October 2006 - openSUSE Security Announce

SUSE Security Summary Report SUSE-SR:2006:025
by Marcus Meissner 27 Oct '06

27 Oct '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2006:025 Date: Fri, 27 Oct 2006 15:00:00 +0000 Cross-References: CVE-2006-2191, CVE-2006-2941, CVE-2006-3636 CVE-2006-4197, CVE-2006-4624, CVE-2006-4980 Content of this advisory: 1) Solved Security Vulnerabilities: - OpenPBS potential security problems - mailman several security problems - python overflow in repr() - libmusicbrainz overflows 2) Pending Vulnerabilities, Solutions, and Work-Arounds: - none this week 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for the following incidents are already available on our FTP server and via the YaST Online Update. - OpenPBS potential security problems An audit of OpenPBS found some potential security vulnerabilities that may allow the compromising of a system remotely and/or locally. An update was released to fix these issues. This affects SUSE Linux 9.2 up to 10.1. - mailman several security problems The mailing list manager mailman was updated to fix the following security issues: - A malicious user could visit a specially crafted URI and inject an apparent log message into Mailman's error log which might induce an unsuspecting administrator to visit a phishing site. This has been blocked. Thanks to Moritz Naumann for its discovery. CVE-2006-4624. - Fixed denial of service attack which can be caused by some standards-breaking RFC 2231 formatted headers. CVE-2006-2941. - Several cross-site scripting issues have been fixed. Thanks to Moritz Naumann for their discovery. CVE-2006-3636 - Fixed an un exploitable format string vulnerability. Discovery and fix by Karl Chen. Analysis of non-exploit-ability by Martin 'Joey' Schulze. Also thanks go to Lionel Elie Mamane. CVE-2006-2191. This affects all our current products containing mailman. - python overflow in repr() A buffer overflow within python's repr() function has been fixed. The CVE number CVE-2006-4980 has been assigned to this issue. This affects SUSE Linux 9.2,9.3,10.0 and 10.1, SUSE Linux Enterprise Server 9, and SUSE Linux Enterprise 10. - libmusicbrainz overflows The libmusicbrainz library has been updated to fix various buffer overflows that could by exploited by malicious servers to execute arbitrary code. This update affects SUSE Linux 9.2, 9.3, 10.0 and 10.1, SUSE Linux Enterprise Desktop 10, SUSE Linux Enterprise Server 9, and Novell Linux Desktop 9. It is tracked by the Mitre CVE ID CVE-2006-4197. ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds None listed this week. ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and included at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ) send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEUAwUBRUIBxHey5gA9JdPZAQLK7wf47e3jERYmJ+iFJTtodBrRkcbl6nBZA8O3 RXueDb4AW2Is3XrAXR8XemFR9oUeAVFOdif3wm4XC1LvChJbrMMuot7gI0MvqHR0 Lxi9v1G5f09K9XnQMMbfvzakuXCIehfvU6wHyYKkhLilSGMRPlMF0AUc5z9HHBbI q9t++pMnT0YwtT5IJLPe/F9+1T+m3HIoOv9npj1GZgYIVJx0z2T+LiAwELdKTsZ3 0eDP7pdvam1en2SeiPfXNhIj8z2fQf9FOAQEbmU2SyaCN6Q+mnoLzdSmM/GMzPLA LgC3FV5MzBoZNFxMrINQkaff8T13QIYg2nQ6q5dBJ65Vh8RKOvry =Jvgh -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: Qt image handling problems (SUSE-SA:2006:063)
by Marcus Meissner 25 Oct '06

25 Oct '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: Qt Announcement ID: SUSE-SA:2006:063 Date: Wed, 25 Oct 2006 16:00:00 +0000 Affected Products: Novell Linux Desktop 9 Novell Linux POS 9 Open Enterprise Server SLE SDK 10 SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 SUSE LINUX 9.2 SuSE Linux Desktop 1.0 SuSE Linux Enterprise Server 8 SuSE Linux Openexchange Server 4 SUSE LINUX Retail Solution 8 SuSE Linux School Server SuSE Linux Standard Server 8 SUSE SLED 10 SUSE SLES 10 SUSE SLES 9 UnitedLinux 1.0 Vulnerability Type: remote denial of service Severity (1-10): 6 SUSE Default Package: yes Cross-References: CVE-2006-4811 Content of This Advisory: 1) Security Vulnerability Resolved: remote denial of service in Qt image handling Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Multiple integer overflows have been found in image processing functions within the Qt class library, used for instance by the web browser "konqueror" and its rendering engine "khtml". These problems could potentially lead to heap overflows and code execution or just a browser crash (denial of service). This problem has the Mitre CVE ID CVE-2006-4811. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please close and restart all running instances of konqueror after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/qt-4.1.0-29.7.i586.rpm e12c52bc945edd9e628d6df1e13de2d6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/qt3-3.3.5-58.12.i586.rpm abe3bbbee7a4b4af9cb58bda71936c00 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/qt3-static-3.3.5-58.11.i58… 1937b5e2a6c8757cccca93ffb1408d5e SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/qt-4.0.1-10.2.i586.rpm 05c82cfb84d3b54d886892a4dc63e1ec ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/qt3-3.3.4-28.7.i586.r… 6f63526c70fe7d73080dc2de5fa11fe3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/qt3-static-3.3.4-28.7… 18d16343cf35a8bb0330bb762bbf808e SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/qt3-3.3.4-11.5.i586.rpm e169e5ee6b884b7998fa518defb6f20f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/qt3-static-3.3.4-11.4.… 014dbf4e04cd37441bf1cba412c84fef SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/qt3-3.3.3-24.2.i586.rpm efe3a67ba78ae5b23310798d00ee14db ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/qt3-static-3.3.3-24.2.… 249c9c5e985b87d2f0bd2601e2c6eed6 Power PC Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/qt-4.1.0-29.7.ppc.rpm 9c3c01f4943dfeede555f79365d1d95d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/qt3-3.3.5-58.12.ppc.rpm 91dd8f28532d3367e5d6f8884df28530 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/qt3-static-3.3.5-58.11.ppc.… ae42fa85b6e38ba036bdbe8e77f557dd SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/qt-4.0.1-10.2.ppc.rpm ab54cd200e6b1486b156f2cf70156314 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/qt3-3.3.4-28.7.ppc.rpm 833fdad7ce3b3e9bffaa3e4a65910195 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/qt3-static-3.3.4-28.7.… c42c042e858cc6cc435d977ae5a4c065 x86-64 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/qt-32bit-4.1.0-29.7.x86_… 711209a60be530a8562e54816e609a33 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/qt-4.1.0-29.7.x86_64.rpm 7ba57673efe68da9bf0004f842315ada ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/qt3-3.3.5-58.12.x86_64.r… 24cb3dcbb9c92943017f0e5ea401ada8 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/qt3-32bit-3.3.5-58.12.x8… ea46d71c833c20f18085496eace559f7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/qt3-static-3.3.5-58.11.x… 44c17f12db82e58bbf4b457eb6b66df6 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/qt-4.0.1-10.2.x86_6… 6c1ec2a6f0a109e749f7b534408b3b66 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/qt3-3.3.4-28.7.x86_… aa0bbb971bb63d4e18a7f0e4464aa0c2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/qt3-32bit-3.3.4-28.… 3b3936a24b424bc7d516095a2e431d70 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/qt3-static-3.3.4-28… 0fc0adb3a0bbb3aa49b6e6985f42565f SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/qt3-3.3.4-11.5.x86_6… 46597f7dfa33b4420c6f09c93e89aa78 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/qt3-32bit-9.3-7.2.x8… 36b4efe799155111618a9cd325f20bc6 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/qt3-static-3.3.4-11.… c237b330e43606562a4b918077257559 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/qt3-3.3.3-24.2.x86_6… 912f789b47bfe446185bccd0455f9455 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/qt3-32bit-9.2-200610… f87ba1142036ff3f31d7566a99d9e74a ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/qt3-static-3.3.3-24.… 4abfb7a5ba2254595b04896ee34695b6 Sources: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/qt-4.1.0-29.7.src.rpm 6330e726a2200327e311fd04ca1826f1 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/qt3-3.3.5-58.12.src.rpm 57ed729399ac1296be632b7dbd3be636 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/qt3-static-3.3.5-58.11.src.… 03fd50682d7fc2bbc598bdcd09f87006 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/qt-4.0.1-10.2.src.rpm be60f21b5cec25fdb0ad3ba7726a6704 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/qt3-3.3.4-28.7.src.rpm cd76c0551e1c66be5f1949621f3e88b4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/qt3-static-3.3.4-28.7.… d0479a8b6ac835b72faaa233647c3501 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/qt3-3.3.4-11.5.src.rpm 25b4693967b6078f809ec457ac126cf2 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/qt3-static-3.3.4-11.4.s… 6d2c6d1bf4ed434cfc1438e8c49b2a06 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/qt3-3.3.3-24.2.src.rpm 5c828039b8775b31a61fcc550bb74020 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/qt3-static-3.3.3-24.2.s… 15bdf0fac96eabc026079fd95ee24ede Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE SLED 10 http://support.novell.com/techcenter/psdb/f8c39f5569987d0d73366502b34c3a3c.… SUSE SLES 10 http://support.novell.com/techcenter/psdb/f8c39f5569987d0d73366502b34c3a3c.… http://support.novell.com/techcenter/psdb/115cf76bac71f3f0e647b820d43ea9ed.… SLE SDK 10 http://support.novell.com/techcenter/psdb/f8c39f5569987d0d73366502b34c3a3c.… http://support.novell.com/techcenter/psdb/115cf76bac71f3f0e647b820d43ea9ed.… Open Enterprise Server http://support.novell.com/techcenter/psdb/595ed8e88dd0e76ba4d62c4bb475e623.… Novell Linux POS 9 http://support.novell.com/techcenter/psdb/595ed8e88dd0e76ba4d62c4bb475e623.… Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/595ed8e88dd0e76ba4d62c4bb475e623.… SUSE SLES 9 http://support.novell.com/techcenter/psdb/595ed8e88dd0e76ba4d62c4bb475e623.… UnitedLinux 1.0 http://support.novell.com/techcenter/psdb/658959fe28d2fe434c2f5b9153eca1db.… SuSE Linux Openexchange Server 4 http://support.novell.com/techcenter/psdb/658959fe28d2fe434c2f5b9153eca1db.… SuSE Linux Enterprise Server 8 http://support.novell.com/techcenter/psdb/658959fe28d2fe434c2f5b9153eca1db.… SuSE Linux Standard Server 8 http://support.novell.com/techcenter/psdb/658959fe28d2fe434c2f5b9153eca1db.… SuSE Linux School Server http://support.novell.com/techcenter/psdb/115cf76bac71f3f0e647b820d43ea9ed.… http://support.novell.com/techcenter/psdb/658959fe28d2fe434c2f5b9153eca1db.… SUSE LINUX Retail Solution 8 http://support.novell.com/techcenter/psdb/658959fe28d2fe434c2f5b9153eca1db.… SuSE Linux Desktop 1.0 http://support.novell.com/techcenter/psdb/658959fe28d2fe434c2f5b9153eca1db.… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBRT9/zHey5gA9JdPZAQJAVQgAmupwQ+mIzDuk0PupQjy3TruXZpbYb90O QqpD7e/5mmUDNbEtHXqXQ01CkrSkorFFkxKk8oIe6ja64GFuLoVCqLOhMy1mSlEJ w8Tre2mpqRYVbiri4+Kzpv8wbGdJajuksFI0Sok7SzV1DQWID7ErdeYVno9eq8S4 aHCZG2RgW9TuZfgEeQGP4Y1rJmM/pRJ+IBfLrDEUVEUIRo1H8AtiSGMx024HDk2F EsZLAef2SoV/d2q5haNBY6dlL3H+K8EWPuNTFCKhgkTxXy+nEc3NnWhDRz/7X8EP 1BP2FmiueC1WIWpv492RQdGn30wwFaJpYe3wL9I7lgnfD1ckgICncw== =uZ6v -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: openssh (SUSE-SA:2006:062)
by Marcus Meissner 20 Oct '06

20 Oct '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: openssh Announcement ID: SUSE-SA:2006:062 Date: Fri, 20 Oct 2006 17:00:00 +0000 Affected Products: Novell Linux Desktop 9 Novell Linux POS 9 Open Enterprise Server SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 SUSE LINUX 9.2 SuSE Linux Desktop 1.0 SuSE Linux Enterprise Server 8 SuSE Linux Openexchange Server 4 SUSE LINUX Retail Solution 8 SuSE Linux School Server SuSE Linux Standard Server 8 SUSE SLED 10 SUSE SLES 10 SUSE SLES 9 UnitedLinux 1.0 Vulnerability Type: remote denial of service Severity (1-10): 7 SUSE Default Package: yes Cross-References: CVE-2006-4924, CVE-2006-4925, CVE-2006-5051 CVE-2006-5052 Content of This Advisory: 1) Security Vulnerability Resolved: various openssh security problems fixed in openssh 4.4 Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Several security problems were fixed in OpenSSH 4.4 and the bug fixes were back ported to the openssh versions in our products. - CVE-2006-4924: A denial of service problem has been fixed in OpenSSH which could be used to cause lots of CPU consumption on a remote openssh server. - CVE-2006-4925: If a remote attacker is able to inject network traffic this could be used to cause a client connection to close. - CVE-2006-5051: Fixed an unsafe signal handler reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. This vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote. - CVE-2006-5052: Fixed a GSSAPI authentication abort that could be used to determine the validity of user names on some platforms. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes On SUSE Linux Enterprise Server 8, please close and restart the sshd service after installing this update. All other products do this automatically during installation, there is no action necessary. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/openssh-4.2p1-18.9.i586.rpm 255c99f43b24995a085ac869082d0f32 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/openssh-askpass-4.2p1-18.9… ab68460091ac8995290a3476b5b8dbeb SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/openssh-4.1p1-10.9.i5… dd3d6f3700e9e84294cf157c3a3141c1 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/openssh-askpass-4.1p1… 89c7e004bb73629eac71ad642e8826d2 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/openssh-3.9p1-12.8.i58… dc57b898b4f43645c2fe18b58195de90 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/openssh-askpass-3.9p1-… cf7b7c04fc9e27684aa97206cd3ae0e0 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/openssh-3.9p1-3.10.i58… e54678b3168c214400c30001c33f3d2d ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/openssh-askpass-3.9p1-… 200b096a9a37b183c7ef75ae0b5b0b0c Power PC Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/openssh-4.2p1-18.9.ppc.rpm f02d12d3ce4e303676efb1cf37d26b11 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/openssh-askpass-4.2p1-18.9.… b577d22c8914b0cd36eb6187e9de6dfc SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/openssh-4.1p1-10.9.ppc… 3bd330de35c5e59775883e541af6aa91 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/openssh-askpass-4.1p1-… 04ea40beed9130fb5f11eda80b248f31 x86-64 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/openssh-4.2p1-18.9.x86_6… 55f9631c5a7a10f3a7d56016cabe3908 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/openssh-askpass-4.2p1-18… f6c77143b56d82e78701db5b56a481d1 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/openssh-4.1p1-10.9.… 32a2412b4f35461f530f73c95b5e85c2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/openssh-askpass-4.1… 0d89fa02d44e4ca99e237e3812fd4577 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/openssh-3.9p1-12.8.x… cf96c984dffb0c10ac339d917e8ef97d ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/openssh-askpass-3.9p… 9012087ea4c163b784178a3a7b22d44c SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/openssh-3.9p1-3.10.x… 7e004fedc5ff48a3c13a22d5cc1c2ab4 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/openssh-askpass-3.9p… 78278ce560a5ea87e1a4cf80126712c3 Sources: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/openssh-4.2p1-18.9.src.rpm 79f1eb2463e7638789c79ca62d158bea SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/openssh-4.1p1-10.9.src… 023b6d8056ad3dfec1357548d7b8a5ed SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/openssh-3.9p1-12.8.src.… fb5bd0e14208b1434313669fe01e8f07 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/openssh-3.9p1-3.10.src.… c2bc3328b87cc77172b1185d364a8116 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: UnitedLinux 1.0 SuSE Linux Openexchange Server 4 Open Enterprise Server Novell Linux POS 9 Novell Linux Desktop 9 SuSE Linux Enterprise Server 8 SuSE Linux Standard Server 8 SuSE Linux School Server SUSE LINUX Retail Solution 8 SuSE Linux Desktop 1.0 SUSE SLES 10 SUSE SLED 10 SUSE SLES 9 http://support.novell.com/techcenter/psdb/05412985c36daeff0c33b88942b68c2c.… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBRTjdOney5gA9JdPZAQKtOwf+IEQpQduAmfZGGqI+wK8CzWN+nl+rkh6i 4mX4tfzXAqRVzI5R3CF52pnm/PwBms40qFPqCxgpxkJ3Jbpkowc8tRLBdlnR2NC6 YX6j6qgsEiFzsWFHrqc/YMgTMDr3jeuLLVh23CBEL1/o0zjDZn56b+gX8EwD6etk bCfnyYsdlR9UNqH50otEeI1NBMbGMZXpXQsL27IhGNYIlhlmg6VZ+2jbO3FL5K+S xhz15tITBnWogtnsceeNRJNyAgv5+MgyG9Wosj1BtZj2jmzgeq9vyztOA2CBN3Ru ANnf4cY97yLWLlTxRMLdH66WoWZXj+jRfnFW/SEPLR9uNJsRFXjm/w== =c5nU -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: opera (SUSE-SA:2006:061)
by Marcus Meissner 19 Oct '06

19 Oct '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: opera Announcement ID: SUSE-SA:2006:061 Date: Thu, 19 Oct 2006 15:00:00 +0000 Affected Products: SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 SUSE LINUX 9.2 Vulnerability Type: remote code execution Severity (1-10): 6 SUSE Default Package: no Cross-References: CVE-2006-4339, CVE-2006-4819 Content of This Advisory: 1) Security Vulnerability Resolved: opera 9.02 security update Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The web browser Opera has been updated to fix 2 security problems. CVE-2006-4339: Opera was affected by the RSA signature checking problem found in openssl, since it is statically linked against openssl. CVE-2006-4819: A URL tag parsing heap overflow in Opera could be used to potentially execute code. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please restart opera after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/opera-9.02-4.1.i586.rpm bbe5562b99cffe3a119bde51790b1df2 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/opera-9.02-4.1.i586.r… cc729c73ad71905a459a7edc96800650 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/opera-9.02-4.1.i586.rpm b260206533c37162f109dfbda92ff3f0 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/opera-9.02-4.1.i586.rpm 2a31bb95736260317f7477e9b8931335 Power PC Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/opera-9.02-4.1.ppc.rpm 18b38416f249013a2f59347544ac2014 x86-64 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/opera-9.02-4.1.x86_64.rpm 172d73602edb94383433e5e94aa98199 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/opera-9.02-4.1.x86_… 6ce6083ff6e048a234ee7fcb80e6959d SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/opera-9.02-4.1.x86_6… a361e2fed980e34ecabead4611a4e77e SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/opera-9.02-4.1.x86_6… c19e7b64b6178e60c16e1ca13987e51a Sources: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/opera-9.02-4.1.nosrc.rpm 0dea4c75b3ca67aa1f58bf8e01839940 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/opera-9.02-4.1.nosrc.r… 3ad94cd2f274dcb715aa2b2a793a1c9f SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/opera-9.02-4.1.nosrc.rpm 0a087988fd89c9110c36a442aa082e55 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/opera-9.02-4.1.nosrc.rpm c5623509df2496d6da42cce781f555ab ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBRTd433ey5gA9JdPZAQK7Uwf/Y5e4m3tlSkLshtL1iRgUEP+5yWi/3ppO DDAUBTcZm/5aWVHEtqoB4zpGxLth8j6KxQZJ2Nhpv13GZ4LB2Tq22QJ1Vu8QDaD2 EIf5iiuWxYrRj0Tzp1M0raweLzgQB5Fr4VEqGjm5eJb/9ynY+pkz2Lgz/wO4DhSp M67aqFOrIcjRS7IioxaTi2o6zPK/NEUwYYYuH1rMR6mulERPdthHE7oSLsMquizV c9Gn0Je2vI7Esxg0+KGdyrsATSqyVaaxLxhhyD/LR/J3nwDgGpM0wNfU3/oac7LE M/Pi/I+ySyyoTpRAM5bVlaInQEjSEi6dx8/M8sBu5Ncs0HyB1KvePQ== =q0P8 -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: clamav security problems (SUSE-SA:2006:060)
by Marcus Meissner 18 Oct '06

18 Oct '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: clamav Announcement ID: SUSE-SA:2006:060 Date: Wed, 18 Oct 2006 18:00:00 +0000 Affected Products: Novell Linux POS 9 Open Enterprise Server SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 SUSE LINUX 9.2 SUSE SLES 10 SUSE SLES 9 Vulnerability Type: remote code execution Severity (1-10): 6 SUSE Default Package: no Cross-References: CVE-2006-4182, CVE-2006-5295 Content of This Advisory: 1) Security Vulnerability Resolved: two clamav security problems Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Two security problems have been found and fixed in the anti virus scan engine "clamav", which could be used by remote attackers sending prepared E-Mails containing special crafted infected files to potentially execute code. CVE-2006-4182: A problem in dealing with PE (Portable Executables aka Windows .EXE) files could result in an integer overflow, causing a heap overflow, which could be used by attackers to potentially execute code. CVE-2006-5295: A problem in dealing with CHM (compressed help file) exists that could cause an invalid memory read, causing the clamav engine to crash. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes None. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/clamav-0.88.5-0.2.i586.rpm 964cf3a6dd5b0f2a6d9dc64157da8161 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/clamav-0.88.5-0.1.i58… cb4b120a6bae0e0fbe01b4da1afe8a8d SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/clamav-0.88.5-0.1.i586… 80983b2e847814bf520353d2323096a8 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/clamav-0.88.5-0.1.i586… 9906e32e0d30e1ca635cb3cf24ded93e Power PC Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/clamav-0.88.5-0.2.ppc.rpm 8444302c83bde8c05ad0b364c1c44052 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/clamav-0.88.5-0.1.ppc.… d8b9cba427fd384801fdb553f0f20fcf x86-64 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/clamav-0.88.5-0.2.x86_64… cd8a450d769a8917e88abfec37d3e96a SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/clamav-0.88.5-0.1.x… 5a007b8d4f873499f4137fcebee86603 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/clamav-0.88.5-0.1.x8… e6ec8962851ae738a7c964103f655d74 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/clamav-0.88.5-0.1.x8… 6a8d3f8b6be490ee0772a03f776e8198 Sources: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/clamav-0.88.5-0.2.src.rpm afe46b41ae34d657ce2cc0c311e9efd9 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/clamav-0.88.5-0.1.src.… 623389716f793a3c477e8abe2cd4bdd9 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/clamav-0.88.5-0.1.src.r… 27232143bbf2b4d030029af3a1f77b41 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/clamav-0.88.5-0.1.src.r… da36e3d0a72dabcc16d17fed71ee2cee Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: Open Enterprise Server http://support.novell.com/techcenter/psdb/9052e142ab5cfd0891d67dee5c2e95e6.… Novell Linux POS 9 http://support.novell.com/techcenter/psdb/9052e142ab5cfd0891d67dee5c2e95e6.… SUSE SLES 10 http://support.novell.com/techcenter/psdb/9052e142ab5cfd0891d67dee5c2e95e6.… SUSE SLES 9 http://support.novell.com/techcenter/psdb/9052e142ab5cfd0891d67dee5c2e95e6.… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBRTZNcney5gA9JdPZAQJLqAf9G9QcCdBetb3SK5lacKH56OBhLLAxY0Eo +hZ2xEfwGca/ngNaUk4eeaDqHwix5HURnC+QQsIeK2RovdtkW9NhSWhCOUkxHyDd 1V7haKbUU5NxbiMxWTHasumQkO5h6XdY888hStHwz9uNDoV1by5bUjCxkhNNVyIa /LMSfgwRfHGJ6slPAfzRxqILnuo0/5Ng1SUKKIh+AfZ1HhXZbE/m/pb0N6cDKwak Swd8e4ZRkCJW4JRVvEPaTVosx4BiInSreQJoecXz2IBo6CywhHHa9zrfOkNbx/Z2 M6LA9r7Zud9mEh/BzbpD+FLcn9caFcOkY6D9WfTtHKqIdVT9m8dhqg== =uKPI -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: php4,php5 (SUSE-SA:2006:059)
by Ludwig Nussel 09 Oct '06

09 Oct '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: php4,php5 Announcement ID: SUSE-SA:2006:059 Date: Mon, 09 Oct 2006 16:00:00 +0000 Affected Products: Novell Linux POS 9 Open Enterprise Server SLE SDK 10 SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 SUSE LINUX 9.2 SuSE Linux Enterprise Server 8 SuSE Linux Openexchange Server 4 SUSE LINUX Retail Solution 8 SuSE Linux School Server SuSE Linux Standard Server 8 SUSE SLES 10 SUSE SLES 9 UnitedLinux 1.0 Vulnerability Type: remote code execution Severity (1-10): 5 SUSE Default Package: no Cross-References: CVE-2006-4625, CVE-2006-4812 Content of This Advisory: 1) Security Vulnerability Resolved: php remote code execution Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: - MozillaFirefox 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The ini_restore() method could be exploited to reset options such as open_basedir when set via the web server config file to their default value set in php.ini (CVE-2006-4625). Additionally php5 on all products as well as php4 on SLES8 were vulnerable to an integer overflow problem in the memory allocation routine. This bug can be exploited to execute arbitrary code with the uid of the web server (CVE-2006-4812). Thanks to Stefan Esser for reporting the problem. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes None 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-mod_php5-5.1.2-29.… f6dd03b1f84b776a939e58e38fd6c98f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-5.1.2-29.19.i586.rpm b6159e3912b3bffb11fae6dab9500461 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-bcmath-5.1.2-29.19.i5… 846328aa86a3f25b029e35b9d3840f63 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-curl-5.1.2-29.19.i586… c735136afd5c213ad6be4120fa43e3cb ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-dba-5.1.2-29.19.i586.… fe82cff678a1fd1cea3b230e15d873d7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-devel-5.1.2-29.19.i58… 06cfb81e9a19bef52cc219896fa45ec2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-dom-5.1.2-29.19.i586.… ede772e0df37d4327c2dadeba9db1d5c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-exif-5.1.2-29.19.i586… fe8226a18150a18cc47efd8e1e49545f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-fastcgi-5.1.2-29.19.i… 2eeaa4d328c1a88fb012a9c63d0f5737 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-ftp-5.1.2-29.19.i586.… c8d62c473ee38a740d82acbb01f2a604 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-gd-5.1.2-29.19.i586.r… 9d7627b1aea3af75e4c5af1a6e0372a5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-iconv-5.1.2-29.19.i58… 8115eb92b3097f7c3fe319c0e6c2ffc2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-imap-5.1.2-29.19.i586… d1f160e50b916e50a8e8b52195d3fc72 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-ldap-5.1.2-29.19.i586… 49d2d0ae0c9c25d38b1eaa89865bcab4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mbstring-5.1.2-29.19.… 45187b38a55b347ae84abb30d061a787 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mysql-5.1.2-29.19.i58… 94b1cecfdfb18773641439cdf1668454 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mysqli-5.1.2-29.19.i5… 5574dc126d991fef2824a6acc8c0895a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-pdo-5.1.2-29.19.i586.… 89cc8ab51584491c7b39c78b4170bb29 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-pear-5.1.2-29.19.i586… ddeca03fd455c9c93a022c012abf55e3 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-pgsql-5.1.2-29.19.i58… 89d3bfacf2abec0fbec695f69707e35d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-soap-5.1.2-29.19.i586… 0f2b0fc62b87ffd75e5f1cb21064a31f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-wddx-5.1.2-29.19.i586… 4ea6ebd1396b33d23ffacf1e9599af02 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-xmlrpc-5.1.2-29.19.i5… 1084a9ce72c2ed624949c65493db643c SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-mod_php4-4.4.… fbc86de2aaa147b2d264ff831c831792 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-mod_php5-5.0.… 007e4de44bfa90eef1ff6567f78eba59 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-4.4.0-6.20.i586.… 051943acb8ec58b129136f46c2ecd7ec ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-curl-4.4.0-6.20.… 18ec3b046301279842e52fa6cd66fca0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-devel-4.4.0-6.20… 246f6c4a6b6881228e608d46fbd1099d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-exif-4.4.0-6.20.… cb567d9796c9c1ba7b17dfb14237f426 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-fastcgi-4.4.0-6.… dbef703ac598b91a31c9cac4686eef0e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-gd-4.4.0-6.20.i5… 6f7fa5048ef406f1f5b8af256f1e1463 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-imap-4.4.0-6.20.… e4725eda81a38ad9b641435dca00f49e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-mbstring-4.4.0-6… e17da072c91687f6915c4025f6ce7726 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-pgsql-4.4.0-6.20… 1c403b9e2664f53d22888aa475c0e070 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-servlet-4.4.0-6.… 75207b60793aacc6fbf02ea735a361c0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-session-4.4.0-6.… dff3cdadd86ef5b3246624de0431c7f5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-unixODBC-4.4.0-6… 004b1818f4400fda0455eb8c84f6c1ed ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-wddx-4.4.0-6.20.… 9b2f246630ee84be56dd6f353fd8e977 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-5.0.4-9.20.i586.… e38a60b12642b056c15ec648668e2280 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-bcmath-5.0.4-9.2… 447c44c8407a6bf6988a14c5c27a1317 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-curl-5.0.4-9.20.… b1956139ea32d80efdfcffaf31b472ab ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-devel-5.0.4-9.20… 404f2abddd78e426c85d6c8158f93509 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-dom-5.0.4-9.20.i… 2b53b87602ea2f7ed6d64435e585a8fa ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-exif-5.0.4-9.20.… c75ada861608c401b7d0bc500942bc6d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-fastcgi-5.0.4-9.… 63b11a345afdb21d271ce8c9dce17bd9 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-ftp-5.0.4-9.20.i… 3ce164ecbe438e8620de4e7803a4e78c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-gd-5.0.4-9.20.i5… 77d42d51dadb0090b1e292439b50455b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-iconv-5.0.4-9.20… 9eeebde8bc4e14abfef2f63c0a3db8ad ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-imap-5.0.4-9.20.… 5fe2bb60078bcf49492ff979a7d28dd2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-ldap-5.0.4-9.20.… 9fdd80c3e3fb093a75c6490b44372570 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-mbstring-5.0.4-9… 5d3862a7c32c4c453f144396199670ad ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-mysql-5.0.4-9.20… 81b4c50e2ea1b2efbb73849f199d8a26 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-mysqli-5.0.4-9.2… c91721c527f771a939decb7d59d2a434 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-pear-5.0.4-9.20.… fe1b50e4e78b9c2ff7ca1ac28e4c0710 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-pgsql-5.0.4-9.20… 612f4fef9441665bc7f54fa7418fb8b6 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-soap-5.0.4-9.20.… 7dea87fcc3b039e0cc93586fa9caa165 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-wddx-5.0.4-9.20.… c14cfd7effda4029ad1432e20d1fe0e0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-xmlrpc-5.0.4-9.2… e9072bc3b473b76605cf0fd6c17690f1 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-mod_php4-4.3.1… cd05bada49ef9f07859502511c341bb8 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-mod_php5-5.0.3… 4dc15ec9e03e0067d9e202ea2d5a30ae ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mod_php4-servlet-4.3.1… 1e68968d9f06b7994437863fb49a7a4e ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-4.3.10-14.30.i586… 5caf64b03ece7424f7bef8c979b57c52 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-curl-4.3.10-14.30… dcb0476afba90ac91def03ce2004362c ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-devel-4.3.10-14.3… 61c11fadc92bf9ab06f739b292ecaf90 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-exif-4.3.10-14.30… 91ee711ce1de9ae7745c1d47c17f5824 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-fastcgi-4.3.10-14… 4f595cd294012bd85bd944dde6611bd6 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-gd-4.3.10-14.30.i… 0c328a3d48c297175dffb70c4f4a1379 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-imap-4.3.10-14.30… 45888d95df7d3b0411eb20fb02ccd697 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-mbstring-4.3.10-1… 358aba830423e959cc07e2293dbc6980 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-pear-4.3.10-14.30… c9ee751b2bc23a00a11fa07ae31f0026 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-pgsql-4.3.10-14.3… cdbb946e43b95fd8ef85e624a4629f5b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-session-4.3.10-14… 5247aab4da119ddef1ebb435e5e832c6 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-sysvshm-4.3.10-14… 9fd4c00263e6b63e01e090595ced8a2e ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-wddx-4.3.10-14.30… b0c884ad8505fc5a4ee4c4dee5d16bf2 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-5.0.3-14.30.i586.… 50dedfe6107fa2653315a4aac13252c7 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-bcmath-5.0.3-14.3… 55a45c1bd646124bdf9f3eea2794b533 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-curl-5.0.3-14.30.… 43d3508e975f10d231178e5e8b40dce1 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-dba-5.0.3-14.30.i… f3db940945dd212f5a9b682a89215fa5 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-devel-5.0.3-14.30… db078448d4d499c504246a32e44766ad ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-dom-5.0.3-14.30.i… 87efa23fc3ea41885f532a7de5de08fb ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-exif-5.0.3-14.30.… 54397e6467a9591de6d07fd7098618af ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-fastcgi-5.0.3-14.… 3eed6c7c14538dbd373cfa90f2f96feb ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-ftp-5.0.3-14.30.i… 9d49f8c56768433e8167c3adf9a300b2 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-gd-5.0.3-14.30.i5… 477bb33a8184c3bd2de7d8a00a1b4c2d ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-iconv-5.0.3-14.30… ad9fc22af4586c67df7f7ba71073e625 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-imap-5.0.3-14.30.… d076b8ac94953b201fe272d78ef92ae5 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-ldap-5.0.3-14.30.… 6bfaa9d4a081f4acecff27b5e9246456 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-mbstring-5.0.3-14… 85d610f4f7e14b6bf12aef1c6f8ccc7f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-mysql-5.0.3-14.30… 74094b1bd45c23fc0a69c83e8d398810 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-mysqli-5.0.3-14.3… 77fd442e71d6b929849163fd35d1016b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-pear-5.0.3-14.30.… cac6cfa6c6604782d5bcd0ad92a9e4f4 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-pgsql-5.0.3-14.30… b988bbba4ffaefb424bdee98f6fb2218 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-soap-5.0.3-14.30.… 882da0a0da11360fab0d1de9e17cbb6a ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-sysvmsg-5.0.3-14.… b431e4834365ce84bddec9f7b8a8b745 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-sysvshm-5.0.3-14.… b1b83587ed9175f4bba12d64b14604c8 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-wddx-5.0.3-14.30.… 60a8483a2be8aa09f7e8e9b466e80c48 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-xmlrpc-5.0.3-14.3… 351c07f60fa51ba61f78fd90918a12b1 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-mod_php4-4.3.8… 932db4aa97d47de823bbb8a60da6f01a ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mod_php4-servlet-4.3.8… 633090701852c58e7f7c8ddfd389260c ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-4.3.8-8.33.i586.r… 9b0fdc2c678b99e3cfb10256eccffaa8 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-curl-4.3.8-8.33.i… bb3103aa6ecc1a5ea68e99b74cd68243 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-devel-4.3.8-8.33.… 48c19eb0c5626afb0798248fb522b1e9 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-exif-4.3.8-8.33.i… f33278e462354fb9417909933bdddd4c ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-fastcgi-4.3.8-8.3… 4c63ef97386fa705aee8fd6bc0a34f1c ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-gd-4.3.8-8.33.i58… b20ce9f96b9a1d219f4284f9be1c6769 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-imap-4.3.8-8.33.i… d3ce1978b63951b01dd71e239fc8c653 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-mbstring-4.3.8-8.… 7acac40296c303c9d632f6b6049b52d0 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-pear-4.3.8-8.33.i… ee35c61e9005d0e69350bf16d9911a97 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-pgsql-4.3.8-8.33.… 18d4c3dde24ce92d9c801796008f426c ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-session-4.3.8-8.3… b3339967bf8ac7b5c73f0b477a4f86d6 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-sysvshm-4.3.8-8.3… afe0dccdecf19478671de8460fe192e5 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-wddx-4.3.8-8.33.i… 65056f0fc08ce660782f67ed31f45cec Power PC Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-mod_php5-5.1.2-29.1… 403aa6a3deb4375b6f3209360b2b40c9 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-5.1.2-29.19.ppc.rpm afc28dc756325d9032ffe5da24ff7410 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-bcmath-5.1.2-29.19.ppc… 33b26806735c57b80bb8f693dd686c1b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-curl-5.1.2-29.19.ppc.r… ed392e2bd40bb6e57d06f2924f871b28 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-dba-5.1.2-29.19.ppc.rpm 20765547d47fc406c6c03437ff5233b6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-devel-5.1.2-29.19.ppc.… b881aa56b9f2cda99b3544ca9090bcc6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-dom-5.1.2-29.19.ppc.rpm 7e4496e4ea7b782576e5cf5e81ecebc9 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-exif-5.1.2-29.19.ppc.r… 31b9f17cfffab798c5c8672fefd50552 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-fastcgi-5.1.2-29.19.pp… 00ca9a6da8ff6423a176310c66079f8b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-ftp-5.1.2-29.19.ppc.rpm 0c18e1ac2ab1bc4af92a2a04608bac5d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-gd-5.1.2-29.19.ppc.rpm fd137ee43ae350086fabc4dda8358363 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-iconv-5.1.2-29.19.ppc.… d9eb6e8e7cb2ecd412d1d7d97a08f871 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-imap-5.1.2-29.19.ppc.r… a14070473b79c34cabae4d7c422a0ca4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-ldap-5.1.2-29.19.ppc.r… 405440aeecce1f9e6db7edab2db94f07 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mbstring-5.1.2-29.19.p… 0f05185c36c427984eb6fe03d658962f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mysql-5.1.2-29.19.ppc.… df68e381e4bb8fc0a63b5295c518e2a2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mysqli-5.1.2-29.19.ppc… 6314ea97b0f8fe4f2df143d2a0490da0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-pdo-5.1.2-29.19.ppc.rpm c8527246e6af1b70798855caf9f9f835 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-pear-5.1.2-29.19.ppc.r… 77254262548be8ce2d57c0fe4c4a0bec ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-pgsql-5.1.2-29.19.ppc.… 035b88ed045ddb9ed193ad99d0b4a821 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-soap-5.1.2-29.19.ppc.r… 40902c4ea299bc8c82b8072b4257282e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-wddx-5.1.2-29.19.ppc.r… 415b36426ded7fd11854b4f5cc1312c6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-xmlrpc-5.1.2-29.19.ppc… 78dbaac509f06279442f74d55d6fbe28 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-mod_php4-4.4.0… 92c467afc8499acd6741295592135d47 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-mod_php5-5.0.4… fd2b8d050fd0b965c97f570e1eead6e2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-4.4.0-6.20.ppc.rpm 4aac71798b31f08294ea989ed12eec30 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-curl-4.4.0-6.20.p… faded8e49ab6209fa8b47cc5e35f9d50 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-devel-4.4.0-6.20.… cad2ab1f4959c036206248401332e50f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-exif-4.4.0-6.20.p… fbe624caef506f028fea26829be304ea ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-fastcgi-4.4.0-6.2… dc70abf0de81d818b28bfa8c87973b22 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-gd-4.4.0-6.20.ppc… 9a33700522d2974894092582450662d2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-imap-4.4.0-6.20.p… fe5cec68785419e1f5a880cea4325205 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-mbstring-4.4.0-6.… 64c9df252105971d2633d9c34bd8ffb7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-pgsql-4.4.0-6.20.… 14a5b886c3b88e0b55d7d29c6cf6528c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-session-4.4.0-6.2… 47fc29bd436e35c2e4484cb4ce053e7d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-unixODBC-4.4.0-6.… aa69f2d86554292e5cc33d1d71700386 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-wddx-4.4.0-6.20.p… e1ea0b3c94a48d60375ab75146640380 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-5.0.4-9.20.ppc.rpm a9d838eeffc7552d1d8761b8adf925d5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-bcmath-5.0.4-9.20… fde53494b4d321b354dfefffe794041c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-curl-5.0.4-9.20.p… c5599db73f8ae5f89a6df48724eedc28 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-devel-5.0.4-9.20.… 9cde256c6f0cbef1b3f12517dc48c116 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-dom-5.0.4-9.20.pp… 4b48505b1ff76cc580d6e6f563bfd487 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-exif-5.0.4-9.20.p… 399abb278959362a131373091b7b6f08 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-fastcgi-5.0.4-9.2… beffccac7a7a8fd2772d2cf55e68cf50 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-ftp-5.0.4-9.20.pp… b3ecb6c72b0c40c173e4ee5c0a8cd73e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-gd-5.0.4-9.20.ppc… a8fd23d05a1c7dc25ed2ba4a5f301611 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-iconv-5.0.4-9.20.… c4fefff079301ebcca63a59ab1e0e153 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-imap-5.0.4-9.20.p… 13a4aa5e1bfdd2a5ad33e7fe744ca9ea ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-ldap-5.0.4-9.20.p… bbd7eb300ee9227adfbe93b8b69356e7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-mbstring-5.0.4-9.… 8903ff48cd8226ea717f0e8e97ce2b60 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-mysql-5.0.4-9.20.… 93da69c86dcf56364fc7143a9b609c75 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-mysqli-5.0.4-9.20… 1b64509a590d002849524cdd467b79e0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-pear-5.0.4-9.20.p… 56fe5de931c142bcb8883a354e7071d3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-pgsql-5.0.4-9.20.… 96f40acb04fd6068d42dcb56b9ab89e0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-soap-5.0.4-9.20.p… 61102c8134a1f779d082d99d3aa4d9e6 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-wddx-5.0.4-9.20.p… 4d07e0dbcbd0febef91cdc9ff1c3ad57 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-xmlrpc-5.0.4-9.20… 7097dc036944f5561a26b7257428fbaf x86-64 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-mod_php5-5.1.2-2… c749607da1bc1a972e638d4370f2f35d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-5.1.2-29.19.x86_64.… 8e8082bf28dac11ee3d99178122d0368 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-bcmath-5.1.2-29.19.… 699345521cd281e9b6019f00b2b86bb5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-curl-5.1.2-29.19.x8… 7b917378da6ff33446cef9adb4a74a6e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-dba-5.1.2-29.19.x86… 9746da6165ac4b857c070381c6750fe8 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-devel-5.1.2-29.19.x… e056bb5c0ae649cbea5950314d3d5c1f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-dom-5.1.2-29.19.x86… 0c8f57d45f9149c054f8936aab135fd4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-exif-5.1.2-29.19.x8… c34912e3616e6aa67af07b10f8d3f0cb ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-fastcgi-5.1.2-29.19… 4be839015bd25b70851f2568795632b7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-ftp-5.1.2-29.19.x86… a862b4f752f2be0ae37eb3eb09e709cf ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-gd-5.1.2-29.19.x86_… d4a3111a5faf259cd8030d4d1ee30183 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-iconv-5.1.2-29.19.x… 3210a033fd82cfb3a9a33d20ff2d5b63 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-imap-5.1.2-29.19.x8… 8f646fceffa1d7395055c8b8d91f441e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-ldap-5.1.2-29.19.x8… d5f607c88c9ec11d08fcf239fb98af91 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mbstring-5.1.2-29.1… 546b07881b9268bab6eacbf83f381078 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mysql-5.1.2-29.19.x… b5e9cdb4299ba235edfa5e2d33ccc359 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mysqli-5.1.2-29.19.… 8ea616e5a196a63a67a210134bbb4f68 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-pdo-5.1.2-29.19.x86… b4e81b116ba21cd72e0c9f439a1d2f1c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-pear-5.1.2-29.19.x8… 026feb504831f32e2d34a33399616b62 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-pgsql-5.1.2-29.19.x… 0fda401e8867fcdfc7ff364ae76ee8b0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-soap-5.1.2-29.19.x8… be0633d33c9c08baba83b82436c55ac5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-wddx-5.1.2-29.19.x8… 6533d9d8acbc65856d7fbeef6dead46b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-xmlrpc-5.1.2-29.19.… 9cf9310441ffbd502d6439dc2d7de6b9 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-mod_php4-4.… 1e0de6a51def77aac177bce9d5e82b1b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-mod_php5-5.… 8e1122f9fe744a1f03d6566fd6f93130 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-32bit-4.4.0-6.… ddb89672b22e2b300fc7991c236b7db4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-4.4.0-6.20.x86… 5414044cdda8fb4a7ae550151fd21cdf ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-curl-4.4.0-6.2… 50baf6b9757589519224c7a87572eb7c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-devel-4.4.0-6.… 98d938b23a28b90d3d099f02f3f2b6c4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-exif-4.4.0-6.2… 7a4d0ed6213f52cc1a045e3fbb207f08 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-fastcgi-4.4.0-… 561e2a171e05fff93948ac16067b478d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-gd-4.4.0-6.20.… 7a1fdd00365891457d05d8bd0715c108 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-imap-4.4.0-6.2… 74bdcd4636cdae23ab0d6007eb0c8a69 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-mbstring-4.4.0… 2f2ce3fea7ca6ba5e32584419fb3fc41 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-pgsql-4.4.0-6.… 3ca43e4bbfaaa59e344bb034b1190231 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-servlet-4.4.0-… 6cfcaf4311f1176b74cd77df4a9557a7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-session-4.4.0-… 58d43be831da6ac171afa3c44633712b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-unixODBC-4.4.0… 12a56931c439fe28f41d143c7d46cf06 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-wddx-4.4.0-6.2… 632e238add83943445527286ad2a4786 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-5.0.4-9.20.x86… 003b14cc6b68249847509ba343c2ae7e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-bcmath-5.0.4-9… 5bff13f4271cf1b0c39a3c093137b3fd ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-curl-5.0.4-9.2… 08893a7b87a44dd7a58c568a66bde2fc ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-devel-5.0.4-9.… 10e6adbef4230e1433663e66e76ab097 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-dom-5.0.4-9.20… f726b6f72e2ba22ff2140d4d3369041e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-exif-5.0.4-9.2… b366024861fd8b449976e4cc3df2f5bf ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-fastcgi-5.0.4-… 24ce6fbfc7cfbdb0c32d5f0fcdbb83b4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-ftp-5.0.4-9.20… 21fa1feb4c1e92caf293b0a4d212f7e4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-gd-5.0.4-9.20.… 06641522ee0439da6478803f3164343e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-iconv-5.0.4-9.… 58d37498fac28dd0b9d4acf11769cffe ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-imap-5.0.4-9.2… 0d3bfef80261caf193d0f87b19c5b7f7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-ldap-5.0.4-9.2… 28a9435f7292a94868c071b9bd5a12fc ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-mbstring-5.0.4… c4775839ea0e3b6a4ca44e26847f2945 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-mysql-5.0.4-9.… 1b80b850f9f1df3cc8cdb81e86133040 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-mysqli-5.0.4-9… c104825999f8576717ce03e6f9ce19ee ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-pear-5.0.4-9.2… 188457c92de4703458cc1124933dd0a4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-pgsql-5.0.4-9.… 8a3451cccafc2cc843b64bc860042e42 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-soap-5.0.4-9.2… 53f7615b8cb7d6cbe052884507f2f7b0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-wddx-5.0.4-9.2… 552f17b1e803ecdd2444598bb0b6f685 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-xmlrpc-5.0.4-9… d26fd9c0b6f962bc8a9e3b7562c1290d SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-mod_php4-4.3… 643f1e34da10a3bed2d1f9c1e4712538 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-mod_php5-5.0… efdeea1303dc872a40be3b87da46ad15 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mod_php4-servlet-4.3… 70ca20f6c1162bcf99aac25c91afc858 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-32bit-9.3-7.13.… b6d3df5f0be0beb4b4c6c3fed43cef0e ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-4.3.10-14.30.x8… c952654ac95199cedf6e864692769287 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-curl-4.3.10-14.… 2f711da5b9a6cec7c5ede1ca9cab987f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-devel-4.3.10-14… ef7677be40f12c666c8cc64f9cc53f15 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-exif-4.3.10-14.… 03097a89737b2d761db59956f3f2a84c ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-fastcgi-4.3.10-… b3329ee06339347236804faacdda05fd ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-gd-4.3.10-14.30… 44eaf0ed40023787e2d4225b45493244 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-imap-4.3.10-14.… 2d93762abd94bbe4d6a3915003808f82 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-mbstring-4.3.10… b47f6a22a04b593651c2a4caf8193ddb ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-pear-4.3.10-14.… 85f0b820820978a1f9ca9c4df8d6d6c8 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-pgsql-4.3.10-14… a33d2d4ec99a423c3b04a879d871454f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-session-4.3.10-… c44f66156b0fa4e42539f97e6e3d07e2 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-sysvshm-4.3.10-… 8cf0b1691ae76361efee324ccf620bae ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-wddx-4.3.10-14.… ab41eb2df74f43b2337f04b28b0ac636 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-5.0.3-14.30.x86… d2f0e45577ba78bacb35b6b756c19921 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-bcmath-5.0.3-14… 75c441f0b1367f8fadb325f9e6a7d15f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-curl-5.0.3-14.3… a48a71f3e3868dfb06516aa55ef2d5a4 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-dba-5.0.3-14.30… c29a4230f4b262db4722a48b8c275d1c ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-devel-5.0.3-14.… a63d4f4c97883ef4eb77220db27d9dbf ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-dom-5.0.3-14.30… 05e617f0bb42e7d91136e919816c23f6 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-exif-5.0.3-14.3… ef857806b3a69116353805102fdc8bc3 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-fastcgi-5.0.3-1… 1e24ec771dfaa282a53cc56b099c931f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-ftp-5.0.3-14.30… 2d828e49145419252f146eaee1f9bbd9 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-gd-5.0.3-14.30.… 07f89108dfce4d2a11d1605ad9504db7 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-iconv-5.0.3-14.… ca6b86f0a359b76c2d43c9d11ce0e28a ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-imap-5.0.3-14.3… def26aa2782932d03212a32d2014ebef ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-ldap-5.0.3-14.3… 7e2160498dea91361182cc9da7358603 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-mbstring-5.0.3-… 323de649e6ca3caf0650986fb1589f6f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-mysql-5.0.3-14.… d415f8cd5b92d425187c8041ce124471 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-mysqli-5.0.3-14… 5dbfb8fb07bb68fdbc1c32a7bc2febf8 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-pear-5.0.3-14.3… b53f94ba9fe43ec528dbd9a588d424bd ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-pgsql-5.0.3-14.… 1cd948197a375bb6be6648863e1b8634 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-soap-5.0.3-14.3… 12b0ed1aa4abf7fecc50abb2f0515508 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-sysvmsg-5.0.3-1… d56c7f2dfa51306646b19be686a51ec5 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-sysvshm-5.0.3-1… daef780694c53520262f443007455379 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-wddx-5.0.3-14.3… ebd520248c18d2cbf0f5809b20f8698f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-xmlrpc-5.0.3-14… 318cac7311b10d8755a48e9fa3964b68 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/apache2-mod_php4-4.3… c2b8e562ff87dc6bce395a24ce3a9b47 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mod_php4-servlet-4.3… 2028fcf513906981769e27cc4949954c ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-32bit-9.2-20060… a97865f41d9f9e706c2d2ae44edb7f55 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-4.3.8-8.33.x86_… a3c90067b86988feeffb8d8eee11ab8e ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-curl-4.3.8-8.33… 1f0e7435cd4392fe11774c220f3edd72 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-devel-4.3.8-8.3… 87c63bcb25656f5a6b5e20a47469fcba ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-exif-4.3.8-8.33… 3d49718bfd1a093a55bbfb0fb3d9d67e ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-fastcgi-4.3.8-8… e6651814510fccf90f4cc173dad1ef1a ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-gd-4.3.8-8.33.x… 69958c72bded1f197491cf3aca1543d8 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-imap-4.3.8-8.33… dbd2ee8bb34c64858424cd7af03a6f11 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-mbstring-4.3.8-… edaec833274625b6d856be99fb9a20cd ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-pear-4.3.8-8.33… 9dde75c674d247bcc86262b326cfd453 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-pgsql-4.3.8-8.3… 85d4d54a73e9a7be57edc801b0265037 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-session-4.3.8-8… f3af7b261a32714e31d980581e9abed5 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-sysvshm-4.3.8-8… 714bfc397e7de8d5c5d5ece6a0e5d6e0 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-wddx-4.3.8-8.33… 8fd2ce4a48d75e9e87f829a7f1a5fe5f Sources: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/php5-5.1.2-29.19.src.rpm cc6bc61b1b20c8f0e9d5028fff7f6d24 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/php4-4.4.0-6.20.src.rpm f0517a98aa6a2e438ea1df08749526fb ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/php5-5.0.4-9.20.src.rpm 479e3a8ce7006d0da2ff0cbc652a8820 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/php4-4.3.10-14.30.src.r… 78f103b7127ae5c1fa0721f8522109fb ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/php5-5.0.3-14.30.src.rpm c59645d70437725b056d757c50313e2c SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/php4-4.3.8-8.33.src.rpm 17b174a8f31e0694ed22445e385b2b4b Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE SLES 10 http://support.novell.com/techcenter/psdb/f432b71f2a461b7fdaa41fe183b0cf96.… SLE SDK 10 http://support.novell.com/techcenter/psdb/f432b71f2a461b7fdaa41fe183b0cf96.… UnitedLinux 1.0 http://support.novell.com/techcenter/psdb/f605f6450308ab2167b3807a3ec3f6e5.… SuSE Linux Openexchange Server 4 http://support.novell.com/techcenter/psdb/f605f6450308ab2167b3807a3ec3f6e5.… SuSE Linux Enterprise Server 8 http://support.novell.com/techcenter/psdb/f605f6450308ab2167b3807a3ec3f6e5.… SuSE Linux Standard Server 8 http://support.novell.com/techcenter/psdb/f605f6450308ab2167b3807a3ec3f6e5.… SuSE Linux School Server http://support.novell.com/techcenter/psdb/f605f6450308ab2167b3807a3ec3f6e5.… SUSE LINUX Retail Solution 8 http://support.novell.com/techcenter/psdb/f605f6450308ab2167b3807a3ec3f6e5.… Open Enterprise Server http://support.novell.com/techcenter/psdb/18ce0ef65eb3f8c4c6da71f27f4397cf.… Novell Linux POS 9 http://support.novell.com/techcenter/psdb/18ce0ef65eb3f8c4c6da71f27f4397cf.… SUSE SLES 9 http://support.novell.com/techcenter/psdb/18ce0ef65eb3f8c4c6da71f27f4397cf.… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: - MozillaFirefox The previous MozillaFirefox update was erroneously compiled with debug options enabled which caused slowdowns and excessive amount of logging. Updated packages with disabled debug options are now available. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBRSpxbHey5gA9JdPZAQJo+Af+K/NJOh5nMRAQs0q2e9N0bZGvu+X19V4E mJNQa7J2l67jHd9TH3IdQKWk+FWDCMX1RQQbLSkcvGB9q6UkJ19dpzkzT/28iatZ 2tVKUO8iFMFK5QTIi/xkwVH/Tl8BYTVMZFQ1CiCqxdEtGwXG0uvtrSPyIAjF3fU/ 0AaymsF6w+bjqCb7BMOIUkAWxij2ft3JCSyd9852AU23spnrf1X8HaW/gaIjn06s oEg17DK0U8clxwd6uRALZDtuGdwO6LYINwW9SmYJGgcyvQAAUGmhT6SutdbBPdzu MsZMJTuqM9JC6qFZYJ5u8we24x4a+1JdDwtAyFcgz/sp8nC7H2/6Ag== =vnDx -----END PGP SIGNATURE-----

1 0

SUSE Security Summary Report SUSE-SR:2006:024
by Thomas Biege 06 Oct '06

06 Oct '06

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2006:024 Date: Fri, 06 Oct 2006 14:00:00 +0000 Cross-References: CVE-2006-4924,CVE-2006-4925 CVE-2006-2937,CVE-2006-2940 CVE-2006-3738,CVE-2006-4343 CVE-2006-4095,CVE-2006-4096 Content of this advisory: 1) Solved Security Vulnerabilities: - openssh: remote denial of service (CVE-2006-4924,CVE-2006-4925) - openssl: remote denial of service (CVE-2006-2937,CVE-2006-2940, CVE-2006-3738,CVE-2006-4343) - bind9: remote denial of service (CVE-2006-4095,CVE-2006-4096) 2) Pending Vulnerabilities, Solutions, and Work-Arounds: - mono - openssl - compat-openssl - php 4 and 5 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for the following incidents are already available on our FTP server and via the YaST Online Update. - openssh: remote denial of service Some denial of service problems have been fixed in OpenSSH which could be used to cause lots of CPU consumption on a remote openssh server. (CVE-2006-4924) Additionaly a remote attacker that is able to inject network traffic could cause a client connection to close. (CVE-2006-4925) - openssl: remote denial of service A buffer overflow within the SSL_get_shared_ciphers() function and a DoS condition known as "parasitic public keys" have been fixed. The later problem allowed attackers to trick the OpenSSL engine to spend an extraordinary amount of time to process public keys. The following CAN numbers have been assigned: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 and CVE-2006-4343. - bind9: rmote denial of service This update fixes two vulnerabilities in bind that allow a remote attacker to trigger a denial-of-service attack.i All packages have been released now. (VU#697164/CVE-2006-4096, VU#915404/CVE-2006-4095) ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds - mono Sebastian Krahmer of the SuSE Security-Team found a local privilege escalation bug in a Mono class. New packages will be released as soon as QA testing finished successfully. - compat-openssl* The compat-openssl packages are vulnerable to CVE-2006-4343, CVE-2006- 3738, CVE-2006-2937, CVE-2006-2940, CVE-2006-4339. New packages will be released soon. - openssl The patch for CVE-2006-2940 introduced another denial of service condition. New packages will be available very soon. - php 4 and 5 Updates for various vulnerabilities in php 4 and 5 will be released soon. ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and included at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ) send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iQEVAwUBRSZYhXey5gA9JdPZAQEZmgf/SEhKcH/aNLFSEwG4hGGcV8DpqA1dcgO/ gnpg6J8HDFxi0/tNp6lRkWom22RoRkT5cqwlRRBgaxf/4FjSi5IAGqtyHmlOMCpu /mv10h7i6lutExvtQHWkKyEcOxB5ssZ+/FZ2lsoVdsG6on4d/tzV8UQiYvRt6MQE keIb/7AsLTz+yMdEC8TcxrFGPev2C2ti+c1GTxpZ587RV10P6NAP0PdVHPNzMxL0 c7aaWNOHv6OvqQfdqcaufAYM1xa7wye2Gz21UZlHT+1Nk0nO4khOmrhseYmaT04v Ue9E2AViz8VZFjvqB99nItb179gbPbUreU4HftcDH/JzSD32rfWeyw== =XoeY -----END PGP SIGNATURE-----

1 0