November 2006 - openSUSE Security Announce

SUSE Security Summary Report SUSE-SR:2006:027
by Marcus Meissner 24 Nov '06

24 Nov '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2006:027 Date: Fri, 24 Nov 2006 16:00:00 +0000 Cross-References: CVE-2006-5170, CVE-2006-5540, CVE-2006-5541 CVE-2006-5542, CVE-2006-5925 Content of this advisory: 1) Solved Security Vulnerabilities: - postgresql denial of service problem - pam_ldap authentication bypass - links command execution with smb:/ URLs 2) Pending Vulnerabilities, Solutions, and Work-Arounds: - next kernel update 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for the following incidents are already available on our FTP server and via the YaST Online Update. - postgresql denial of service problem The SQL Server PostgreSQL has been updated to fix the following post authentication security problems: CVE-2006-5540: backend/parser/analyze.c in PostgreSQL 8.1.x allowed remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization." CVE-2006-5541: backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0.x before 8.0.9, and 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via a coercion of an unknown element to ANYARRAY. CVE-2006-5542: backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) related to duration logging of V3-protocol Execute messages for (1) COMMIT and (2) ROLLBACK SQL statements. This problem affects SUSE Linux 9.3,10.0 and SUSE Linux Enterprise Server 9 and 10. - pam_ldap authentication bypass pam_ldap did not return an error conditions correctly when an LDAP directory server responded with a PasswordPolicyResponse control response, which caused the pam_authenticate function to return a success code even if authentication has failed. (CVE-2006-5170) This affects all SUSE Linux based products. - links command execution with smb:/ URLs When using the text web browser links malicious web sites could abuse smb:// URLs to read or write arbitrary files of the user (CVE-2006-5925). The SMB support in links was disabled. This problem affects SUSE Linux 9.3 up to 10.1. ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds - Next Kernel Update We are currently preparing our 2.6 kernel to be released as updates in the mid of December, fixing all currently known security issues. This is just a roll up of known local denial of service problems and other non-security bugfixes. ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and included at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ) send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBRWcPD3ey5gA9JdPZAQJLlwgAjEKOTDYWYBO50qbOHB1PWt5KdC38XCo9 szqLw58WNmBpc6PjQjYbldBFUGOSKJMnZLkoZiwMGBAbaF0tC3Nk8g8Kl//ANz9o gpPKMlK8wo4JXU8MohBTKySOUuQQiBKj58UJFKPoKGNbs2jdSwqXp564W1m5+6/h 8T8ELp97G//IMPafEY5Aunq4M68v/A033TWMtZnifOM7Tbuh8dnZVfhFhToHRbuw 6GLzZz5N+UtQh+V+ElhB5Z/EBsDosYjumPQclofuS4RQ/FbfW+Ym3de8t1m/erdL wSr4IDv3UzN//z/cZVRDV1zHVQ3ccnCODnKG2LQvckW7z7kGkNBkTw== =mmZR -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: openldap2-client (SUSE-SA:2006:072)
by Marcus Meissner 24 Nov '06

24 Nov '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: openldap2-client Announcement ID: SUSE-SA:2006:072 Date: Fri, 24 Nov 2006 15:00:00 +0000 Affected Products: Novell Linux Desktop 9 Novell Linux POS 9 Open Enterprise Server SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 SuSE Linux Desktop 1.0 SuSE Linux Enterprise Server 8 SuSE Linux Openexchange Server 4 SUSE LINUX Retail Solution 8 SuSE Linux School Server SuSE Linux Standard Server 8 SUSE SLED 10 SUSE SLES 10 SUSE SLES 9 UnitedLinux 1.0 Vulnerability Type: remote denial of service Severity (1-10): 7 SUSE Default Package: no Cross-References: CVE-2006-5779 Content of This Advisory: 1) Security Vulnerability Resolved: openldap2 remote denial of service problem Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion OpenLDAP libldap's strval2strlen() function contained a bug when processing the authcid string of certain Bind Requests, which could allow attackers to cause an affected application (especially the OpenLDAP Server) to crash. This is tracked by the Mitre CVE ID CVE-2006-5779. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please close and restart all running instances of OpenLDAP using daemons after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/openldap2-client-2.3.19-18… 190a35510d9cdaf9026b09b115f4a809 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/openldap2-client-2.2.… 8777311fd73e304fb039c5ae0041b805 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/openldap2-client-2.2.2… 13211d16f60be2f13dcc7f806e609c15 Power PC Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/openldap2-client-2.3.19-18.… f82f97b375eb7c04a44d9829c49d246a SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/openldap2-client-2.2.2… 0fcf7f15c4418fb49d0e969ebb8cb80f x86-64 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/openldap2-client-2.3.19-… 1d92e05b10a5a2ac8da28ff0f6d3456a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/openldap2-client-32bit-2… c0b630dcc8effb762d2e4e20b393300e SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/openldap2-client-2.… 31b7c1919384c65adbe3924f645fde0a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/openldap2-client-32… 49fa838f5c2b409e909245abf96d967f SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/openldap2-client-2.2… 1414359d63ed54bfee51c7b664a611af ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/openldap2-client-32b… 26b59979a32a5f30f3cac5ea15efabfc Sources: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/openldap2-client-2.3.19-18.… bba81b7841ae9fa01cb1ed99daf4db25 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/openldap2-client-2.2.2… bbe064bda877ac9c5f497b143358440c SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/openldap2-client-2.2.23… f92d303fd9a08ab6a87d5b000e054ef6 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: UnitedLinux 1.0 SuSE Linux Openexchange Server 4 Open Enterprise Server Novell Linux POS 9 Novell Linux Desktop 9 SuSE Linux Enterprise Server 8 SuSE Linux Standard Server 8 SuSE Linux School Server SUSE LINUX Retail Solution 8 SuSE Linux Desktop 1.0 SUSE SLES 10 SUSE SLED 10 SUSE SLES 9 http://support.novell.com/techcenter/psdb/bb15de3abad130715a6d95ac3c49fde6.… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBRWcE0ney5gA9JdPZAQLtygf7Bg6VMabkGlxMC1dWd6nkulOLGqaflpmn GWu2wtCFhveBeq/sx8G3ceLtsVCbxpfN0sbUTvgHi9dEiOelWyJM8FpqpqQi0/1a d38bWh580C3CvtT9Xm57B/IkVINpa8Imr48B7yaIOVr6rC5GH7KH0F7CG72xsIDV SnVS0xjvTN78y770C77+mz0SQo9rWkvtbgSzTBXSJ0kqgtc0G3xcW4dumwWeKT13 un8h1Rz5tu3EEJxZhClds786m2Oz2WE9TmYt6k0x9eo6cRz3XPqkW5I0JSQr2oOA CfJT0oBAa0IVRb8AQ6LP1RFKrohLxnC+CA/ka5Lyh4OuVqbzQh0rtw== =ARcp -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: phpMyAdmin (SUSE-SA:2006:071)
by Marcus Meissner 24 Nov '06

24 Nov '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: phpMyAdmin Announcement ID: SUSE-SA:2006:071 Date: Fri, 24 Nov 2006 12:00:00 +0000 Affected Products: SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 Vulnerability Type: cross site scripting Severity (1-10): 6 SUSE Default Package: yes Cross-References: CVE-2006-3388, CVE-2006-5116, CVE-2006-5117 CVE-2006-5718 Content of This Advisory: 1) Security Vulnerability Resolved: phpMyAdmin security upgrade Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The phpMyAdmin package was upgraded to version 2.9.1.1. While we usually do not do version upgrades, fixing the occurring security problems of phpMyAdmin got too difficult so we decided to go with the current upstream version. This release includes fixes for the previously not fixed security problems tracked by the Mitre CVE IDs CVE-2006-3388, CVE-2006-5116, CVE-2006-5117, and CVE-2006-5718 and of course all other bugs fixed in 2.9.1.1. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes None. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. Platform Independent: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/noarch/phpMyAdmin-2.9.1.1-2.1.n… fb85f5fed5abc54bdbd1309678d80875 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/noarch/phpMyAdmin-2.9.1.1-… dfb67d57dc9f17df7f7531ffd2d51a85 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/noarch/phpMyAdmin-2.9.1.1-2… b7216edcb198fe74fe5dc4feeafdc0d5 Sources: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/phpMyAdmin-2.9.1.1-2.1.src.… 4e334b1e1909a0fc17bd02148bf770ac SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/phpMyAdmin-2.9.1.1-2.1… 1aa59e5aa181820c771c2ef465128866 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/phpMyAdmin-2.9.1.1-2.1.… 026a7b85870c558d37724ef96b81c5a9 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBRWbjtney5gA9JdPZAQLfYAgAn1E0BLKlInK4d7D75vyoOSBU4E/MJhkp KUNCeJJ6DAP9NdML0pf5NK6tdMV1dwWfhOA+dTjKBIgc/YnSxT8svwFAAiwZi4qy bIpXg29mGn5S8Bt2d+zzvxUbMTJB3Mr2HCB5GDGtjhCtkNKb1+bhSXvUQCmFS/At teiCsJDRY2H0OFaG8f9QBQ/vcTubeth5i6PSwTT9l/1boEQwb81SnPEgtH5Ih4Hp XymT3R+nUDyuDeIZIa+Jv+ywRTeAuduW2U58Ydq5XDl7ZC4LNOngW7A/suX9WvJs thtQqP0L9rZrH/PxJGTzC4wSt7luxIrUO1JPiCVvWBbHSDx8AD2aEA== =PYwo -----END PGP SIGNATURE-----

1 0

SUSE Linux 9.2 security support is now discontinued.
by Marcus Meissner 21 Nov '06

21 Nov '06

Hi, With todays release of "pam_ldap" we discontinue the security support for SUSE Linux 9.2. For the discontinuation schedule of our SUSE Linux products, please have a look at http://en.opensuse.org/SUSE_Linux_Lifetime The next discontinued SUSE Linux version will be SUSE Linux 9.3, around end of April 2007. SUSE Linux 9.2 was released in begin of October 2004. It was the first release featuring Delta RPMs, making downloads of patches even smaller than with the Patch RPMs we used before. The difference in "Recommended" patches is mostly due to the previous SUSE Linux 9.1 being the base of SLES 9 and also the first release with Linux 2.6 kernel and so getting more bugfixes. Patches (active patches) (difference to SL 9.1): Total: 581 (278 active) (-58) Security: 487 (204 active) (-5) Recommended: 74 (57 active) (-45) Optional: 20 (17 active) (-8) Split by type of patch (compared with 9.1 for the ones with large numbers): 17 kernel (-3) 16 clamav (+3) 14 apache2-mod_php4 (-3) 13 MozillaFirefox (+2) 11 opera ( 0) 10 ethereal ( 0) 9 phpMyAdmin ( 0) 8 squid (-2) 7 apache2 (-2) 7 squirrelmail (+1) 6 kdelibs3 (-5) 6 mailman ( 0) 6 MozillaThunderbird 6 wget 6 xorg-x11-server 6 xpdf 5 acroread 5 gaim 5 gpg 5 gpg2 5 horde 5 ImageMagick 5 java-1_4_2-sun 5 kdegraphics3-pdf 5 libtiff 5 mozilla 5 mysql 5 postgresql 5 RealPlayer 5 ruby 4 dia 4 evolution 4 freeradius 4 gd 4 gpdf 4 heimdal 4 mpg123 4 openssh 4 openssl 4 pdftohtml 4 samba 4 xine-lib (rest has 3 occurences or less) du of update tree: 1748156 ./deltas 1796 ./misc/resizer 1800 ./misc 2156 ./patches 3652 ./patches.obsolete 23068 ./repodata 3696756 ./rpm/i586 87780 ./rpm/noarch 1259832 ./rpm/src 2486308 ./rpm/x86_64 7530680 ./rpm 24 ./scripts 9309540 . Ciao, Marcus

1 0

SUSE Security Summary Report (SUSE-SR:2006:026)
by Marcus Meissner 17 Nov '06

17 Nov '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2006:026 Date: Fri, 17 Nov 2006 15:00:00 +0000 Cross-References: CVE-2006-5794 CVE-2006-5864 CVE-2006-4339 CVE-2006-5467 CVE-2006-2362 CVE-2006-4809 CVE-2006-4808 CVE-2006-4807 CVE-2006-4806 CVE-2006-5461 CVE-2006-0743 Content of this advisory: 1) Solved Security Vulnerabilities: - openssh return value checking - gv stack overflow - bind DNSSEC RSA signature checking problem - ruby CGI denial of service problem - binutils tekhex overflow - imlib2-loaders denial of service and overflows - avahi netlink message injection - log4net syslog format string problem 2) Pending Vulnerabilities, Solutions, and Work-Arounds: - None listed this week. 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for the following incidents are already available on our FTP server and via the YaST Online Update. - openssh return value checking The OpenSSH release 4.5 contains a security fix which has been back ported to the openssh versions in our old products. CVE-2006-5794: Incorrect return argument checking in the privilege separation monitor was fixed. In case of an exploitable unprivileged helper this could have been used to elevate privileges. This is by default not exploitable, it requires another exploitable problem in the privilege separated processes. All SUSE Linux based products were affected by this problem. - gv stack overflow A stack overflow in the postscript viewer gv could be used to exploited to execute code, if the user could be tricked into viewing a prepared postscript file using gv. (CVE-2006-5864) All SUSE Linux based products were affected. - bind DNSSEC RSA signature checking problem The RSA signature problem tracked by the Mitre CVE ID CVE-2006-4339 also affects the DNSSEC implementation in the BIND nameserver. All SUSE Linux based distributions were affected by this problem. - ruby CGI denial of service problem A denial of service problem in the CGI multipart parsing of "ruby" was fixed, which could have allowed remote attackers to affect a denial of service attack against ruby based web services. (CVE-2006-5467) All SUSE Linux based products containing ruby were affected. - binutils tekhex overflow A buffer overflow was fixed in the tekhex handling in "binutils" which could be used by attackers supplying files to "file" to crash this program. (CVE-2006-2362) All SUSE Linux based products were affected, except SLE 10 and 10.1, which already included the fix at ship time. - imlib2-loaders denial of service and overflows Various security problems have been fixed in the imlib2 image loaders: CVE-2006-4809: A stack buffer overflow in loader_pnm.c could be used by attackers to execute code by supplying a handcrafted PNM image. CVE-2006-4808: A heap buffer overflow in loader_tga.c could potentially be used by attackers to execute code by supplying a handcrafted TGA image. CVE-2006-4807: A out of bounds memory read in loader_tga.c could be used to crash the imlib2 using application with a handcrafted TGA image. CVE-2006-4806: Various integer overflows in width*height calculations could lead to heap overflows which could potentially be used to execute code. Affected here are the ARGB, PNG, LBM, JPEG and TIFF loaders. Additionally loading of TIFF images on 64bit systems is now possible. SUSE Linux 9.2 up to 10.1 and SLED 10 were affected by this problem. Since the only common user of imlib2 is digikam, which usually does not receive images from the network, chance of exploit-ability is low. - avahi netlink message injection Avahi did not check that the received netlink messages originated from the kernel. This could be used by local attackers to inject packets into avahi which could be used to inject bad netlink messages into Avahi, confusing its routing code. (CVE-2006-5461). SUSE Linux 10.1 and SLED 10 were affected by this problem. - log4net syslog format string problem This update fixes a format string exploit in the RemoteSyslogAppender of the C# log4net.dll. It requires an attacker to be able to inject prepared text into the logging framework. The issue is tracked by Mitre CVE ID CVE-2006-0743 and was found by Sebastian Krahmer of SUSE Security. Affected was the log4net package in SUSE Linux 10.1 and all C# applications that include a copy of log4net.dll. The latter were not updated yet. ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds None are listed this week. ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and included at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ) send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBRV3Y83ey5gA9JdPZAQLWNwf/RS6dFwpD/Vhn8jo/4fRBMBUP5ztAbfl6 VL4iGah4meJHl4FinQhRE6Uo+i9p1AnaVeP7ylxoQ77YFneJ8P4VfONp4KZq36oM wwZgxpkSB+mKFid8diaahgbaIbv1teZhKS2S68kUfcFJNEnPaqW1vfYW+elNIomJ DA2pJ0R/L16j9euNU48/rPJhkB+iqrSxdG60VN48ZhgKwlijJR9Upz9EMqSTgvwA QNG9iKXu1ry8x3YlusFeFL/E9FhNyA6wqgTKPWol65UByDuXb1FLMh4C0+XBzn/h 9UivJHVL1e7uqb7bwmjcz4ktV0K4vwZ3MFef6D+KXDOLBVi2ncoZpQ== =py99 -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: powerdns denial of service (SUSE-SA:2006:070)
by Marcus Meissner 16 Nov '06

16 Nov '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: pdns Announcement ID: SUSE-SA:2006:070 Date: Thu, 16 Nov 2006 18:00:00 +0000 Affected Products: SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 Vulnerability Type: remote denial of service Severity (1-10): 5 SUSE Default Package: no Cross-References: CVE-2006-4251, CVE-2006-4252 Content of This Advisory: 1) Security Vulnerability Resolved: pdns-recursor remote denial of service attack Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Two security problems that have been found in PowerDNS are fixed by this update: CVE-2006-4251: The PowerDNS Recursor can be made to crash by sending malformed questions to it over TCP potentially executing code. CVE-2006-4252: Zero second CNAME TTLs can make PowerDNS exhaust allocated stack space and crash. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please close and restart all running instances of powerdns (pdns) after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/pdns-2.9.19-13.4.i586.rpm 6055b5141652ae0c1aa1e06a42b44803 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/pdns-2.9.17-7.3.i586.… 7e00c1cf54b562a3c357dea686c982f0 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/pdns-2.9.17-4.5.i586.r… 1e15ba7307b9e0a911e01bb3f52f0273 Power PC Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/pdns-2.9.19-13.4.ppc.rpm dc4649ea74102da40d02c890c893f1e4 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/pdns-2.9.17-7.3.ppc.rpm e7b0ebbadbc3a138585e91171d5b9e30 x86-64 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/pdns-2.9.19-13.4.x86_64.… 09df96ef8fdc1a4b2949dfe2c6368e78 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/pdns-2.9.17-7.3.x86… f4dbb8f21074ea6a1ae5de3392aa8ab4 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/pdns-2.9.17-4.5.x86_… 60473630591093c27198a7d092bda654 Sources: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/pdns-2.9.19-13.4.src.rpm dbf81731307a7a731fa06f7d81a467f7 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/pdns-2.9.17-7.3.src.rpm 2fec1f00a40c6b77ca34805662e8d9c4 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/pdns-2.9.17-4.5.src.rpm 57c0bf5e33016704e7bf88111abd3fc9 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBRVyd53ey5gA9JdPZAQJiVgf/TenDur7KOa87XmKUekKMY+0oq619hr+x 4PRYaUTAIzodn0CtpnmWFRnxxaz9va/f06LX4PG4zYmG1349gpv89AzAUfCapsza LlGiGcQD1j2e/6R0qtTKCtiVblKKpuai7sEhko2KnVZUZxB0Ey9mq6C3YW79LmoL SHbK83xKWcwKDQhwxQ4yz6VAkOHZBIfGWcdgJHkydD4dJ1w2y8RvhT+zRvGsMTMN zZnAab1GE3QBDQ6rA6pc57P4xnwavkKrmdce39PrM8uHi702oxSXYtpj9lMZAge9 yQmTu1UKG2//bLg1MCb4ic9mrB/2SpaxZUT3MWZhpcL8XZ/MU4TmdA== =5FIA -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: asterisk (SUSE-SA:2006:069)
by Marcus Meissner 16 Nov '06

16 Nov '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: asterisk Announcement ID: SUSE-SA:2006:069 Date: Thu, 16 Nov 2006 18:00:00 +0000 Affected Products: SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 Vulnerability Type: remote denial of service Severity (1-10): 6 SUSE Default Package: no Cross-References: CVE-2006-5444, CVE-2006-5445 Content of This Advisory: 1) Security Vulnerability Resolved: Asterisk two security problems Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Two security problem have been found and fixed in the PBX software Asterisk. CVE-2006-5444: Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) as used by Cisco SCCP phones, allows remote attackers to potentially execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. CVE-2006-5445: A vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk on SUSE Linux 10.1 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please close and restart all running instances of asterisk after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/asterisk-1.2.5-12.8.i586.r… 8af646c3a835f9388bb24cf4fb4f4896 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/asterisk-1.0.9-4.6.i5… 1ea65f3361d4968a7d56ad5db441da83 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/asterisk-1.0.6-4.6.i58… 394149307b5165453749dac1677705d5 Power PC Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/asterisk-1.2.5-12.8.ppc.rpm 3c265f83a0329dd1a4b2391f0c479d65 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/asterisk-1.0.9-4.6.ppc… 9b1ae15d6248aeb79d68058fe924cba9 x86-64 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/asterisk-1.2.5-12.8.x86_… 372cf1854c36e1c347f8d349a0025e63 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/asterisk-1.0.9-4.6.… 9ed9cc0cb929b73e2c93485762dfa778 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/asterisk-1.0.6-4.6.x… 3c5340048f204d6111f0be16fcf40923 Sources: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/asterisk-1.2.5-12.8.src.rpm 835aad905134159f86e8905ba9adfcc6 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/asterisk-1.0.9-4.6.src… 503bcc2cbd1559a8e012b1cebe7af889 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/asterisk-1.0.6-4.6.src.… c89bb1617fed47b62d6ad1208f1b6c69 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBRVyay3ey5gA9JdPZAQLDdwf+MERPe55jS5ufcK7SeA2ci43rexdJtbq/ UIsMV1BG2TgBq9lZzxrCwRIgZbQPfkxtgMyPORJI0x1tAwSudXoRqp7GWcxM6TqT hhlueXrvap8KdhXZK1ulq7E3R76HCSO0ajRYbtQvxMsnxAwFkfL5HYR6sEEjUg+P gfGwrr2dnUBYXjxrSRwOseMj4Ok/5XthfC+cdF5zE4ZKu/rhwDWMC6aGRZNUoAz4 03qYdfFidrzzov37qeJSnhXE39f5+FNGW70P3IKLI5th6A4eCd4DGwULTwoT5ixi cKKDJQgAIsFeBXoxG5Noh1T6+rCqI+0kQonx7rLNqxD3GmQhMEobOQ== =C/bJ -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: Mozilla Firefox, Thunderbird, SeaMonkey (SUSE-SA:2006:068)
by Marcus Meissner 16 Nov '06

16 Nov '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: MozillaFirefox,MozillaThunderbird,seamonkey Announcement ID: SUSE-SA:2006:068 Date: Thu, 16 Nov 2006 18:00:00 +0000 Affected Products: Novell Linux Desktop 9 SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 SUSE SLED 10 SUSE SLES 10 Vulnerability Type: remote denial of service Severity (1-10): 6 SUSE Default Package: yes Cross-References: CVE-2006-5464 CVE-2006-5747 CVE-2006-5748 CVE-2006-5462 CVE-2006-5463 MFSA2006-65 MFSA2006-66 MFSA2006-67 Content of This Advisory: 1) Security Vulnerability Resolved: Mozilla Firefox/Thunderbird 1.5.0.8 update Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion MozillaFirefox has been updated to the security update release 1.5.0.8, MozillaThunderbird has been updated to 1.5.0.8, and the Mozilla Seamonkey suite has been updated to 1.0.6 to fix the following security issues. Full details of the security problems can be found on: http://www.mozilla.org/projects/security/known-vulnerabilities.html MFSA2006-65: This issue is split into 3 sub-entries, for ongoing stability improvements in the Mozilla browsers: CVE-2006-5464: Layout engine flaws were fixed. CVE-2006-5747: A xml.prototype.hasOwnProperty flaw was fixed. CVE-2006-5748: Fixes were applied to the Javascript engine. MFSA2006-66/CVE-2006-5462: MFSA 2006-60 reported that RSA digital signatures with a low exponent (typically 3) could be forged. Firefox and Thunderbird 1.5.0.7, which incorporated NSS version 3.10.2, were incompletely patched and remained vulnerable to a variant of this attack. MFSA2006-67/CVE-2006-5463: shutdown demonstrated that it was possible to modify a Script object while it was executing, potentially leading to the execution of arbitrary JavaScript bytecode. Note that Mozilla Suite updates for products before SUSE Linux 10.1 / SLES 10 are not available yet due to backporting problems. 2) Solution or Work-Around Please install the update packages. 3) Special Instructions and Notes Please restart running Firefox browsers and Thunderbird Mailprograms after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/MozillaFirefox-1.5.0.8-0.2… a71ff28968946b9f5f418850fd89f040 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/MozillaFirefox-translation… 0670be80cb53f1812c1ec2111dc3d319 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/MozillaThunderbird-1.5.0.8… 582ee8d62a2265f419f3c935fd28e140 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/MozillaThunderbird-transla… 3a697615a0d1d91bbad17744c10d5642 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-1.0.6-0.1.i586.r… 038fa9aa0cc125ebcabd5056ae053e3c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-calendar-1.0.6-0… 39fb09fd03477ae0b21a9465a367743e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-dom-inspector-1.… 6e3c9353d48a8aabd5adb17abc8b8a10 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-irc-1.0.6-0.1.i5… f6899d09d3d1d3e03e615a35fb33d693 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-mail-1.0.6-0.1.i… c64abb5300c18531d13095ac60197117 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-spellchecker-1.0… 6af660eae2ea7212846321fdeabc0a6c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-venkman-1.0.6-0.… 1a426dc987e6d1b1cc43362d5bf49c3e SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaFirefox-1.5.0.… e33a435adb724a5a67e3f1a6b3170079 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaFirefox-transl… aba89e486b5fd093403070dad154382a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaThunderbird-1.… a2781cd3c5a5afdffc786fbab2520bba SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-1.5.0.8… f1e93cd6d77c99c1b8085955169e4f23 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-transla… 239863d6c69b11262007a86c5d5596c3 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaThunderbird-1.5… 44b9e963442b7312dc26f11795022627 Power PC Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/MozillaFirefox-1.5.0.8-0.2.… e909d7df1cb3e4540ca0302508852874 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/MozillaFirefox-translations… af32635994a6bb074f6d5e5b885ee1c6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/MozillaThunderbird-1.5.0.8-… bf17da86409001df349ae4fbac4b668b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/MozillaThunderbird-translat… f44b2d371ad12a48a989b96ed4023167 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-1.0.6-0.1.ppc.rpm 8f5947f98696c98356313ca55ac490e8 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-calendar-1.0.6-0.… 752591a3c37606ae0cd0bf45a615dc79 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-dom-inspector-1.0… 2e819c9757969f9599a5c164c3a6580b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-irc-1.0.6-0.1.ppc… 4291c715903383ccc9a171e2e49ebfab ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-mail-1.0.6-0.1.pp… a19f68a00db97ae677958661c9894f8d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-spellchecker-1.0.… 31be91c974e4ba3c01439180d480d274 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-venkman-1.0.6-0.1… f2d1a5caa889b38e90364a6a4a12a980 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/MozillaFirefox-1.5.0.8… 69f4d936a8d8f11ea0dce189ed4f7f01 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/MozillaFirefox-transla… a7a3bd6f9f3b4147acaf414437fcabe2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/MozillaThunderbird-1.5… e6ca4b911052054a45371f41abc77a70 x86-64 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/MozillaThunderbird-1.5.0… f232cb857a035182ed2d521bfd55f874 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/MozillaThunderbird-trans… cdb73b01ecd43204b5790ee3bf253de0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-1.0.6-0.1.x86_… 7382f2acbf3bd3fc3aed35ca71b0d65e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-calendar-1.0.6… 17e317ec80fa07a95fdc1f113c7417df ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-dom-inspector-… 525b092e5cc19e58e80d2f7e520cb554 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-irc-1.0.6-0.1.… 7ef37cf7fd80a2b40af3bb2f7ff7c665 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-mail-1.0.6-0.1… 1705c736eeddaa6d6e4add05e727ef39 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-spellchecker-1… 0756bad0119aa9f282a70f71a4759a86 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-venkman-1.0.6-… b85bfb834272d99c6050bb268c4a3149 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/MozillaThunderbird-… 96513992769ceb5e0d4b90a9c2fda4de SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/MozillaThunderbird-1… 7cbbc19627f55155e9f7b436b4a33527 Sources: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/MozillaFirefox-1.5.0.8-0.2.… e911273b221cb088d07f0413f0e22907 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/MozillaThunderbird-1.5.0.8-… 5bf89c4adbb54a5e86fa03b3d6b4fde0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/seamonkey-1.0.6-0.1.src.rpm a2d387652f944c0cb106310ad3502b87 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/MozillaFirefox-1.5.0.8… ccdd21afb275385efd1fa5bee9ce2101 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/MozillaThunderbird-1.5… 8216c602629777a602bd88b7aa73c5ed SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/MozillaFirefox-1.5.0.8-… bbc1be52a5618a586e50e8cd1d1d420b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/MozillaThunderbird-1.5.… e766484c7d8fb446bd53a20edbc1f0cc Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: Novell Linux Desktop 9 SUSE SLES 10 SUSE SLED 10 http://support.novell.com/techcenter/psdb/eb29e246d47ad02c74de06d48db89df2.… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBRVyZRXey5gA9JdPZAQIceggAjwm5oNIRAQMmoGGzOY1xJ7p6j45iqTsW Q6/fg50QX7dtdgauhkqu3011uWJi+eocg9NaAy2mPtfo405RRtxJ7iEsn3jLtghS ELqUfHysQ+pcFxIqrW7h+dDYAzIcGBTXGSe9ZO58qOI/s4Dy/jjQNABJwo4Qj2vX VofHvzW0O9JmzHPHuGjsAckg3VfEgcykcZSpGl/0sGr5+FFjhXs7lv7r3+gV2sTB 27L+VlI8xPlYW/QZyfz/4C92RDHXtilIbnkr2ZWA/ke5X1jOlMXe71NUY+wcxkWV 7UiCrAxzT57z93KLY2HvNp2l4CYz2O3czxcauN7YRYpzB7TYLKFK4A== =dT8Q -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: php4,php5 (SUSE-SA:2006:067)
by Marcus Meissner 15 Nov '06

15 Nov '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: php4,php5 Announcement ID: SUSE-SA:2006:067 Date: Wed, 15 Nov 2006 13:00:00 +0000 Affected Products: Novell Linux POS 9 Open Enterprise Server SLE SDK 10 SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 SuSE Linux Enterprise Server 8 SuSE Linux Openexchange Server 4 SUSE LINUX Retail Solution 8 SuSE Linux School Server SuSE Linux Standard Server 8 SUSE SLES 10 SUSE SLES 9 UnitedLinux 1.0 Vulnerability Type: remote code execution Severity (1-10): 5 SUSE Default Package: no Cross-References: CVE-2006-5465 Content of This Advisory: 1) Security Vulnerability Resolved: htmlentities/htmlspecialchars security problem Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion This update fixes the following security problems in the PHP scripting language: - CVE-2006-5465: Various buffer overflows in htmlentities / htmlspecialchars internal routines could be used to crash the PHP interpreter or potentially execute code, depending on the PHP application used. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please close and restart all running instances of Apache after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-mod_php5-5.1.2-29.… e57faa80b680e8b814b453c00d6056e0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-5.1.2-29.22.i586.rpm 0d3e0e486207b46738fef33974ea756f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-bcmath-5.1.2-29.22.i5… a5dd93bdd188f701d177f332c0a55500 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-curl-5.1.2-29.22.i586… 9e93b00f0216801359a1ed324a65d0fd ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-dba-5.1.2-29.22.i586.… aa15b807cd189e88b7f30a7cd9c744db ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-devel-5.1.2-29.22.i58… ba6c9a988609fcce31c3afc4ba9c9e60 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-dom-5.1.2-29.22.i586.… 5bad8ee3d16b064fc5efd84dd64b0838 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-exif-5.1.2-29.22.i586… d8010101b12dee6e55d5b14f9c463940 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-fastcgi-5.1.2-29.22.i… 603ad80865068613d5c00aa75c105795 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-ftp-5.1.2-29.22.i586.… 7693420c2bb38649715f4ebf13b750a0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-gd-5.1.2-29.22.i586.r… 897159ca99eab83235d1398010655fdf ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-iconv-5.1.2-29.22.i58… 50b9393db3bb04d196b5da76f27527b3 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-imap-5.1.2-29.22.i586… 84fa47af4e3b15b2467f63c57b6bcfe6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-ldap-5.1.2-29.22.i586… 95ed616dbd9e7540ad1744434907960c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mbstring-5.1.2-29.22.… 68994bcb46af786aca3fd888bc815722 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mysql-5.1.2-29.22.i58… b61972de0f3213f3037ce37a5b897be7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mysqli-5.1.2-29.22.i5… aae68afa2af2d0d4fcce18daf0639df7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-pdo-5.1.2-29.22.i586.… 41e2c224dd1ac7b6f66a7e745931b000 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-pear-5.1.2-29.22.i586… 02364d8f8a53b0a54bb7042f4ab67970 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-pgsql-5.1.2-29.22.i58… dc869ef20138b5b02a305f7c18213652 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-soap-5.1.2-29.22.i586… aab3d499075097d4b6833a62180a8d1d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-wddx-5.1.2-29.22.i586… 9677f236aca423ff36bf5b00863abb47 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-xmlrpc-5.1.2-29.22.i5… be37a78bcd35b9eedc708dd110bd99bf SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-mod_php4-4.4.… 3897b132d043814a1c8e43f6139fee76 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-mod_php5-5.0.… 543c37978b77cfd044b71737962fcd2c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-4.4.0-6.22.i586.… 4c7df6649be25c769fc9d2da2b581c84 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-curl-4.4.0-6.22.… 1d7ac601f57464c640185e485fd37d5f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-devel-4.4.0-6.22… 99dcbc288737fd7c4e42c2021f7b73f1 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-exif-4.4.0-6.22.… 81c7d67483b221902ab2d503f3818bae ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-fastcgi-4.4.0-6.… b14e808651633396dc7e49867e904b88 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-gd-4.4.0-6.22.i5… 0ea0c71655f4a820c04b67aa76dcc86f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-imap-4.4.0-6.22.… c73c1d12eccdf9a7f297d7db09bbc715 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-mbstring-4.4.0-6… 67e12d875134f977a2a58b1432b66a21 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-pgsql-4.4.0-6.22… e6bd99bf67bcaf237ff9c97b99a41e09 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-servlet-4.4.0-6.… 0699887baee8cd9b1ec6cffb4b26f242 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-session-4.4.0-6.… 6b803ad945a8198d61dafbac651d648a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-unixODBC-4.4.0-6… 5dfe0505a4d5f18e1263e04398847336 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-wddx-4.4.0-6.22.… 357376a0ab799df8099c01c0413c7676 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-5.0.4-9.22.i586.… cdbbb45a419cf429fbfcdbbd38c199bf ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-bcmath-5.0.4-9.2… 7d8a61934f86b61cc616d0050d1ec229 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-curl-5.0.4-9.22.… b44753f46245e6a07d4862a35c9e84c4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-devel-5.0.4-9.22… 692f6171237488467b6a02ebf1b8d580 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-dom-5.0.4-9.22.i… bc9920e010e991e33dea51a006a850d0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-exif-5.0.4-9.22.… 316275142505124fd5a2efe5b6520448 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-fastcgi-5.0.4-9.… 4e198a40b6cfcd2ddffa1c323c7accc5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-ftp-5.0.4-9.22.i… 7d6aa289c517c4b079242141b27e6fa3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-gd-5.0.4-9.22.i5… 44f7cf2fbb12dd41c984b4acd762363e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-iconv-5.0.4-9.22… 019dc26777503bdc6a26afb9c6b7787f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-imap-5.0.4-9.22.… 982f745d157a6d836cdb3367ce74bad0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-ldap-5.0.4-9.22.… 66e5aa36f470cd62364593e9b0e13cb0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-mbstring-5.0.4-9… 41f1187c34074c970df8c91e42dbcb00 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-mysql-5.0.4-9.22… 884911ef2a69326b85ee5708c5acced5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-mysqli-5.0.4-9.2… d5a05f13e1f07c5d831d46a9b012addd ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-pear-5.0.4-9.22.… 62ef54bf00690560663f83e7b6a1c9b5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-pgsql-5.0.4-9.22… 6805d9a45fa2c786871c9400da85fa8f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-soap-5.0.4-9.22.… 120e893030fd3e12254a71bdbbc68270 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-wddx-5.0.4-9.22.… 4bc2252ca0c8028fbd7a9c56f141866e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-xmlrpc-5.0.4-9.2… ede8c82fcf65472a2a210d47ac6d72ef SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-mod_php4-4.3.1… bb37ace522b4b247390a7d2fd343fc2a ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-mod_php5-5.0.3… 9f0444505823bab0e457b2eee503866b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mod_php4-servlet-4.3.1… 17c64ffd909692f981df6333cbbb955d ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-4.3.10-14.32.i586… eaa0781c6629df13434fc4e6029a5ec9 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-curl-4.3.10-14.32… fd7815b14025ede01b0827fa4115a39b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-devel-4.3.10-14.3… 1732cfe246bda05fc0f23878550f36e0 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-exif-4.3.10-14.32… 55ce1169fa5c9708e5b95e37e2523817 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-fastcgi-4.3.10-14… ee9d8d6b2a4686b4dcec90de9a16d3f4 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-gd-4.3.10-14.32.i… c87cc42a8fd2b5d3196efeb23ce0aa7b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-imap-4.3.10-14.32… dccf0660b072c7e5cb05b5c3cbbc46df ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-mbstring-4.3.10-1… eb2f95bed73b5331ce0580a9ffff83ee ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-pear-4.3.10-14.32… c2f18db717d1b8d6b00959d7016fd794 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-pgsql-4.3.10-14.3… 94182fd233a1679ce6041a2b345df264 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-session-4.3.10-14… 188028fdd1b848bd4ae78e599a29ea0b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-sysvshm-4.3.10-14… 49b9f294d486ef7b484162f498544648 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-wddx-4.3.10-14.32… 3821484ea933a0b219e3355ec5f27267 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-5.0.3-14.32.i586.… 66629a2e3f6a7169d78f02bf80ca768a ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-bcmath-5.0.3-14.3… 8002c9d4569a7912e1fe99acb9a1a9fd ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-curl-5.0.3-14.32.… 003e4c98e666d8630a4833e82f54c094 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-dba-5.0.3-14.32.i… 819e085ff04cd8dfd68bf48bd634ac80 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-devel-5.0.3-14.32… 6e7fad4cf64d3af432c17cffb4afe53f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-dom-5.0.3-14.32.i… e195afa01a59ea612d4c351d623c6f07 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-exif-5.0.3-14.32.… 644f800c519219ac22a5fd891c28e9f3 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-fastcgi-5.0.3-14.… ad73d2a39e03d592b40faf62b83bae5a ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-ftp-5.0.3-14.32.i… 64133e5d6bb271fae04157a971ba5e7e ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-gd-5.0.3-14.32.i5… 8ced63cb7f9515df21f6d75603c88a20 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-iconv-5.0.3-14.32… 1b0dc063ee1ab5498eee7fa24ffd2333 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-imap-5.0.3-14.32.… 5d9f4b27cc1acc61c6e2458bf5e855db ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-ldap-5.0.3-14.32.… 64aec2679c4e6f2d92d8ef83c9297afc ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-mbstring-5.0.3-14… 96caffd7d8065013cba3757a600a013d ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-mysql-5.0.3-14.32… f98a7b2347844a10ec579adcaac6cffb ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-mysqli-5.0.3-14.3… 066a093ad825d0f21c57db9af739828e ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-pear-5.0.3-14.32.… d7c45643721143767c27e78978b5c009 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-pgsql-5.0.3-14.32… 281b03ecdaee24d10a66e17c321d1d7e ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-soap-5.0.3-14.32.… 956125aff1b6235de761216f8b0ac3f2 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-sysvmsg-5.0.3-14.… 2c8eadd0a14e89d36092a4dac12637b0 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-sysvshm-5.0.3-14.… f59ebf805fcdb12197332adbf6170428 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-wddx-5.0.3-14.32.… 597e0ada90ad127e2e93fb2bd2dd86e7 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-xmlrpc-5.0.3-14.3… 5782f46660584961b864d82504169f1f Power PC Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-mod_php5-5.1.2-29.2… 5c3a7490baf29e40af9fe2c971805d02 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-5.1.2-29.22.ppc.rpm a880773b9488ef82c8bb82a0f8d64c2c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-bcmath-5.1.2-29.22.ppc… 89619e16cdf1a2b2dbf9244e80c3cf7c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-curl-5.1.2-29.22.ppc.r… 63ccc700c51c27917f807bea38cff534 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-dba-5.1.2-29.22.ppc.rpm c1a5dbaf241fbec03da3c1ef9d349a34 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-devel-5.1.2-29.22.ppc.… 61e718029e2a12d78c197f7e728fc152 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-dom-5.1.2-29.22.ppc.rpm 77600cb98af2227a88e6e7ce700e142e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-exif-5.1.2-29.22.ppc.r… 9f791a6cb12aaffcd0bd4a24fa6c8511 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-fastcgi-5.1.2-29.22.pp… 5420eeb95db2c6ffbf711edefcb86f52 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-ftp-5.1.2-29.22.ppc.rpm 20236329aea2add5d1cf4763ababec36 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-gd-5.1.2-29.22.ppc.rpm ee6af188441aef34e0c8bbe45b50da49 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-iconv-5.1.2-29.22.ppc.… 8bcecc900683d37aeb634e3b1a1010fd ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-imap-5.1.2-29.22.ppc.r… 9d638ddce967a3eb68a9463172d06997 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-ldap-5.1.2-29.22.ppc.r… 343457755b73a1bcc99fa6e88e29e9f3 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mbstring-5.1.2-29.22.p… 554cb0e394d142db3d62344cdd1c3c90 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mysql-5.1.2-29.22.ppc.… 7194677f6fa9278d0a41a2b984128f27 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mysqli-5.1.2-29.22.ppc… 38199b3a107c8e6bafd6d8a98328d6ca ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-pdo-5.1.2-29.22.ppc.rpm 3b875741eaf749e5b7de88191dea32d7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-pear-5.1.2-29.22.ppc.r… 286c52d8e775f6ff53126f2f8d6fa374 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-pgsql-5.1.2-29.22.ppc.… ba171044ac3d74b24bfbc8cb44cd1ae1 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-soap-5.1.2-29.22.ppc.r… 25397498ac1e37d5ebbe4637b045e815 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-wddx-5.1.2-29.22.ppc.r… 81939a0dddc8231c770209c31c93da1b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-xmlrpc-5.1.2-29.22.ppc… e4644d303ab5b33091491e04b9dfe733 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-mod_php4-4.4.0… d404506a09bd562e1f7b87f6f221ab1a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-mod_php5-5.0.4… f6739e7e780cbf3ce4aad072c25b6dfd ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-4.4.0-6.22.ppc.rpm 0a52fbe377b254093666edcee6301ecf ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-curl-4.4.0-6.22.p… efab9fd837dc2a9e5dede5896f8b2b5e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-devel-4.4.0-6.22.… 7cc6c67091b82390e32f3abc6ff7f476 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-exif-4.4.0-6.22.p… 06e05a03648245f56140aca7a77434f7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-fastcgi-4.4.0-6.2… 8188b67aef4d2e09a6a3179bac6fa39f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-gd-4.4.0-6.22.ppc… daa6610ac8740e46f932451f15460215 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-imap-4.4.0-6.22.p… 258a9ea50a76c6f80e247c2fe7a191c7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-mbstring-4.4.0-6.… cdd1e67afc23c92e182c8238acc7acbb ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-pgsql-4.4.0-6.22.… 9d9a03a033d30aab7645c6ca7bf91fdc ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-session-4.4.0-6.2… 6f25188aec42f75e5b7c6ea7db1d9624 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-unixODBC-4.4.0-6.… ea11aa7202c1b2917baf25763c8c536d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-wddx-4.4.0-6.22.p… f8e8c682fc2cee7f43f2041f3fe2171d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-5.0.4-9.22.ppc.rpm ab488088003f0f10767ccbeae3863f10 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-bcmath-5.0.4-9.22… 94c108542cbba53077083fad6ed6e229 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-curl-5.0.4-9.22.p… 0c5ed8bd0070c5adfdd99d326ee0317d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-devel-5.0.4-9.22.… 78726d6e058fa0a13e6a819f5d5e778f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-dom-5.0.4-9.22.pp… 580a53f563a25992dfa347b97a6b013f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-exif-5.0.4-9.22.p… 1bd5e9f4f120243fb774beae7145888f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-fastcgi-5.0.4-9.2… f6d4e0bcd096c9d9f4d70d50f45e7030 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-ftp-5.0.4-9.22.pp… 8492aec117ee3148fbe1c3eaded1a467 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-gd-5.0.4-9.22.ppc… 0477685cc29f90ae22ab5874d9271949 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-iconv-5.0.4-9.22.… 7852ec943ea7701b7a02885707c71690 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-imap-5.0.4-9.22.p… f900227644985f54a7599d86cf1e58ff ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-ldap-5.0.4-9.22.p… 7a1a0479746fe9e2b912fda755548265 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-mbstring-5.0.4-9.… 209858e52b723b928445be3f7d399c82 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-mysql-5.0.4-9.22.… a4485ab476f08cc68b896e9946d9a7ae ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-mysqli-5.0.4-9.22… 64d70ed3ed35940336e2c77199fa2aa1 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-pear-5.0.4-9.22.p… 01e27cc86e2b3565788e573bf8aec191 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-pgsql-5.0.4-9.22.… c0acf6c7b3d917ec14d5b6af6794edb6 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-soap-5.0.4-9.22.p… 692dee19cd40eafdc3b349c8afad2997 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-wddx-5.0.4-9.22.p… e42dbdb0ab48b392e03014ddaf04fd40 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-xmlrpc-5.0.4-9.22… e40ba04a3c5c597926ac379ff318dfbb x86-64 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-mod_php5-5.1.2-2… 2d8a739b4cecd9882d0eb082b6a69348 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-5.1.2-29.22.x86_64.… 7b1e56bff005296875899b9147fad095 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-bcmath-5.1.2-29.22.… 9dc6cb876887bdb8127e153d0d555dcd ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-curl-5.1.2-29.22.x8… a4a5903adf9454a9029a2ea35a8dc79b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-dba-5.1.2-29.22.x86… 1adc8547eac04fe1672c0290291683fb ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-devel-5.1.2-29.22.x… fd5aca9e425470708b2af5fa5b6a990e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-dom-5.1.2-29.22.x86… f0b2064b6e8bf9643dbac2a2ee9b071b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-exif-5.1.2-29.22.x8… 997a8e793509037bf280e45c4fd9ae13 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-fastcgi-5.1.2-29.22… 479d255df50e028189f9479970e3e0bf ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-ftp-5.1.2-29.22.x86… 2144c76e88b3edab24bd13331f6c311b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-gd-5.1.2-29.22.x86_… 8f94ad01f7adbf6afe7aea6cd187d412 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-iconv-5.1.2-29.22.x… e103468c9c41cfe6c47998b8eb3f8814 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-imap-5.1.2-29.22.x8… f0b15d3f0452d04172e061a70654252f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-ldap-5.1.2-29.22.x8… 1bf1cecddbfe202bfff5bd8065395f7b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mbstring-5.1.2-29.2… 77c78f652f8f06d2f548a23a614e3bc8 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mysql-5.1.2-29.22.x… 0124292c4136557838f59e340e3af27d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mysqli-5.1.2-29.22.… 1d9bf118798dc9a0e17e06d92c67e22f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-pdo-5.1.2-29.22.x86… ae7e99e94409a4f9ef5b7d670ba1cc43 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-pear-5.1.2-29.22.x8… 7272c2eac3a3a9085fba56b12e433847 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-pgsql-5.1.2-29.22.x… 6f9d55833b21afd381662d6ebfb2f65d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-soap-5.1.2-29.22.x8… 3d163f1c82ed1f014ce5a3242abaee5a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-wddx-5.1.2-29.22.x8… 78a7da3d4ac63cbef4233e937cfc1f11 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-xmlrpc-5.1.2-29.22.… 47a63db62d0bd26e4ad2454a27766540 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-mod_php4-4.… 0ab300b70b02d407460212633859d3e0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-mod_php5-5.… 638ac9911ab2353d1644f3ea3f58c5dc ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-32bit-4.4.0-6.… b3189fd4e0c577a4caf26ef3d88f3e2d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-4.4.0-6.22.x86… ceb7c679a3ff01072317cf7389e87e86 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-curl-4.4.0-6.2… 52cf201fc735a69ec7330a1cc90f4234 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-devel-4.4.0-6.… 4c58e2303b7d497e103ad9d32f33c595 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-exif-4.4.0-6.2… 9cf2ea8f7d1e57d4ac0db96ecaae389b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-fastcgi-4.4.0-… 8277d4cab2a14efdec945e6ce52e95bf ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-gd-4.4.0-6.22.… cd9b4bf7369542894d50b60acd872d05 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-imap-4.4.0-6.2… b2dc740f8957d92bf8cf9896fdd879e6 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-mbstring-4.4.0… 8f6b9a6f62ff68ac7f41330d6944c761 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-pgsql-4.4.0-6.… 2b7677cae8889cd37877b4f1bc0b8844 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-servlet-4.4.0-… 428972817272275762d79b98aeeb1df1 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-session-4.4.0-… 6edf5413bd4bc80114ae74fed3ac1c3c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-unixODBC-4.4.0… 76c9ef628b3b0776436acb83481f4bf1 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-wddx-4.4.0-6.2… 3615d54dcf93c1ef8c3774f06d68c8e5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-5.0.4-9.22.x86… 8e3a1441c72d898e3de57ebb84af2e54 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-bcmath-5.0.4-9… cafd4690d9c5cab791740efc477e0e23 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-curl-5.0.4-9.2… 4d6ded62957dccd7866312cdb0bd9733 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-devel-5.0.4-9.… 936d8f4587a9a5cde6b320fa93801d71 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-dom-5.0.4-9.22… 6d583a65c2583dbbd331b8e6cb00219b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-exif-5.0.4-9.2… b0df688b3532deed5a09feb59f8ba835 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-fastcgi-5.0.4-… e8f4d15ee2799b03e90f8ef0d914b064 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-ftp-5.0.4-9.22… 1913a4296358c2e592d0dea24c8e9aa7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-gd-5.0.4-9.22.… a608e0006a05576bfc45c9eab6a741d4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-iconv-5.0.4-9.… cd65092005de210d3fe88bcfdd3df2a7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-imap-5.0.4-9.2… 9443711bec8934b98f02be8b9812c050 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-ldap-5.0.4-9.2… b547531405f519c8b502719769897fe5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-mbstring-5.0.4… 4d3ae6e0dca36aa033034c89154aa95c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-mysql-5.0.4-9.… 977b2b53902f03178fa0425974f3a44c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-mysqli-5.0.4-9… 3fdc56c1aaabc314442d7bfdc357d296 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-pear-5.0.4-9.2… 4a39f64d161ce79cc6b43fc9b824b873 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-pgsql-5.0.4-9.… a4e422e868287e01cdcd73e05d312dc8 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-soap-5.0.4-9.2… 6064cf384345100b2003b5d1642fa7ec ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-wddx-5.0.4-9.2… 3abaeee3b57b267de2d1f9465039a2db ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-xmlrpc-5.0.4-9… 66ea3018704c30fe88fb2d8f98dc2032 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-mod_php4-4.3… 87467db93691b6ba7a35c5b1813f4cb0 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-mod_php5-5.0… 0de39de077ae0df7c42c0713c8fcdda0 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mod_php4-servlet-4.3… a42f7164b0e676c9c04bab00f376c8f7 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-32bit-9.3-7.14.… 071099f308973b93bdf5bf0684fadf03 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-4.3.10-14.32.x8… dd1090efe44a5c39a4d37e84619991d7 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-curl-4.3.10-14.… 0b7a436030ba91f390db2d5fda87948f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-devel-4.3.10-14… a7362d9e9861b0440e69ac728e04dfcb ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-exif-4.3.10-14.… a9fe3ff55c9ce5181ce11ca4d69fcafe ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-fastcgi-4.3.10-… 2c1137b4793f0deb54e1d48974b8049d ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-gd-4.3.10-14.32… 9fb2a974b61581fc337c73423f761fa5 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-imap-4.3.10-14.… 87f0c2940065d61b55abdaf08284d8e3 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-mbstring-4.3.10… a0226dcc68681b3b2aef4a499c06e6e5 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-pear-4.3.10-14.… 5d57c4bf164fdaba6e4eae308b07e716 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-pgsql-4.3.10-14… 1ff1450d5917aa89c9531829dbdbd64b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-session-4.3.10-… 6e4bd961bd52ffc1c9aca58be9be3780 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-sysvshm-4.3.10-… e27199d83837d59b76cfb1305f466230 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-wddx-4.3.10-14.… 5e9445198d0d7bb43e23f7d889c46268 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-5.0.3-14.32.x86… 7be9597720a390d414481d9630b97176 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-bcmath-5.0.3-14… 218a4f1a61f5073c0af5b7225f70762d ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-curl-5.0.3-14.3… a103af05a4941936d575c0429fb76798 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-dba-5.0.3-14.32… a8919a941dc32a3743c798b4bb00fbd3 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-devel-5.0.3-14.… 65bde3ea9e0435178aed6f2c3eb6cc8e ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-dom-5.0.3-14.32… 6fb7f1331283ca7c3bc37ec5058afea2 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-exif-5.0.3-14.3… 94404361d39de30930136e637184a05a ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-fastcgi-5.0.3-1… 344fcd4f499331d06c4692a82232d276 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-ftp-5.0.3-14.32… 9f7f87e14866a9bcf3f13c49c6a173f9 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-gd-5.0.3-14.32.… ab1b7ae7aebae896f2dd211d1763dfc1 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-iconv-5.0.3-14.… f5cd1145b6252cb467e8a50c1c27520d ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-imap-5.0.3-14.3… ae8ba21ba946c489b6d74a96b4c09d93 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-ldap-5.0.3-14.3… 48b02728261eb7c44a55eb07717f2fd2 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-mbstring-5.0.3-… 32b81d5e55aa4bcdaf08a3103ca1a5cc ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-mysql-5.0.3-14.… 0dafcda7b4dc9a69a31a6d91face802d ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-mysqli-5.0.3-14… 92f545d335d7eb0527c8c9cb10827d27 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-pear-5.0.3-14.3… 056280dea69e55cf858bc153646e3ee4 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-pgsql-5.0.3-14.… 4998c6ff01a4c81e6fd34825adf9c6b4 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-soap-5.0.3-14.3… ae481915b9f32f134f33e00bd37c9c36 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-sysvmsg-5.0.3-1… 92026592609fa5e801346f0c68c794ab ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-sysvshm-5.0.3-1… ca96913fbe26855107b6627b643ec9b2 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-wddx-5.0.3-14.3… 1de32e83cf551fe35fe58a0d9ff89437 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-xmlrpc-5.0.3-14… 5a1150fe6f80c6246194184e025187bf Sources: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/php5-5.1.2-29.22.src.rpm 955dd593b249671b49c0468a801fc40f SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/php4-4.4.0-6.22.src.rpm 5f61fde7f4967668ebc09c5420c2121d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/php5-5.0.4-9.22.src.rpm f5aad91ffaaba5cbaa43f0e321b2ef1f SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/php4-4.3.10-14.32.src.r… 3e00697cb7dfff72f03eb4e36ff4308c ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/php5-5.0.3-14.32.src.rpm fbfd0640c942ea0fcaf623cd48d03dfa Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE SLES 10 http://support.novell.com/techcenter/psdb/95aa269a50d6438793d154b7db556119.… http://support.novell.com/techcenter/psdb/95aa269a50d6438793d154b7db556119.… Open Enterprise Server Novell Linux POS 9 SUSE SLES 9 http://support.novell.com/techcenter/psdb/2a0a69ad2fa154c13d238e3177db3736.… UnitedLinux 1.0 SuSE Linux Openexchange Server 4 SuSE Linux Enterprise Server 8 SuSE Linux Standard Server 8 SuSE Linux School Server SUSE LINUX Retail Solution 8 http://support.novell.com/techcenter/psdb/7ff98a5ba0483fdee45151d8d34c3d7b.… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBRVsM8Xey5gA9JdPZAQJIaAgAlhcf4FJc+SaXOsJ+Hn6GqahaaA7ffdgR GbQvlzqqLJoWvdnMylBl2jZ5MLAWRn0wJ14hzCABxSy9MDEonCroBmGIOyQh7OcN 8VdwRb2AqoGcNrGwK3CxbSuQQzb+TzI63zMBciPotPQkRXYrkl1+E4zgiZuK46EQ b0MRQ7eVDTJUuppNo+eDFp1vOPOONzW2KaEb+hSDHXdkeN35IDXXz1n8mxYv6Tjj Y1R7k1wh0Ccb5BIZY7UDswK/CObVDNvHojBMsM1occ8TGf8p4LlZ/RsoE2GNGYlw CddmmGl+gA8wgwfa+6jRzXj6v99m9QLWhFnd+uTetPBvvJYk9AVQqA== =qixA -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: ImageMagick (SUSE-SA:2006:066)
by Marcus Meissner 14 Nov '06

14 Nov '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: ImageMagick Announcement ID: SUSE-SA:2006:066 Date: Tue, 14 Nov 2006 12:00:00 +0000 Affected Products: Novell Linux Desktop 9 SLE SDK 10 SLES SDK 9 SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 SuSE Linux Desktop 1.0 SuSE Linux Openexchange Server 4 SuSE Linux School Server SuSE Linux Standard Server 8 SUSE SLED 10 Vulnerability Type: remote denial of service Severity (1-10): 5 SUSE Default Package: no Cross-References: CVE-2006-5456 Content of This Advisory: 1) Security Vulnerability Resolved: ImageMagick security problems Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Two security problems were found in the GraphicsMagick tool set which are also present in ImageMagick. CVE-2006-5456: Multiple buffer overflows in ImageMagick allowed user-assisted attackers to cause a denial of service and possibly execute execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. Additionally a segfault regression when converting a PGM image was fixed on SLE 10. 2) Solution or Work-Around Please install the updated packages. 3) Special Instructions and Notes None. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ImageMagick-6.2.5-16.10.i5… 53a00589ee258f1e45a692e9ce12aeba ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ImageMagick-Magick++-6.2.5… c30d0dfeee41c23b99d833358b274f55 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ImageMagick-Magick++-devel… a0d70475369c851b8a7a36995ae38f89 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ImageMagick-devel-6.2.5-16… bdb09dd70f7883d63a40f30680eca4cd ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/perl-PerlMagick-6.2.5-16.1… 5aa843a0c9b21be524034977dc7f5762 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/ImageMagick-6.2.3-4.6… cd473f0b81b40c2d7387eeccec9126a6 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/ImageMagick-Magick++-… 29caed1aaa2aad1cb02a6dc3043e797b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/ImageMagick-Magick++-… b4b4c654d7f1315e5ff2f524da2831f1 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/ImageMagick-devel-6.2… e02ff46acf16bfa5d7a8abdda4f9c10b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/perl-PerlMagick-6.2.3… abd013195ae2e6dd6f3d36f1a40faf9d SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/ImageMagick-6.1.8-6.6.… a6015f397a33caca9465325d3593e408 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/ImageMagick-Magick++-6… 4ecdae14291bfac5ac0fb2030a33cae5 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/ImageMagick-Magick++-d… 6073ce67170c759aafb362879a78d3ce ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/ImageMagick-devel-6.1.… ba2e72511d4cf8bc43883fc965d176af ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/perl-PerlMagick-6.1.8-… f18b1fd1d40e323d0656943b7aacbf7a Power PC Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/ImageMagick-6.2.5-16.10.ppc… 0ce17968ee4b88e82b03969d83cfb877 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/ImageMagick-Magick++-6.2.5-… 6dd51385fd0a7fa296ce28559bbed9c3 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/ImageMagick-Magick++-devel-… 952219aef97fd57e91fb1dfc5c67eeba ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/ImageMagick-devel-6.2.5-16.… 61b69423fef382664812b67bd7e467a5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/perl-PerlMagick-6.2.5-16.10… 017968d9d41f1618b33eedd76fc48c10 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/ImageMagick-6.2.3-4.6.… 327ca2796926ffef811188996a666bdd ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/ImageMagick-Magick++-6… 1c1fe905aa0c0b944eae02bb6188ac24 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/ImageMagick-Magick++-d… 6941f64579f8e2ea751a9f61ac731b60 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/ImageMagick-devel-6.2.… 6de9945e06b2332f4c7f8e59623703b5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/perl-PerlMagick-6.2.3-… 0bc9c802c61e8004f554eec60983cc07 x86-64 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ImageMagick-6.2.5-16.10.… 3b0fc7e0d61599bb6ec8de677de12069 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ImageMagick-Magick++-6.2… a8d269a5e6d216919d4f3ef5048c07f0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ImageMagick-Magick++-dev… 39756fc165eb7dcf416a4120ac52818a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ImageMagick-devel-6.2.5-… 66f2643a53e78307f5d9081b475fe53b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/perl-PerlMagick-6.2.5-16… b4f8088f97b2735f42e52c46b801ab83 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/ImageMagick-6.2.3-4… aabb1f9abb5bf686b7f872cc23d891d0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/ImageMagick-Magick+… 52d9ab106555003e8fa3a72f1d5c3cb4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/ImageMagick-Magick+… aac46f4da8928ef27556a1a971b0580f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/ImageMagick-devel-6… 00a81102fa19303cbf40c0414e361b6f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/perl-PerlMagick-6.2… a8114375ac411502b5a4b367c587125a SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/ImageMagick-6.1.8-6.… ad2633bb68a390e8bcb1cf248ba95020 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/ImageMagick-Magick++… dd507ecf6222ed14ce3f90d51a6d996e ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/ImageMagick-Magick++… 7a403f2364da96b132c7957f80c6d540 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/ImageMagick-devel-6.… 4b0a5865abec3dae751ba1b5ae653044 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/perl-PerlMagick-6.1.… 74cd0a2dad875a8019adf12a2536743a Sources: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/ImageMagick-6.2.5-16.10.src… 78474b3af1b7e120694e2e3cc6d034f4 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/ImageMagick-6.2.3-4.6.… 0ae17c894f34961cfb3f0e070167c8f0 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/ImageMagick-6.1.8-6.6.s… f2a276ad3c03ab1ffd7e10336e70274c Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SuSE Linux Openexchange Server 4 http://support.novell.com/techcenter/psdb/54784cdc395efc4acd3491b3f202e583.… SLES SDK 9 http://support.novell.com/techcenter/psdb/54784cdc395efc4acd3491b3f202e583.… Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/54784cdc395efc4acd3491b3f202e583.… SuSE Linux Standard Server 8 http://support.novell.com/techcenter/psdb/54784cdc395efc4acd3491b3f202e583.… SuSE Linux School Server http://support.novell.com/techcenter/psdb/54784cdc395efc4acd3491b3f202e583.… SuSE Linux Desktop 1.0 http://support.novell.com/techcenter/psdb/54784cdc395efc4acd3491b3f202e583.… SLE SDK 10 http://support.novell.com/techcenter/psdb/54784cdc395efc4acd3491b3f202e583.… SUSE SLED 10 http://support.novell.com/techcenter/psdb/54784cdc395efc4acd3491b3f202e583.… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBRVmePney5gA9JdPZAQK7Rwf9FTyBctODFes/jHZPcnGXOrEp09PTdioD eV/pY4Y4UWbaPizoZGB/KAqneJIrrlmMH7+xB/rSETGR+4A2V8d2AMHrIkXEdsPh MYdJYR2Q7TgSGukmRMZUxCd2ZvjAQKX2s9y4IRb5bf5P+JPrnKJ0O/ADiRzeFf7s R6xqPgfkOHmK0bjKIBd0KAUlypwSzbeUBSXn4DZ2Cj0YQexZwf5q+50gUr+0lwcH uz7FWRbLUSzEUsoUZ6vqJJpGSVLZvTRzfz8DRFddOrZfJTezK5nMq+/hRe0Wm4Kw 7YMoCaESO3KNVY06JERZu40gknRIpn4nO57hjMl9HS31k/g6CnzSjQ== =A5G7 -----END PGP SIGNATURE-----

1 0