-7.7.src.… 84d688673cabbf8b319cafc019dd795b SUSE Linux 9.1: ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-2.0.49-27.34.i… 4fe736dedb51da0df880612571a4bbc0 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libapr0-2.0.49-27.34.i… 52df06eed158aa8b0cec885d92f103cf ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-worker-2.0.49-… 6fe17a0f1f3a770e9ae8e680e411db99 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-prefork-2.0.49… c7ae2f36175f28a041961e8a50f4753c ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-devel-2.0.49-2… ca9f6a43373627af3cb1ddc296175ebe patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-2.0.49-27.34.i… d02098187f6ea05bb5bdf91fbf072457 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libapr0-2.0.49-27.34.i… ac3187c44fe0cae9fbd74c7b228df60a ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-worker-2.0.49-… 14838a3ea06746a4beb6a4e5f4a0a9e8 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-prefork-2.0.49… 4cb390242eb43a46532f6fdf7f0420b4 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-devel-2.0.49-2… ef53edc46eb040e7dd11356c926a8bf5 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/apache2-2.0.49-27.34.sr… f7e6698966a0f65a07aade7d9e369269 SUSE Linux 9.0: ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-2.0.48-155.i58… 807308aa43e757cfdf21073d6aa137f7 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/libapr0-2.0.48-155.i58… 1a7af28c99748ac8b9995a3c786cd066 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-worker-2.0.48-… 78fba9bf9b95ac4627d74d15d4b155f4 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-prefork-2.0.48… cd1e5cc7e4a0cf85cb188e49dfbccdc2 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-devel-2.0.48-1… 3ea067001e1978cd0a5652d29ac1aa3d ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-leader-2.0.48-… 5b92673c9bd200792ccf57b36a76f1a5 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-metuxmpm-2.0.4… d1aa4577b80d7202d2873fc60d779889 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-2.0.48-155.i58… 9a23aaf0e488b5c8edb61062d69fb425 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/libapr0-2.0.48-155.i58… 09e8a34d4138be61c48d61a12e9281b8 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-worker-2.0.48-… 39e0a2070d88a9edea81118250cc6bed ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-prefork-2.0.48… f8212bfb1c488a6d53d00726e5158858 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-devel-2.0.48-1… 6132f24e5a56d678550851ad7088b0b7 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-leader-2.0.48-… cb04a0221afe61a06c302d2fdd1bb883 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-metuxmpm-2.0.4… 51d3d131014076252bcab6744f935bcf source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/apache2-2.0.48-155.src.… af3ad54cf46206e152eba60c9117fb0e x86-64 Platform: SUSE Linux 9.3: ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-2.0.53-9.5… 85b907f4d5a2ec7bd27497aedac4c47e ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/libapr0-2.0.53-9.5… 15aa356ae44de0930c318227cb10829b ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-worker-2.0… 881993b3901d83a96743057cf761c076 ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-prefork-2.… 783f0f9bb1cbf75883f414d4a5386fdb ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-devel-2.0.… a69631d3a1e50e89203ce145f67ecb24 patch rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-2.0.53-9.5… 3600699732c5033e9904667311720bb4 ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/libapr0-2.0.53-9.5… 06fef852a80007dace6f79c88b5a70c5 ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-worker-2.0… 3f6c720b867d09826e83050bfbac866b ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-prefork-2.… 39d58d57fe57f00faaf9c1c1259ebb1f ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/apache2-devel-2.0.… 64682ae163dad142e07bc1e6ea6b136d source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/src/apache2-2.0.53-9.5.sr… 78e432f045b43ca1d62afd9d44d96ab0 SUSE Linux 9.2: ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-2.0.50-7.7… 82797e22daf1b7e45f19f76b1bbb2f2a ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/libapr0-2.0.50-7.7… 2315bf905e875d4bd18df0fea9791ed2 ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-worker-2.0… 7d7f9d6d2542ba689b08dd9e39d5378f ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-prefork-2.… 31fb42fb5888b83a5539dad2f375dfb1 ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-devel-2.0.… 929c857dc61df1f3923d6e4348ed8036 patch rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-2.0.50-7.7… d3583d0536314cf3c251ebb8f651270b ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/libapr0-2.0.50-7.7… b4f2c134ed3becd179429e9aee4794aa ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-worker-2.0… 389ffba19d5e79f8433c06210b9b6a47 ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-prefork-2.… 5877685363ba342c48b6786e8006bf46 ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-devel-2.0.… 2f40f2eb81881bd1f43246eed07cf998 source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/src/apache2-2.0.50-7.7.sr… 84d688673cabbf8b319cafc019dd795b SUSE Linux 9.1: ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-2.0.49-27.… eaabd50f11cb054e1bc312e6c3c4d77c ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libapr0-2.0.49-27.… b01ef03e4d893483b731cf52f953b99d ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-worker-2.0… 0ad003dc0ac805a939b1fd582750f24f ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-prefork-2.… 4035479cecb2a8974eb5520c03bacd44 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-devel-2.0.… f02d5e885195dfef2f290f0960e91da9 patch rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-2.0.49-27.… 87e46223583fad63819e12e8a7d80f7f ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libapr0-2.0.49-27.… 2a23e71a8807111fc3007809af259786 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-worker-2.0… 3f298e957f5071e0d9ea3a4fae438701 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-prefork-2.… 10455ff34e03fde9dba013fbe203087e ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-devel-2.0.… 3aac1003eb82a13c4760742bd2831ccf source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/apache2-2.0.49-27.34.… 3b809b2754a78471090157c04b08c3e2 SUSE Linux 9.0: ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-2.0.48-155… d6b39a54ebfbdc9d5a9c9fa72b842d4c ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/libapr0-2.0.48-155… d2592d72f35ca1cf0d2dca098fd51b40 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-worker-2.0… f6664337bbfeba977b83097fa07b55d9 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-prefork-2.… 7c804a339ee05b6282db5ac9a5cd8ac0 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-devel-2.0.… 9d493ef6d3ae7bd395369405efb4135d ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-leader-2.0… 4afef015d327ee6e4df071e92441b0cd ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-metuxmpm-2… 96897499420e553ba4ac97a821082530 patch rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-2.0.48-155… c70d2452cca409c3d46d008bbd56a444 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/libapr0-2.0.48-155… f91808259c4b87dfd3333360efbce9ff ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-worker-2.0… 53149c85a2a09b2732986d1e548e4635 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-prefork-2.… 8e6fa8a245d4e1c2e7c0f3e7003cd567 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-devel-2.0.… 60250857238c01c3f3524817e608fb60 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-leader-2.0… 5acdeba16329ccbdefcd4d9d05284e61 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-metuxmpm-2… b712fd7071094be210ab0a5651c22fa2 source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/apache2-2.0.48-155.sr… 3c2acceb99e8916f24d636607ae8d68e ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Workarounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM 523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q 2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ 1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol 0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ 8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X 11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA 8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= =LRKC - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iQEVAwUBQyV6fney5gA9JdPZAQFYbQf8DjDUWhMI6fXarQtaJ8JJXuFaNAHa7hWb x+Inaz2HFy1TMYeXl4i7E0JRM6hE/9PR27+BaDW1xRtpVeVR2gl2C3GALgvAGdG8 WyDD7ldmb5ccCQHKrdkcKH0OAiKMXkCVEGIfGnWcUwcy9jSAbedNWa8M7z0pJMuT 7Q6UKJJlGxqkMajaIy2xJeZ0JTTbD3wKi4AlXIgoiHlFdQXa7wkZVw9ZsWVpp9Oy OeorYV/lHykvJS+M5UFCo/FPlW63qSx0hj6g9uj5DiIWE1jkRSnJv9ageFwjbaFv yxgy2qnbdcJ6AY3Cog5C4TAhhVCF1pU9QgW9luFM/qC7C9R6WbzbdQ== =Jwuk -----END PGP SIGNATURE-----

1 0