openSUSE Security Announce
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
February 2006
- 3 participants
- 10 discussions
SUSE Security Announcement: kernel various security problems (SUSE-SA:2006:012)
by Marcus Meissner 27 Feb '06
by Marcus Meissner 27 Feb '06
27 Feb '06
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: kernel
Announcement ID: SUSE-SA:2006:012
Date: Mon, 27 Feb 2006 16:00:00 +0000
Affected Products: SUSE LINUX 9.3
SUSE LINUX 9.2
SUSE LINUX 9.1
SuSE Linux Desktop 1.0
SuSE Linux Enterprise Server 8
SUSE SLES 9
UnitedLinux 1.0
Vulnerability Type: various security problems
Severity (1-10): 8
SUSE Default Package: yes
Cross-References: CVE-2004-1058, CVE-2005-2553, CVE-2005-3356
CVE-2005-3358, CVE-2005-3623, CVE-2005-3808
CVE-2005-3847, CVE-2005-3848, CVE-2005-3858
CVE-2005-4605
Content of This Advisory:
1) Security Vulnerability Resolved:
various kernel security problems
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
none
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The Linux kernel has been updated to fix various security problems.
All SUSE Linux versions and products are affected, the exact affected
versions are listed per entry. A SUSE Linux 10.0 kernel update was
released 2 weeks ago, also fixing the issues listed in here. (SUSE
Linux Enterprise Server is abbreviated as SLES, Novell Linux Desktop as NLD,
and Open Enterprise Server as OES).
- CVE-2005-3623: Remote users could set ACLs even on read-only
exported NFS filesystems and so circumvent access control.
Affected: All SUSE Linux based products.
- CVE-2004-1058: A race condition was fixed which could allow
local users to read environment variables of another process.
This is a reissue of an earlier fix in the 2.6 kernel also present
in the 2.4 kernel.
SUSE Linux Enterprise Server 8 and SUSE Linux Desktop 1 are affected.
- CVE-2005-2553: Fixed an oops when a 64bit binary was traced with
a 32bit ltrace.
This problem only affects SLES 8 for x86-64.
- CVE-2005-3356: A double decrement in mq_open system call could lead
to local users crashing the machine.
This problem affects SUSE Linux 9.1 up to 9.3, SLES 9, and NLD 9
and OES.
- CVE-2005-3358: A 0 argument passed to the set_mempolicy() system
call could lead to a local user crashing the machine.
This problem affects SUSE Linux 9.1 up to 9.3, SLES 9, and NLD 9
and OES.
- CVE-2005-3848: A dst_entry leak in the icmp_push_reply could be
used to exhaust system memory. However this problem happens only
on machines which are already nearly memory starved.
This problem affects SUSE Linux 9.1 up to 9.3, SLES 9, and NLD 9
and OES.
- CVE-2005-3858: A memory leak in the ip6_input_finish function
in ip6_input.c might allow attackers to cause a denial of service
via malformed IPv6 packets with unspecified parameter problems,
which prevents the SKB from being freed.
This problem affects SUSE Linux 9.1 up to 9.3, SLES 9, and NLD 9
and OES.
- CVE-2005-4605: Kernel memory could be leaked to user space through a
problem with seek() in /proc files .
This problem only affects SUSE Linux 9.2 and 9.3
- CVE-2005-3847: The handle_stop_signal function in signal.c allows
local users to cause a denial of service (deadlock) by sending a
SIGKILL to a real-time threaded process while it is performing a
core dump.
This problem only affects SUSE Linux 9.3.
- CVE-2005-3808: A 32 bit integer overflow on 64bit mmap calls
could be used by local users to hang the machine.
This problem only affects SUSE Linux 9.3.
A number of additional non-security bugs were fixed, but are not listed here.
Please check the separate maintenance information mails or the RPM changelogs
(with rpm ---changelog -q name-of-kernel-rpm).
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
SPECIAL INSTALLATION INSTRUCTIONS
=================================
The following paragraphs guide you through the installation
process in a step-by-step fashion. The character sequence "****"
marks the beginning of a new paragraph. In some cases, the steps
outlined in a particular paragraph may or may not be applicable
to your situation. Therefore, make sure that you read through
all of the steps below before attempting any of these
procedures. All of the commands that need to be executed must be
run as the superuser 'root'. Each step relies on the steps
before it to complete successfully.
Note that usually it is sufficient to just run YaST Online Update
to correctly update the kernel. Only if you are using manually
changed bootloader configurations manual steps are necessary.
**** Step 1: Determine the needed kernel type.
Use the following command to determine which kind of kernel is
installed on your system:
rpm -qf --qf '%{name}\n' /boot/vmlinuz
**** Step 2: Download the packages for your system.
Download the kernel RPM package for your distribution with the
name indicated by Step 1. Starting from SUSE LINUX 9.2, kernel
modules that are not free were moved to a separate package with
the suffix '-nongpl' in its name. Download that package as well
if you rely on hardware that requires non-free drivers, such as
some ISDN adapters. The list of all kernel RPM packages is
appended below.
The kernel-source package does not contain a binary kernel in
bootable form. Instead, it contains the sources that correspond
with the binary kernel RPM packages. This package is required to
build third party add-on modules.
**** Step 3: Verify authenticity of the packages.
Verify the authenticity of the kernel RPM package using the
methods as listed in Section 6 of this SUSE Security
Announcement.
**** Step 4: Installing your kernel rpm package.
Install the rpm package that you have downloaded in Step 2 with
the command
rpm -Uhv <FILE>
replacing <FILE> with the filename of the RPM package
downloaded.
Warning: After performing this step, your system may not boot
unless the following steps have been followed
completely.
**** Step 5: Configuring and creating the initrd.
The initrd is a RAM disk that is loaded into the memory of your
system together with the kernel boot image by the boot loader.
The kernel uses the content of this RAM disk to execute commands
that must be run before the kernel can mount its root file
system. The initrd is typically used to load hard disk
controller drivers and file system modules. The variable
INITRD_MODULES in /etc/sysconfig/kernel determines which kernel
modules are loaded in the initrd.
After a new kernel rpm has been installed, the initrd must be
recreated to include the updated kernel modules. Usually this
happens automatically when installing the kernel rpm. If
creating the initrd fails for some reason, manually run the
command
/sbin/mkinitrd
**** Step 6: Update the boot loader, if necessary.
Depending on your software configuration, you either have the
LILO or GRUB boot loader installed and initialized on your
system. Use the command
grep LOADER_TYPE /etc/sysconfig/bootloader
to find out which boot loader is configured.
The GRUB boot loader does not require any further action after a
new kernel has been installed. You may proceed to the next step
if you are using GRUB.
If you use the LILO boot loader, lilo must be run to
reinitialize the boot sector of the hard disk. Usually this
happens automatically when installing the kernel RPM. In case
this step fails, run the command
/sbin/lilo
Warning: An improperly installed boot loader will render your
system unbootable.
**** Step 7: Reboot.
If all of the steps above have been successfully completed on
your system, the new kernel including the kernel modules and the
initrd are ready to boot. The system needs to be rebooted for
the changes to be active. Make sure that all steps have been
completed then reboot using the command
/sbin/shutdown -r now
Your system will now shut down and restart with the new kernel.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/Intel-536ep-4.69-10.5.…
726987fcb2e29a3e6e8d413c1a5dfe1d
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-bigsmp-2.6.11.4…
c543d65d53d4169e734c058020d567ec
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-bigsmp-nongpl-2…
b37dc9424cf567c7736e7ae319e73562
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-default-2.6.11.…
de248d731063686bc283beafa031b537
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-default-nongpl-…
6d193d0deaf3777821849cc61802ff65
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-smp-2.6.11.4-21…
5eb3a6dc960720d8d93cde49ec7700f8
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-smp-nongpl-2.6.…
9f6a944e6f901072d6ce48fbaa1290f0
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-source-2.6.11.4…
62ab0ddbcc4e3d01090b7b5fafd38d8a
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-syms-2.6.11.4-2…
7f73075bdd31464db500d644b97edc81
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-um-2.6.11.4-21.…
02486777b820d02b425fed71a4c5019f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-um-nongpl-2.6.1…
15dfaf2802842860f478f171eda39af1
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-xen-2.6.11.4-21…
1f9636bf36fddc76aaf057651a45309e
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-xen-nongpl-2.6.…
1078b4a0182fe0c4cec06c9547fb1a9e
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/ltmodem-8.31a10-7.5.i5…
78c81eb9d6c5779343c3e29e81030308
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/um-host-install-initrd…
61fbfde10f475ea4c0d724d87d63501f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/um-host-kernel-2.6.11.…
19a7f29a385995702ac30407be70d6d2
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/Intel-536ep-4.69-5.13.…
73fa6376eb84222b2fffa6483eab7afc
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-bigsmp-2.6.8-24…
6c81a75b8fec4b14fc9e4365c187f00d
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-bigsmp-nongpl-2…
aa22cc2a3d959f790ec8523e4019c747
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-default-2.6.8-2…
3890821a67d7d60ffff0caffc2cab778
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-default-nongpl-…
7511e2f0934af8eae4bb3179e7840fbd
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-smp-2.6.8-24.20…
7117c43424009f3c2eb2921e8fbc95ed
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-smp-nongpl-2.6.…
c1d885bfb6675ae69e3b1692f5fc946a
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-source-2.6.8-24…
05236f7ce1b52ab54961ad527ce805e7
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-syms-2.6.8-24.2…
7dc21ec2ccd8dbe4e5d87b41c836bbaf
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-um-2.6.8-24.20.…
f8ce8a36267968fc939a0ee2599e157e
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-um-nongpl-2.6.8…
2e9cfb9aef2447aa952f527eded19c24
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/ltmodem-8.31a8-6.13.i5…
0b131a3243a8b6afd9a8e945b1af2fd4
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/um-host-install-initrd…
1f3c40dc3cf9438fefeeb5eab8d4197e
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/um-host-kernel-2.6.8-2…
aace00350fb0297a2f028699b4668697
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/antivir-2.1.0-20.4.i58…
d6b302c940c8430fab37d9aa9a5e1214
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/drbd-0.7.14-0.6.i586.r…
785040d76717cd8083e256000b7f63d5
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-bigsmp-2.6.5-7.…
5a6544c2a26a3a3dc155198138eaa83f
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-default-2.6.5-7…
02711564583edfb898433c549b09bd7d
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-smp-2.6.5-7.252…
b5703b2f2546e67b1d0ff984a4293cd0
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-source-2.6.5-7.…
591e787dda803b499e6c10d25e05b770
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-syms-2.6.5-7.25…
0b55769312b026a1b9cd4bae2c391d98
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/km_antivir-2.1.0-20.4.…
266fd61aeb1861dc076d445117f66baf
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/km_drbd-0.7.14-0.6.i58…
c1627d9ba295289524d174e13610f09b
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/ltmodem-2.6.2-38.22.i5…
8e6287ab9fcc3992fb49afadc797da45
Platform Independent:
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/noarch/kernel-docs-2.6.11.4…
cb887f584a0c8f8b37638bab10407d73
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/noarch/kernel-docs-2.6.8-24…
62a62a57d97af0ee27a1d9e2f1b5477b
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/noarch/kernel-docs-2.6.5-7.…
936c10c7337f5d6bfde60066fd457989
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/noarch/kernel-docs-2.6.5-…
d8ee9fb3b0423be9ced1e4c2e7de8f05
x86-64 Platform:
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-default-2.6.1…
e8bd3166ade78e0f33ba7a065add24ba
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-default-nongp…
e6ec8fd3780b20bf49bf261d10d4423e
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-smp-2.6.11.4-…
73382acf65787d53973ca779bf0579cc
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-smp-nongpl-2.…
27527e2d10b6b37243009d61ff2ff6f8
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-source-2.6.11…
45e2b2428d73e4367f03eb9841b7074e
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-syms-2.6.11.4…
db2912ac4b3e7ba4cac7d5eb0e3120f5
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-default-2.6.8…
88ed9d91a4414f7f4e39e899ca7a7ef4
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-default-nongp…
5425d91d11a695b36415384be9536cf9
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-smp-2.6.8-24.…
8670c9bc84d9a4d493e4b18aee1c29b2
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-smp-nongpl-2.…
b340a89c163944042c0a214795a3ad7b
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-source-2.6.8-…
66b91efb196d3461d29d90ba8e19c747
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-syms-2.6.8-24…
2f3a689fb2e5e286e15e573739828d99
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/drbd-0.7.14-0.6.x8…
7b99fc2ceef67fd5e23b22b325f2dcd4
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-default-2.6…
1e7e270cbbd76e8af428f7dd7c59d2b8
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-smp-2.6.5-7…
c60de58a4feed20754aa202bc5545149
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-source-2.6.…
9dff984bb8294fac593591db3f5ff9df
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-syms-2.6.5-…
8cfefc4446f2fc70e5fcbae2b1c5e8b9
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/km_drbd-0.7.14-0.6…
097429f49530fddbed45f3122a66f91a
Sources:
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/Intel-536ep-4.69-10.5.s…
18dba7c11f866a58e39a12e79319be85
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-bigsmp-2.6.11.4-…
a9374b06cca86ce9a8373c43c17ac9e4
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-default-2.6.11.4…
b25622507b1903ef0f3bf848839ce08d
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-docs-2.6.11.4-21…
c9381f3813e7af4fa9cf4cc9ce5621ff
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-smp-2.6.11.4-21.…
9b83f383688e1e2cddc5a40c3bda99d4
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-source-2.6.11.4-…
4ad088fa0b6607c5d7fce5d0fad1ae52
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-syms-2.6.11.4-21…
47b05b06a6676e2b781e648e37dc69b0
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-um-2.6.11.4-21.1…
f551a23519fbf78341cb67ec4724982f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-xen-2.6.11.4-21.…
a0885202b09e6b10e392707111f58942
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/ltmodem-8.31a10-7.5.src…
dd70e4bf36e779f4b17adb1736dc8f35
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/um-host-install-initrd-…
5f7c7741a6adc9dc5100eeadbdf2f7c6
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/Intel-536ep-4.69-5.13.s…
52499e0c322a0ca5c5cf90893cf0b0d1
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-bigsmp-2.6.8-24.…
9f34cf79d1700bcd0c0f1058ef247edb
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-default-2.6.8-24…
840876249319d785e5cc45e5bf1490c8
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-docs-2.6.8-24.20…
6cb3fc2605a81385726b77aad68e9e4a
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-smp-2.6.8-24.20.…
8dacc62d42fc39a483da38fa08a1276d
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-source-2.6.8-24.…
29c05920ac9106aad6d6d030ff6fca7b
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-syms-2.6.8-24.20…
3af6d2ffea1c50db219e990665d81a56
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-um-2.6.8-24.20.n…
9be5e2ab15164b15e494b11f53f6118d
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/ltmodem-8.31a8-6.13.src…
17eea8abe7a7bb2f6fc7c029e05be7a2
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/um-host-install-initrd-…
16b975dfc87624197e50d840657f8751
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/antivir-2.1.0-20.4.nosr…
4b79dc800753b16483f304a6511ce8bf
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/drbd-0.7.14-0.6.src.rpm
30182af29f0f23b90c0fe14005a730a9
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-bigsmp-2.6.5-7.2…
bc02096441207893cf47d2be7c8b06ea
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-default-2.6.5-7.…
9e3601a5dbc80c014e54281709e0fe61
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-docs-2.6.5-7.252…
5f4f416be9c8a82930187001970a6d1c
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-smp-2.6.5-7.252.…
1d3eb0c88355dab211f708e6cc8e54e0
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-source-2.6.5-7.2…
21e6098484c4dcec2601dd08b945b308
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-syms-2.6.5-7.252…
c2008e98d134ba1566a782dd122ebd8a
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/ltmodem-2.6.2-38.22.src…
4581214c4fea38c7524465361a68e57c
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/drbd-0.7.14-0.6.src.r…
72f1beb412f7e1ca417de9f1e7569304
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-default-2.6.5-…
976703d007470f12a822da6ce664d129
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-docs-2.6.5-7.2…
e99e2496532756559fd5c67ee283df40
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-smp-2.6.5-7.25…
0c4edc9be7a9fb28c0b59d6117982b0a
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-source-2.6.5-7…
c4e2f55f248e850f1bd7ec16ce17b6a7
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-syms-2.6.5-7.2…
784c069db96b17f32b10cd0673c41a92
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/53a35f9c46a1492…
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/90a639b6799bfd6…
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/17f9d5ebb960b52…
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/fe38820436a873d…
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/91e977c7e67c3b2…
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/94a974abcf7178f…
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/804a98a9ce388ec…
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/87c56bb926a498c…
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/34f03dfffcde711…
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/908e2fc1ed6e9f5…
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/10563fc51e4a944…
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/823abab8a4920fc…
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/186f161a242ba93…
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/9a09b7069f90838…
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/93a74282e730b0e…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
none
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBRAMLc3ey5gA9JdPZAQLGaQf+JYqgs3uUJWLHA0AYZcwnrJiVWs7y9Cj9
nZSROUqwbricdwqZ3VUBgN9AAJvLUvSTT3mbQI8vgSObG9gcd/Rn3c/jdvEfVpLh
35XhuC8Rueb4phkoO4YyL08GoWxJoTnRnyyykUN0T8gFrQgkAP3FymYMGFBZaoGM
X7AgxyISg0WtbzH61og7I779MZrXJsG+m4pSK78RtKHyxi0rbybuK69f0zRJNpbp
jPh204/fqcKYrtjz1wdu0OvreJjFoCf2MKzSV039UdFENFoFfrNjeDUL6RzH/r4A
2gJj3mkxwFC1LXaUyFwO4leBLJFSU4PRxqWunsPVdpXYwOBdUEeH9A==
=4t6d
-----END PGP SIGNATURE-----
1
0
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SUSE Security Announcement
Package: heimdal
Announcement ID: SUSE-SA:2006:011
Date: Fri, 24 Feb 2006 12:00:00 +0000
Affected Products: SUSE LINUX 9.2
SUSE LINUX 9.1
SuSE Linux Desktop 1.0
SuSE Linux Enterprise Server 8
SUSE SLES 9
UnitedLinux 1.0
Vulnerability Type: remote denial of service
Severity (1-10): 5
SUSE Default Package: no
Cross-References: CVE-2006-0582
CVE-2006-0677
Content of This Advisory:
1) Security Vulnerability Resolved:
local unauthorized file access, remote denial of service
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
none
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
Heimdal is a Kerberos 5 implementation from the Royal Institut of Techno-
logy in Stockholm.
This update fixes two bugs in heimdal. The first one occurs in the rsh
daemon and allows an authenticated malicious user to gain ownership of
files that belong to other users (CVE-2006-0582).
The second bug affects the telnet server and can be used to crash the server
before authentication happens. It is even a denial-of-service attack when
the telnetd is started via inetd because inetd stops forking the daemon
when it forks too fast (CVE-2006-0677).
2) Solution or Work-Around
There is no work-around known.
3) Special Instructions and Notes
Please make sure the affected daemons are restarted after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/heimdal-0.6.2-8.6.i586…
3d3d6618cfb387ed34c324d805de0df0
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/heimdal-devel-0.6.2-8.…
7f885d8e091ce98a3bab1816d4165d3e
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/heimdal-lib-0.6.2-8.6.…
021f253a7df8d5ab3caa20b25ea67529
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/heimdal-tools-0.6.2-8.…
748a213e99d7a2be08eeb4496aecb478
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/heimdal-tools-devel-0.…
02b9f64f5be3822307102fb9d5842119
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/heimdal-0.6.1rc3-55.21…
235b22414f6129d744f2f62ffccc7962
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/heimdal-devel-0.6.1rc3…
5c17e233db8c0b53798cab0d78f1ede1
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/heimdal-lib-0.6.1rc3-5…
17d0afc2004af42ebbeb8d77af724fe5
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/heimdal-lib-32bit-9.…
38c61584528fa24ff04ece6705d21fb3
x86-64 Platform:
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/heimdal-0.6.2-8.6.x8…
1f899680ff31945963b55e49df6bcfda
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/heimdal-devel-0.6.2-…
1d65e94810c65ccff51b75066569c428
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/heimdal-devel-32bit-…
068244c514f752985be7c76c5a25418e
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/heimdal-lib-0.6.2-8.…
20b9598b6f5cfaf70de0d3a120f89182
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/heimdal-lib-32bit-9.…
93dc79bdf0fc7b7b4cd82a0c3769329e
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/heimdal-tools-0.6.2-…
31d1a3e3da2a794850b3e03710d5263c
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/heimdal-tools-devel-…
71b87841750ba89979c51c3148d315a0
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/heimdal-0.6.1rc3-5…
226be123cb085fb50899ac8af82f5bda
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/heimdal-devel-0.6.…
658aa7a1969078842a0a9368402b83ff
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/heimdal-lib-0.6.1r…
dafdcf2c26be6576916f5ba6cf3cd9f6
Sources:
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/heimdal-0.6.2-8.6.src.r…
e7333885b6976b490164d28dbc00e905
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/heimdal-0.6.1rc3-55.21.…
ab5d0a61dbfb9df34dfa200bda28d04a
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/heimdal-0.6.1rc3-55.2…
0d7fc839fc86c6919931190dbdfbd88e
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/e3602ff9b11cc8f…
http://portal.suse.com/psdb/e3602ff9b11cc8f4a33fff923a591a18.html
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/f1e0fa19e4bd47f…
http://portal.suse.com/psdb/f1e0fa19e4bd47f5f481fa6abb284ed4.html
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
Please read the weekly summary report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iQEVAwUBQ/8bR3ey5gA9JdPZAQHdlgf8CwpOpCR37uEO/sMAjPPo6Iz+phmvQRzt
Jtig17wxvVRguD2ZEEsaR2HM+XPiMRLKuFIDOSHpopI5m53uNjudJf8zSsJBScOC
hnsqGA1LciGrVNua9SNMNLWCKf5Vo7Z0yXnlr2kJvkmvwJeBJ7o9/O0obCZ88dsi
pWrzg1GfHUSOhz4LJbPNoIi0u8PeRn1UwHCCPKt7OCq2Pe74iufXiTmTGkDPCMRj
ZKiMUnaDdjvw8v1Z+o/dGzv69/QYqBeew6IRRCZ6bhvk6waR54pRphIQx3AMpoJ7
jrtu1DzrsA61t/vN+OMVd0XRXboPFw6vpNDD47QodU8WOl5VjD6NMg==
=gW4T
-----END PGP SIGNATURE-----
1
0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2006:004
Date: Fri, 24 Feb 2006 16:00:00 +0000
Cross-References: CVE-2005-3352, CVE-2005-3357, CVE-2005-3651
CVE-2005-4585, CVE-2006-0207, CVE-2006-0208
Content of this advisory:
1) Solved Security Vulnerabilities:
- resmgr security problems
- php4,php5 security problems
- ethereal security problems
- apache2 cross site scripting in imagemap and mod_ssl DoS
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
- various kernel security issues
- gpg and liby2util affected on more distributions
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for minor
issues, SUSE Security releases weekly summary reports for the low profile
vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums
or download URLs like the SUSE Security Announcements that are released for
more severe vulnerabilities.
Fixed packages for the following incidents are already available on our FTP
server and via the YaST Online Update.
- resmgr security problems
The resmgr package was updated to fix following problems:
- resmgrd granted access to all usb devices if access to one one usb
device was granted via "usb:<bus>,<dev>" notation.
- Class specific exclude rules did not match devices that set their
class ID at interface level.
This update also fixes the following non-security bugs:
- a file descriptor leak
- resmgrd often logged unnecessary ACL error messages
- the init script cleared /var/run/resmgr/classes even if resmgrd
was already running
- php4,php5 security problems
PHP4 and PHP5 were updated to fix the following security issues:
- Cross-Site-Scripting (XSS) bugs (CVE-2006-0208), affecting both
php4 and php5.
- A problem with HTTP response splitting (CVE-2006-0207) using Set-Cookie
headers allowed attackers to inject arbitrary HTTP headers.
This update also fixes the following non-security issues:
- crash when including more than one php script via SSI
- the php5 binary is now compiled in "cli" mode instead of "gui" mode.
This affects all SUSE Linux based products containing php4 or php5.
- ethereal security problems
This update of Ethereal fixes a stack-based buffer overflow in
the dissect_ospf_v3_address_prefix function of the OSPF protocol
dissector. This bug can be exploited remotely by sending crafted
packets to execute arbitrary code (CVE-2005-3651).
Additionally a bug in the GTP dissector was fixed to avoid a remote
denial-of-service attack (CVE-2005-4585).
All SUSE Linux based products are affected.
This patch was released on Feb 6th.
- apache2 cross site scripting in imagemap and mod_ssl DoS
This update fixes the following security problems in the Apache2
web server modules:
- a cross-site-scripting bug in the imagemap module mod_imap
(CVE-2005-3352)
- a bug in mod_ssl that allowed attackers to crash apache
(CVE-2005-3357)
This affects all SUSE Linux based products.
This patch was released on Feb 7th.
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
- Kernel security issues
Various kernel security issues are known, for which we have prepared
security updates.
All the kernel patches have been released on Thursday, except the
SLES 8 and SLES 9 kernels for the s390 and s390x (zSeries) platforms.
When the latter ones have been released, a separate full security
advisory will be published.
- gpg and liby2util affected on more distributions
While we have a released a security advisory for GPG signature
problems in gpg and in liby2util for SUSE Linux 9.3 and 10.0 we
have now found that other versions are affected too.
We are preparing updates for the other affected versions and will
release a separate advisory at this time.
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and integrity of a
package needs to be verified to ensure that it has not been tampered with.
The internal RPM package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on RPMv4-based
distributions) and the gpg key ring of 'root' during installation. You can
also find it on the first installation CD and included at the end of this
announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ)
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBQ/8Yh3ey5gA9JdPZAQJqWQf/QMUuvUU1+9+g3hIWVp+W53jJhJ43/IjU
LiC7l4FFs8bJIi8DtP48JFKP/v9GpvtRi1xZ/75rqUid7THytAiRThijXLEv2Rqb
VgeMFoZJbiodxkX+2uBhV0QvUySFEgBWfXyF1KNO/JIKBeydAxenhMqvy3A4iukU
rHgowDFEUDwA7QVkYpGu81Xt8d0N9pkpgNJ5APGrMY6goRPlc1Vcp40U2CmXc0nD
tzmkU+J9aZhbUqkwCcLoTq9x27eY9vupElVuUnHw8D8e+JNM3wtze7eiU7MAymwd
KDRS7bYBkxomzMiJG90Q4VcZbgX+1Zx8BOtze/5I922aVEStw+7ypg==
=W7vn
-----END PGP SIGNATURE-----
1
0
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SUSE Security Announcement
Package: heimdal
Announcement ID: SUSE-SA:2006:010
Date: Fri, 24 Feb 2006 12:00:00 +0000
Affected Products: SUSE LINUX 9.2
SUSE LINUX 9.1
SuSE Linux Desktop 1.0
SuSE Linux Enterprise Server 8
SUSE SLES 9
UnitedLinux 1.0
Vulnerability Type: remote denial of service
Severity (1-10): 5
SUSE Default Package: no
Cross-References: CVE-2006-0582
CVE-2006-0677
Content of This Advisory:
1) Security Vulnerability Resolved:
local unauthorized file access, remote denial of service
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
none
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
Heimdal is a Kerberos 5 implementation from the Royal Institut of Techno-
logy in Stockholm.
This update fixes two bugs in heimdal. The first one occurs in the rsh
daemon and allows an authenticated malicious user to gain ownership of
files that belong to other users (CVE-2006-0582).
The second bug affects the telnet server and can be used to crash the server
before authentication happens. It is even a denial-of-service attack when
the telnetd is started via inetd because inetd stops forking the daemon
when it forks too fast (CVE-2006-0677).
2) Solution or Work-Around
There is no work-around known.
3) Special Instructions and Notes
Please make sure the affected daemons are restarted after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/heimdal-0.6.2-8.6.i586…
3d3d6618cfb387ed34c324d805de0df0
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/heimdal-devel-0.6.2-8.…
7f885d8e091ce98a3bab1816d4165d3e
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/heimdal-lib-0.6.2-8.6.…
021f253a7df8d5ab3caa20b25ea67529
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/heimdal-tools-0.6.2-8.…
748a213e99d7a2be08eeb4496aecb478
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/heimdal-tools-devel-0.…
02b9f64f5be3822307102fb9d5842119
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/heimdal-0.6.1rc3-55.21…
235b22414f6129d744f2f62ffccc7962
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/heimdal-devel-0.6.1rc3…
5c17e233db8c0b53798cab0d78f1ede1
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/heimdal-lib-0.6.1rc3-5…
17d0afc2004af42ebbeb8d77af724fe5
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/heimdal-lib-32bit-9.…
38c61584528fa24ff04ece6705d21fb3
x86-64 Platform:
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/heimdal-0.6.2-8.6.x8…
1f899680ff31945963b55e49df6bcfda
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/heimdal-devel-0.6.2-…
1d65e94810c65ccff51b75066569c428
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/heimdal-devel-32bit-…
068244c514f752985be7c76c5a25418e
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/heimdal-lib-0.6.2-8.…
20b9598b6f5cfaf70de0d3a120f89182
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/heimdal-lib-32bit-9.…
93dc79bdf0fc7b7b4cd82a0c3769329e
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/heimdal-tools-0.6.2-…
31d1a3e3da2a794850b3e03710d5263c
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/heimdal-tools-devel-…
71b87841750ba89979c51c3148d315a0
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/heimdal-0.6.1rc3-5…
226be123cb085fb50899ac8af82f5bda
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/heimdal-devel-0.6.…
658aa7a1969078842a0a9368402b83ff
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/heimdal-lib-0.6.1r…
dafdcf2c26be6576916f5ba6cf3cd9f6
Sources:
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/heimdal-0.6.2-8.6.src.r…
e7333885b6976b490164d28dbc00e905
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/heimdal-0.6.1rc3-55.21.…
ab5d0a61dbfb9df34dfa200bda28d04a
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/heimdal-0.6.1rc3-55.2…
0d7fc839fc86c6919931190dbdfbd88e
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/e3602ff9b11cc8f…
http://portal.suse.com/psdb/e3602ff9b11cc8f4a33fff923a591a18.html
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/f1e0fa19e4bd47f…
http://portal.suse.com/psdb/f1e0fa19e4bd47f5f481fa6abb284ed4.html
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
Please read the weekly summary report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iQEVAwUBQ/8QUXey5gA9JdPZAQEaCQf8DiV9hNaGbKY+/SJCeZiPREe0hPHXvzEO
1K+bQ6ufM9aw5jHRw8Ej8yr2o4gOmKYaON+wT9jnsSrPoR927y634y/JwWmrUbS7
D0+jQF0LVX7cprjRvfmaT2uuAGjuKQsmJ7CD+qAS3JgghO7dZIAbP3tH05v37vXq
yxKK64Zboz2Xt9P4H8jWiricIbnUje7iDMke27hjOHJk4WMpnbVaa+mk5GWkPSET
9jSzC3HBhp5NNCRymOg6JrN30Lm6wCOqotuHt2CXDI967B/H9km7Fc98f2/uSLoR
aqf2uTv/+NKSSI4W0MaAlVP2nD06qd+tqocclwKs8S8K8ZliZf7Llw==
=bSuU
-----END PGP SIGNATURE-----
1
0
SUSE Security Announcement: CASA remote code execution (SUSE-SA:2006:010)
by Marcus Meissner 22 Feb '06
by Marcus Meissner 22 Feb '06
22 Feb '06
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: CASA
Announcement ID: SUSE-SA:2006:010
Date: Wed, 22 Feb 2006 12:00:00 +0000
Affected Products: Novell Linux Desktop 9
Open Enterprise Server 1
Vulnerability Type: remote code execution
Severity (1-10): 10
SUSE Default Package: yes
Cross-References: CVE-2006-0736
Content of This Advisory:
1) Security Vulnerability Resolved:
remote root exploit in CASA PAM handler
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
This update fixes a remotely exploitable stack buffer overflow in
the pam_micasa authentication module.
Since this module is added to /etc/pam.d/sshd automatically on
installation of CASA it was possible for remote attackers to gain
root access to any machine with CASA installed.
This is tracked by the Mitre CVE ID CVE-2006-0736.
2) Solution or Work-Around
Upgrade to the fixed packages.
You can also deinstall CASA by doing:
rpm -e CASA CASA-gui CASA-devel
3) Special Instructions and Notes
None.
4) Package Location and Checksums
The preferred method for installing security updates on Novell Linux
Desktop 9 and Open Enterprise Server 1 is to use the Redcarpet
frontends, either via the GUI interface or the "rug" commandline
frontend.
The packages are also offered for installation from the maintenance web:
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/eb79800a3d8a5cb…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBQ/xCbXey5gA9JdPZAQK0cAgAhQ3FkPNrdVaGFeuZYd2rI+qhslVrox3e
T+EXxAsT7Q7YBmb3/LzOHWRLkac+oS2DrLLoTwjPS4/6Xpp/j+CrAfsPFwsMyBtz
A+N8aR+HUaYf4xVnvxRLnltk7HvL9i614PhMJJVLlXWYrfGeecbFqkGKvV4Lzc5J
0y2fEK2bf6rCD+uKgBCeekvAXIZfCW+MzdDj7FPpt9T+NoNZ0SGPiUFV5g2n0kdj
Bg5phlIgoCZd4m07/l8Ie3Qy4kNaysf5QyUgoSwTVWoMWi0bA/u7KFKoiaaLs8tV
IntSS8973GqaKJ42hMwjKIjSpYM1Nk2KFo1J5qtCkrmE7gGYMt8k+g==
=4PpR
-----END PGP SIGNATURE-----
1
0
SUSE Security Announcement: gpg,liby2util signature checking problems (SUSE-SA:2006:009)
by Marcus Meissner 20 Feb '06
by Marcus Meissner 20 Feb '06
20 Feb '06
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: gpg,liby2util
Announcement ID: SUSE-SA:2006:009
Date: Mon, 20 Feb 2006 18:00:00 +0000
Affected Products: SUSE LINUX 10.0
SUSE LINUX 9.3
Vulnerability Type: remote code execution
Severity (1-10): 9
SUSE Default Package: yes
Cross-References: CVE-2006-0455
Content of This Advisory:
1) Security Vulnerability Resolved:
gpg incorrect signature checking
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
With certain handcraftable signatures GPG was returning a 0 (valid
signature) when used on command-line with option --verify.
This only affects GPG version 1.4.x, so it only affects SUSE Linux
9.3 and 10.0. Other SUSE Linux versions are not affected.
This could make automated checkers, like for instance the patch file
verification checker of the YaST Online Update, pass malicious patch
files as correct.
This is tracked by the Mitre CVE ID CVE-2006-0455.
Also, the YaST Online Update script signature verification had used
a feature which was lost in gpg 1.4.x, making it possible to
supply any kind of script which would be thought correct. This would
also allow code execution.
Both attacks require an attacker either manipulating a YaST Online
Update mirror or manipulating the network traffic between the mirror
and your machine.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
None.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/gpg-1.4.2-5.2.i586.rpm
f1422c0264ff3e270a56d03d4b47e762
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/liby2util-2.12.9-0.3.…
9a6f3ee339303f3efd92121dedf441aa
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/liby2util-devel-2.12.…
b504c0cf0f84039018ae1ac90d2e5292
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/gpg-1.4.0-4.2.i586.rpm
fffa34f3034effa188cbeb942473e200
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/liby2util-2.11.7-0.3.i…
a321ab146d07c50cc69a91352ac28bf7
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/liby2util-devel-2.11.7…
1215bcf8f061079dbe05b93b1d611818
Power PC Platform:
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/liby2util-2.12.9-0.3.p…
287ef59b3aec2b9aaaba0e17a9cbba27
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/liby2util-devel-2.12.9…
f0bd4524c50c5e0a5613f70393ba4489
x86-64 Platform:
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/liby2util-2.12.9-0.…
edcad55c6587b9322b5895f2e1ff3760
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/liby2util-devel-2.1…
c6b4a827e8ab4dc6d14608ceeb3e3385
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/liby2util-2.11.7-0.3…
7cd1425a429b4637b34aa675d4eeaa85
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/liby2util-devel-2.11…
8d27157261b70a5bb51ab643d8dd1fe8
Sources:
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/gpg-1.4.2-5.2.src.rpm
5098f06cba2e38aa0b5181fb3f9cd7f3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/liby2util-2.12.9-0.3.s…
3107fb78311f00f01c484c1fa1ab26df
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/gpg-1.4.0-4.2.src.rpm
026b7d74d345815de958152305ffde09
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/liby2util-2.11.7-0.3.sr…
2663aecb5e77147aca6881bd92e570bb
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBQ/n0GXey5gA9JdPZAQLVQAf+MRmnetOGuZJoTtNLVYKBLMI4rkQ4KIAE
iFeoPTcJb9AyK6OY/axV4S+HWKiKxXQ7NZTweCiuaBQdypAxcN8UlhF2udfsAxuW
mY/44/YaGgC00x/ycgjqK8yWUWE8RPgv3NM34XabUZl5SE/VkjaeR3hRCORvCk1W
X2vguq9OY4avnOd4Urm3SK/dJY/RpQAct1/bQrGcaBpqKXTjYONiqw85sxgKztrR
CkOh0kDHRX8De8NlQV1429awygobukk9sQJWf8eCCSfs5OpyTyKv7+GDfgq9X0a6
/7c/3gb2s/xbsZsuH9kd4/+YxHLXAo+kZOnWoTRbgyml3BedL4ZhZg==
=pV1y
-----END PGP SIGNATURE-----
1
0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: openssh
Announcement ID: SUSE-SA:2006:008
Date: Tue, 14 Feb 2006 11:00:00 +0000
Affected Products: SUSE LINUX 10.0
SUSE LINUX 9.3
SUSE LINUX 9.2
SUSE LINUX 9.1
SuSE Linux Desktop 1.0
SuSE Linux Enterprise Server 8
SUSE SLES 9
UnitedLinux 1.0
Vulnerability Type: remote code execution
Severity (1-10): 7
SUSE Default Package: yes
Cross-References: CVE-2006-0225
Content of This Advisory:
1) Security Vulnerability Resolved:
scp double expansion
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
A problem in the handling of scp in openssh could be used to execute
commands on remote hosts even using a scp-only configuration.
This requires doing a remote-remote scp and a hostile server. (CVE-2006-0225)
On SUSE Linux Enterprise Server 9 the xauth pollution problem was fixed too.
The security fix changes the handling of quoting filenames which might
break automated scripts using this functionality.
Please check that your automated scp scripts still work after the
update.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please restart the sshd service after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/openssh-4.1p1-10.4.i5…
3b4e0557d7d0a2b1d23b2c426af95df9
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/openssh-askpass-4.1p1…
ac11a5ad265e171674485961472baaaf
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/openssh-3.9p1-12.4.i58…
2c6d16e14134a1a4f1aaba9ac4aef97f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/openssh-askpass-3.9p1-…
4cab20c7e83f6de0e440383939e69ec5
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/openssh-3.9p1-3.6.i586…
9b8cf778290ac743fd07445799f79b1f
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/openssh-askpass-3.9p1-…
003115e216c2b36da09ec3679744ba3d
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/openssh-4.1p1-11.16.i5…
6e89bdd71e10933bf8e95dc7fad0c289
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/openssh-askpass-4.1p1-…
3d0446f739bcea3715e6945d253b0d53
Power PC Platform:
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/openssh-4.1p1-10.4.ppc…
3970357da536041d1ae3f7e42655aac7
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/openssh-askpass-4.1p1-…
6a79a95ece5bc7738998adad11205f2f
x86-64 Platform:
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/openssh-4.1p1-10.4.…
e9eec927db0859a76851d1b94fa7923d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/openssh-askpass-4.1…
b4a2b9cf969794d1deb1abd07f192786
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/openssh-3.9p1-12.4.x…
65416ca8578374fa4db63ed9e67f41a3
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/openssh-askpass-3.9p…
3fef6bb43541532a654b09dd46201f69
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/openssh-3.9p1-3.6.x8…
3373a79ef05695446f72fdc1a3ec2d44
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/openssh-askpass-3.9p…
37ac73c4c9a7723fdcaeb16671b4c6b9
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/openssh-4.1p1-11.1…
d04d20e03a63676d5c3349c382318194
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/openssh-askpass-4.…
ea0deb3eef9970963af2c8c0adce6a7b
Sources:
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/openssh-4.1p1-10.4.src…
97ffd38b1144c4797d474c7de1eb6f51
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/openssh-3.9p1-12.4.src.…
1d43324b9d51941bf60e8e0bcbfa25c7
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/openssh-3.9p1-3.6.src.r…
647e4b45eba8dd5399c30dcb64db0c91
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/openssh-4.1p1-11.16.src…
cf86431c7c2b1b0b58f6a5f4fff92893
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/openssh-4.1p1-11.16.s…
c04ea03236cd9955c5f21f8c15a35416
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/c0a0e2dc5435936…
http://portal.suse.com/psdb/c0a0e2dc5435936145cde433208b0b1b.html
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBQ/Gy9Hey5gA9JdPZAQJWxAf/Q8qKnvA9R4Zz2v8NZ9wok7qUTuJJWhFa
+vwrHjXaDgIcXUA+Lxz/R7MKFM6R5F7bVYhxq/YnumdULUKtW2kr9pBavIZdYjUj
B6Qe1BlzL6XltLoSfwcTOyp9wGjhOc1rYlWzZHQRWV7Ea7P7jhxk9T4mYV2bVpUA
LvayzxB7obs9OxX1zi/NL0yrPJ/mgtCWmojHVUmO4F2lKZIlWFCP6ml5YTjACppN
yk3W+NxcI1nttc58aqlOFPTnwYeem7lyMu/G6dXaxpELmm69YWJy0e4yTmvU34d7
CDckONvwglxI4+WEJ7Yh3WCmXQwlpdS9nyXLXPte3bGPRS1d6M/j/w==
=rrBZ
-----END PGP SIGNATURE-----
1
0
SUSE Security Announcement: binutils,kdelibs3,kdegraphics3,koffice,dia,lyx (SUSE-SA:2006:007)
by Ludwig Nussel 10 Feb '06
by Ludwig Nussel 10 Feb '06
10 Feb '06
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: binutils,kdelibs3,kdegraphics3,koffice,dia,lyx
Announcement ID: SUSE-SA:2006:007
Date: Fri, 10 Feb 2006 15:00:00 +0000
Affected Products: Novell Linux Desktop 9
SUSE LINUX 10.0
SUSE LINUX 9.3
SUSE LINUX 9.2
SUSE LINUX 9.1
SUSE SLES 9
Vulnerability Type: local privilege escalation
Severity (1-10): 6
SUSE Default Package: yes
Cross-References: -
Content of This Advisory:
1) Security Vulnerability Resolved:
privilege escalation due to empty RPATH in binaries
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
- See SuSE Security Summary Report
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
A SUSE specific patch to the GNU linker 'ld' removes redundant RPATH
and RUNPATH components when linking binaries.
Due to a bug in this routine ld occasionally left empty RPATH
components. When running a binary with empty RPATH components the
dynamic linker tries to load shared libraries from the current
directory.
By tricking users into running an affected application in a
directory that contains a specially crafted shared library an
attacker could execute arbitrary code with the user id of the
victim.
2) Solution or Work-Around
Do not run affected binaries in directories that are writeable by
other users. It is recommended to install the update packages.
To fix self-compiled applications install the updated binutils
package and relink the application.
3) Special Instructions and Notes
Use 'objdump -p' to check whether a binary is affected. RPATH and
RUNPATH must not contain a colon that is not surrounded by path
names.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/binutils-2.16.91.0.2-…
5336c44f08baed1eb20e31672e376996
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kdegraphics3-3.4.2-12…
8fa8cadb9fc305648d809c43d078ee74
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kdegraphics3-3D-3.4.2…
b04b5ea686bface4391d91b96a06b4b7
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kdegraphics3-imaging-…
4be879313304f774cc0e0721b9a4ca52
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kdegraphics3-scan-3.4…
f93207a11a661c6beac8620693ceeb26
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kdegraphics3-tex-3.4.…
bdcdbdfb5651faabb99493b861fda9b2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kdelibs3-3.4.2-24.3.i…
82a02e5e55613d7cd60df86fbbb2b050
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kdelibs3-devel-3.4.2-…
68702ff3f54cca4d3e8c95fd1953b02b
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/binutils-2.15.94.0.2.2…
4cdc297d2ddc398829356d8032d2c570
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kdegraphics3-3.4.0-11.…
f8364afec78108dcb3bb089112c9e486
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kdegraphics3-3D-3.4.0-…
e8405aca4fb3ddf5a5fe38095891173f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kdegraphics3-imaging-3…
1521df464699151917c5edebf7c0e9c8
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kdegraphics3-scan-3.4.…
d5f69e63936e044c7668453643ebdb8d
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kdegraphics3-tex-3.4.0…
c6db7f1b79c54fdbfee5306fb06d327c
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kdelibs3-3.4.0-20.11.i…
3986977230c6cf5e375652707599d086
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kdelibs3-devel-3.4.0-2…
13e39a04f8dcdb2235a4554a242c01d8
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/binutils-2.15.91.0.2-7…
574a32932f442d6ae097c62e67a804bb
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/dia-0.92.2-128.1.i586.…
d3d6d553b0e3f1a1e44e67a1e79cc336
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kdegraphics3-3.3.0-13.…
0f9f1a102d15103fee1d1e6c29f70148
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kdegraphics3-3D-3.3.0-…
1ee1f29003e5333d777699d6b89b80f1
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kdegraphics3-imaging-3…
dcf97cc31d22664de69e730f734479be
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kdegraphics3-scan-3.3.…
0e79d0489c8fe12b62964f3ab3c653a2
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kdegraphics3-tex-3.3.0…
cec40000030a2db31d34bbe048581e9a
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kdelibs3-3.3.0-34.12.i…
27b0c1bfa0b2a683483b7122b34523aa
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kdelibs3-devel-3.3.0-3…
0a22a4ff2245610205a2275e41cd154a
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/binutils-2.15.90.0.1.1…
d499c31bbd95986a70673d8cb11b99f4
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kdegraphics3-3.2.1-67.…
ff479907370e9848e78b2762395457e0
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kdegraphics3-3D-3.2.1-…
9cf5e0afd4a5650db22cbf8e4da9ba01
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kdegraphics3-scan-3.2.…
5c90bfeca61591ce396066a7bba4acc7
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kdegraphics3-tex-3.2.1…
a1611b75579097aa3d0031818b7b6db6
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kdelibs3-3.2.1-44.66.i…
26ce2b4076b945a3d9ecf8af0b83e1e6
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kdelibs3-devel-3.2.1-4…
8c595a2e37986a22a09848a1a128645a
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/binutils-32bit-9.1-2…
c2d8945ce2d0607cf909d29f83262f4f
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/kdelibs3-32bit-9.1-2…
b36749d947eb47286f0a21922b491a70
Power PC Platform:
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/binutils-2.16.91.0.2-8…
de1e858bf7dac44e8adc2a07a0fcf334
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kdegraphics3-3.4.2-12.…
7a2769b5e3e7ec4af6350dc1d826e7c3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kdegraphics3-3D-3.4.2-…
ceb289844025be2048fb86a671ef3d48
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kdegraphics3-imaging-3…
c94eed10ad637634db3b24f08d5c0c81
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kdegraphics3-scan-3.4.…
6f9aa4b7433345db9826580872438eb5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kdegraphics3-tex-3.4.2…
307bdaead8245a26a7b2b00572d290dc
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kdelibs3-3.4.2-24.3.pp…
fb1247f46a4414bda0ac48acb971c126
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kdelibs3-devel-3.4.2-2…
4a4d94290e692bf515690953df895155
x86-64 Platform:
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/binutils-2.16.91.0.…
07905bd004aff0e7f034fbf1839880e4
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/binutils-32bit-2.16…
2808eb66106aac360659f314ce6b8e8e
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kdegraphics3-3.4.2-…
b72daa5dd362a30acb9c9ee60076a432
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kdegraphics3-3D-3.4…
90db781dfd39d8c046c42c3117d42d21
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kdegraphics3-imagin…
50c7e9bb81a223766f8a1b05e961f586
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kdegraphics3-scan-3…
bd603d3147becf226534a12d58de9848
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kdegraphics3-tex-3.…
324124fb727c6133de4c63fc0d8b109a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kdelibs3-3.4.2-24.3…
04f44a7a9113053c11ea2897fea189d1
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kdelibs3-32bit-3.4.…
1232ac61554a53bb772e4ee03d4e75ef
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kdelibs3-devel-3.4.…
a96fa42b4bc03ff15d951029f7606b7d
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/binutils-2.15.94.0.2…
503efba51e385e61053e177cab67e111
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/binutils-32bit-9.3-7…
c4ac261d7021cff6ce157365c75b659f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kdegraphics3-3.4.0-1…
b3d2853ee0f65fdb0f771f597555fde7
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kdegraphics3-3D-3.4.…
92681909dd0d1374386f2a081609cd2f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kdegraphics3-imaging…
5a2494c0e345a35631c22647ff426541
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kdegraphics3-scan-3.…
389b8d61c3776006c4f2389f60b3e3c1
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kdegraphics3-tex-3.4…
11f247f28d1dfd1837b8e2f2774c2446
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kdelibs3-3.4.0-20.11…
bbe654a9c69c7e110e1b7de14b498312
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kdelibs3-32bit-9.3-7…
6d4db92e1305e20aa3337624c845bd30
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kdelibs3-devel-3.4.0…
7da490073d6190af2003687951622405
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/binutils-2.15.91.0.2…
a97601f2e0d5dd4768cda24282b2f4d9
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/binutils-32bit-9.2-2…
6047b8d9493c221302439e289726fbd2
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/dia-0.92.2-128.1.x86…
88b9c13e88b013370ac411f2aaa19c19
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kdegraphics3-3.3.0-1…
d2f8eba01914b6dd3d05c27c468dcfb0
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kdegraphics3-3D-3.3.…
7b8f6fbb5a0a311c29e900877aebd9d7
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kdegraphics3-imaging…
8540ad7e2a46994313cfd3a2963463b8
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kdegraphics3-scan-3.…
2032b30bb43091c625baa1792716ae61
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kdegraphics3-tex-3.3…
7fbd5512b3598157e80c60f0b2855878
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kdelibs3-3.3.0-34.12…
7b5077bce547bcdd4576c6a541f90267
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kdelibs3-32bit-9.2-2…
7c62d3a25c8623f156fb43c36468935e
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kdelibs3-devel-3.3.0…
2dc9fac20d13442b3b5302dc29fe9118
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/binutils-2.15.90.0…
354087b9758e50f86497996b19eeec94
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/dia-0.92.2-112.11.…
03659fbb7563826a87f7f94beb1c75a6
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kdegraphics3-3.2.1…
353ef4a09a8a80e2d64b4d427976ce45
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kdegraphics3-3D-3.…
56d31cb34a3837725df75308e0f88703
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kdegraphics3-scan-…
d1458dddfcffacdb5ef6f430c31c6119
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kdegraphics3-tex-3…
e525803caa7c3dd617f3c5a9a0683ff0
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kdelibs3-3.2.1-44.…
4d3432e2ffc9765d425e69cdf315ba4f
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kdelibs3-devel-3.2…
e2abc0442f078a34c1ca8516579e3a50
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/koffice-1.3-67.4.x…
02bd9d62e0d1c38f8f71f0cf2494b41b
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/koffice-illustrati…
e002a223ab2e3c024c0df5693fd1a3a8
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/koffice-wordproces…
08b03cb4214d760bf6072cd59aac5003
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/lyx-1.3.4-35.1.x86…
e4bc1e182a72bb3a9e4a878208f13cfe
Sources:
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/binutils-2.16.91.0.2-8…
2dd1e35033820628da6b80be0dbe4936
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kdegraphics3-3.4.2-12.…
0397a4c448a829ac21c11305212ff22b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kdelibs3-3.4.2-24.3.sr…
7c198fa4ace4919c221939e6eca00734
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/binutils-2.15.94.0.2.2-…
98d6ea23959aea2765f9c17702ec62dd
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kdegraphics3-3.4.0-11.5…
e15f2a22a803a18be7a1ab145a25007b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kdelibs3-3.4.0-20.11.sr…
aeeb36fc3937dd93d506f526c6c98cc4
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/binutils-2.15.91.0.2-7.…
952e90bdae6b1abeb7ca13b4401b398c
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/dia-0.92.2-128.1.src.rpm
4f1d414bf9fd2a2515aaf4463a441aaa
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kdegraphics3-3.3.0-13.7…
0fae44a5765adc1de2b5462873560bfd
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kdelibs3-3.3.0-34.12.sr…
7debc7aeee1ffca646d5c7216ce683fe
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/binutils-2.15.90.0.1.1-…
5c7ab33f6c050ba300aaaba7e2040fb4
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kdegraphics3-3.2.1-67.1…
8ae65c3f8ab7d3edf8a4e24209ed9e64
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kdelibs3-3.2.1-44.66.sr…
851de1a4caea121c9ed82d77115928b5
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/binutils-2.15.90.0.1.…
239ff55c3e755403a97a121a058c2caf
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/dia-0.92.2-112.11.src…
309668f36903aed44e8bfd15435f1908
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kdegraphics3-3.2.1-67…
51ddd6ca60f542ad852eff7a436a7275
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kdelibs3-3.2.1-44.66.…
c23abf7c55209043d1c546877d2aaef7
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/koffice-1.3-67.4.src.…
d341d9f1e16966db09bd071aeece3a3b
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/lyx-1.3.4-35.1.src.rpm
029f7638dbcba4c841e3803121fb30c7
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/43ed32936d1f47c…
http://portal.suse.com/psdb/43ed32936d1f47c23b6d758b748169d9.html
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/052bc7b0a62a290…
http://portal.suse.com/psdb/052bc7b0a62a29064c15644ebf01dc51.html
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/37ceddfb4166e06…
http://portal.suse.com/psdb/37ceddfb4166e0699e8b64b9e4afea11.html
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/9a3add7ef9404b7…
http://portal.suse.com/psdb/9a3add7ef9404b778a7defb57a14b531.html
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
- See SuSE Security Summary Report
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBQ+yi4ney5gA9JdPZAQKHJwf/ZVp8+ZHDzUh6vD7yh8KiQuczEgL3hel1
CaLGSqd96Bb/TIzBeThb7i5N7ry7BJwGp89FGU9UIWSPLP+xtxBN2PQ2RoiH8mXW
+dSEtCBuQQKaoTfV36gZTlJhVn7CG2eMgL5HyvmUuOFAtpu+WOMteDmbBKw2LASi
xIk4pIoRY/L3XlZz0mmUhj8vd+q4R1MvrXPdhKnuZf4BC10fWV7IK4SR9hhhvpzL
k29yIDhm2IQBF1W546ZNJHcv52SbMtfWGLGBuJtfRjRfuVpoioH2vqOHMA8TdeaX
kyGQ43YHUF/9ZbLhI7NPgRmIbmTWuJDOQSjIQOvZl/GUpVmZTDq7HQ==
=tqKn
-----END PGP SIGNATURE-----
1
0
SUSE Security Announcement: kernel remote denial of service (SUSE-SA:2006:006)
by Marcus Meissner 09 Feb '06
by Marcus Meissner 09 Feb '06
09 Feb '06
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: kernel
Announcement ID: SUSE-SA:2006:006
Date: Thu, 09 Feb 2006 16:00:00 +0000
Affected Products: SUSE LINUX 10.0
Vulnerability Type: remote denial of service
Severity (1-10): 9
SUSE Default Package: yes
Cross-References: CVE-2005-3356, CVE-2005-3358, CVE-2005-3623
CVE-2005-3808, CVE-2005-4605, CVE-2005-4635
CVE-2006-0454
Content of This Advisory:
1) Security Vulnerability Resolved:
various kernel security problems
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The Linux kernel on SUSE Linux 10.0 has been updated to
fix following security problems:
- CVE-2006-0454: An extra dst release when ip_options_echo failed
was fixed.
This problem could be triggered by remote attackers and can
potentially crash the machine. This is possible even with
SuSEfirewall2 enabled.
This affects only SUSE Linux 10.0, all other SUSE distributions
are not affected.
- CVE-2005-3356: A double decrement in mq_open system call could lead
to local users crashing the machine.
- CVE-2005-3358: A 0 argument passed to the set_mempolicy() system
call could lead to a local user crashing the machine.
- CVE-2005-4605: Kernel memory could be leaked to user space through a
problem with seek() in /proc files .
- CVE-2005-3623: Remote users could set ACLs even on read-only
exported NFS Filesystems and so circumvent access control.
- CVE-2005-3808: A 32 bit integer overflow on 64bit mmap calls
could be used by local users to hang the machine.
- CVE-2005-4635: Add sanity checks for headers and payload of netlink
messages, which could be used by local attackers to crash the
machine.
Also various non-security bugs were fixed:
- Fix up patch for cpufreq drivers that do not initialize
current freq.
- Handle BIOS cpufreq changes gracefully.
- Updates to inotify handling.
- Various XEN Updates.
- Catches processor declarations with same ACPI id (P4HT)
- PowerPC: g5 thermal overtemp bug on fluid cooled systems.
- Fixed buffered ACPI events on a lot ASUS and some other machines.
- Fix fs/exec.c:788 (de_thread()) BUG_ON (OSDL 5170).
2) Solution or Work-Around
There is no known workaround, please install the updated packages.
3) Special Instructions and Notes
SPECIAL INSTALLATION INSTRUCTIONS
=================================
The following paragraphs guide you through the installation
process in a step-by-step fashion. The character sequence "****"
marks the beginning of a new paragraph. In some cases, the steps
outlined in a particular paragraph may or may not be applicable
to your situation. Therefore, make sure that you read through
all of the steps below before attempting any of these
procedures. All of the commands that need to be executed must be
run as the superuser 'root'. Each step relies on the steps
before it to complete successfully.
Newer SUSE Linux versions do all this automatically when running
the YaST Online Update.
**** Step 1: Determine the needed kernel type.
Use the following command to determine which kind of kernel is
installed on your system:
rpm -qf --qf '%{name}\n' /boot/vmlinuz
**** Step 2: Download the packages for your system.
Download the kernel RPM package for your distribution with the
name indicated by Step 1. Starting from SUSE LINUX 9.2, kernel
modules that are not free were moved to a separate package with
the suffix '-nongpl' in its name. Download that package as well
if you rely on hardware that requires non-free drivers, such as
some ISDN adapters. The list of all kernel RPM packages is
appended below.
The kernel-source package does not contain a binary kernel in
bootable form. Instead, it contains the sources that correspond
with the binary kernel RPM packages. This package is required to
build third party add-on modules.
**** Step 3: Verify authenticity of the packages.
Verify the authenticity of the kernel RPM package using the
methods as listed in Section 6 of this SUSE Security
Announcement.
**** Step 4: Installing your kernel rpm package.
Install the rpm package that you have downloaded in Step 2 with
the command
rpm -Uhv <FILE>
replacing <FILE> with the filename of the RPM package
downloaded.
Warning: After performing this step, your system may not boot
unless the following steps have been followed
completely.
**** Step 5: Configuring and creating the initrd.
The initrd is a RAM disk that is loaded into the memory of your
system together with the kernel boot image by the boot loader.
The kernel uses the content of this RAM disk to execute commands
that must be run before the kernel can mount its root file
system. The initrd is typically used to load hard disk
controller drivers and file system modules. The variable
INITRD_MODULES in /etc/sysconfig/kernel determines which kernel
modules are loaded in the initrd.
After a new kernel rpm has been installed, the initrd must be
recreated to include the updated kernel modules. Usually this
happens automatically when installing the kernel rpm. If
creating the initrd fails for some reason, manually run the
command
/sbin/mkinitrd
**** Step 6: Update the boot loader, if necessary.
Depending on your software configuration, you either have the
LILO or GRUB boot loader installed and initialized on your
system. Use the command
grep LOADER_TYPE /etc/sysconfig/bootloader
to find out which boot loader is configured.
The GRUB boot loader does not require any further action after a
new kernel has been installed. You may proceed to the next step
if you are using GRUB.
If you use the LILO boot loader, lilo must be run to
reinitialize the boot sector of the hard disk. Usually this
happens automatically when installing the kernel RPM. In case
this step fails, run the command
/sbin/lilo
Warning: An improperly installed boot loader will render your
system unbootable.
**** Step 7: Reboot.
If all of the steps above have been successfully completed on
your system, the new kernel including the kernel modules and the
initrd are ready to boot. The system needs to be rebooted for
the changes to be active. Make sure that all steps have been
completed then reboot using the command
/sbin/shutdown -r now
Your system will now shut down and restart with the new kernel.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/Intel-536ep-4.69-14.3…
617123d586215e94e373797650689b7f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-bigsmp-2.6.13-…
0cbb96d083eb5c5cb6f14896b156d3d6
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-bigsmp-nongpl-…
9da719c36eb4119165d5cd70bfb98703
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-default-2.6.13…
e84cf4f754e2dbad45d32f22764ac363
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-default-nongpl…
96556ee27a4a34ad2757fe0605f56e0a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-smp-2.6.13-15.…
6bcc5556183a30d5be7164229f1a9b2a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-smp-nongpl-2.6…
78883d88c7cca8f55676c6ad8fae8f74
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-source-2.6.13-…
566deccc17d66d38037829b04cd90bf6
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-syms-2.6.13-15…
98dd96111ed5932e29f17bdea8785ad4
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-um-2.6.13-15.8…
37d53ae4b23984e6c2c1eccf2cab1418
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-um-nongpl-2.6.…
9486e2bbba0809d01469eb8ce2862e45
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-xen-2.6.13-15.…
916db787417eb6714f4ef29e2b4fc215
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-xen-nongpl-2.6…
c9f178ee29025e37fad02fc97f54a960
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/um-host-kernel-2.6.13…
b7bd6a96c6f4e484c71121d928ccd88c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-3.0_8259-0.1.i586…
a45eca7e51d5013a33c911ea1a4cfee2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-devel-3.0_8259-0.…
da838d086ab74ae26217fdefd48536ae
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-doc-html-3.0_8259…
803b0ce83f4a3a08988b3af39f187158
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-doc-pdf-3.0_8259-…
9224d203e3466d1bf9a44ccfa0811471
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-doc-ps-3.0_8259-0…
a9b0794189169f88275922da3e3e8566
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-tools-3.0_8259-0.…
3c39e8fadf994ba48c77f429d6d57b89
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-tools-ioemu-3.0_8…
08559ccb01107e018ac9b1bdf8b6be65
Power PC Platform:
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-default-2.6.13-…
9809772427eb306647e818d806a77e89
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-iseries64-2.6.1…
e180170929a1ea8d3f98331bcfb30c9b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-ppc64-2.6.13-15…
87a70ccab5ba54792dee4aa10c793842
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-source-2.6.13-1…
b87c03b2d486fd03c3fac0b3d2a6a226
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-syms-2.6.13-15.…
7dade40bb01bd88a8b0fe59d1305f5c8
x86-64 Platform:
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-default-2.6.…
1b257b185e8eedfc3d8fbded87ad78d7
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-default-nong…
602f86133787c0ecc8eec89b23d54315
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-smp-2.6.13-1…
1a60423b90616a8cbe9f709f3af24788
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-smp-nongpl-2…
95a1d602ec636d83429e326c5d72a6ac
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-source-2.6.1…
72998ee6616db4d71eb5f6830b02775d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-syms-2.6.13-…
8dbeccfea33a188e645c49d18b489ec8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-xen-2.6.13-1…
f8b7244ffdfce6cd10a63793bfff91c1
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-xen-nongpl-2…
3a1b868760ccfcd9e58a99d0cc2e6e10
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-3.0_8259-0.1.x8…
bf63af95f1460384576fe544497a69d9
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-devel-3.0_8259-…
b40992546fe02ba8c1b575ea0d219459
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-doc-html-3.0_82…
89ebeb3a359c3bea923579d557ddd799
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-doc-pdf-3.0_825…
596a4325239ea8b18dd13a2f32a23fd9
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-doc-ps-3.0_8259…
a0dec51273e8b67313cb7001efa4e555
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-tools-3.0_8259-…
88ec4608838d3c0175412d4f9a3a722b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-tools-ioemu-3.0…
c4d1a2fb18cc12cc670eaecbcc52e51e
Sources:
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/Intel-536ep-4.69-14.3.…
318b6e58e9618c58b45b442402f02d8d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-bigsmp-2.6.13-1…
a8106394b8179741f4abe6c5033b825b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-default-2.6.13-…
15357679ff39d7d172915286cf366a02
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-iseries64-2.6.1…
4819d48418dd04d54a6a2cc95ae743dd
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-ppc64-2.6.13-15…
07716c45346938286197c12459139f1d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-smp-2.6.13-15.8…
1f0626d1a7a4f9512a68787369110323
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-source-2.6.13-1…
0d54d3a5531ca860327a42d026d6a5ed
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-source-2.6.13-1…
de47591367758860be95265cf81a514b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-syms-2.6.13-15.…
807f7d1ffde7604cf90198237b3db382
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-um-2.6.13-15.8.…
859c7778b1138f4a6a650ca855d81d09
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-xen-2.6.13-15.8…
131b8f17f1aa4ea060bcc1d3a6148756
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/xen-3.0_8259-0.1.src.r…
75b98cae0e6d1c682e70309bb975060b
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBQ+tpFXey5gA9JdPZAQIyOwf+JroOzv7U1YP+rVgCcT1nKlB6PdXxM3QS
oAvh6CbEH4uu/QdLN+Yt9gQl3PNZcPsNwVg6Bpr0AnOn5YTHB4pEd+LV4McgMX9m
n6pADFKv37KDl15kYV9eddIEBnXy8ZNBEldUjCFPLbB93kkGF5yfdiWAhak3dluA
XJUV2SKLD5KmfRuKrGdWCpVfAwhUiCTDKGeIPuMsePFMohTO9qYHcKnzs7NOe9av
tQW/hcWLLyTxMmcy0MBEfbM6RTQyEOXFL52XJTRP3dcGUEpKiLZPN90pUG0v3KQo
gqzZRxwn/VKrvsmV51T4ywzKR1vnp4FjnDt2KeWP59d99vV6MpRJPw==
=E18s
-----END PGP SIGNATURE-----
1
0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2006:003
Date: Fri, 03 Feb 2006 12:00:00 +0000
Cross-References: CVE-2004-0990, CVE-2005-2798, CVE-2005-4501
CVE-2005-4591, CVE-2005-4592, CVE-2006-0322
Content of this advisory:
1) Solved Security Vulnerabilities:
- SUSE Linux 9.0 discontinued
- openssh GSSAPI problem
- gd integer overflows
- mediawiki problems
- bogofilter buffer overflows
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
- various kernel security issues
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for minor
issues, SUSE Security releases weekly summary reports for the low profile
vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums
or download URLs like the SUSE Security Announcements that are released for
more severe vulnerabilities.
Fixed packages for the following incidents are already available on our FTP
server and via the YaST Online Update.
- SUSE Linux 9.0 discontinued
As previously announced, we have now discontinued SUSE Linux 9.0.
It has received its final security update a week ago (phpMyAdmin).
Next product to be discontinued: SUSE Linux 9.1, end of June 2006.
- openssh GSSAPI problem
This update of openssh fixes an information disclosure bug in
the sshd server. If option GSSAPIDelegateCredentials is enabled,
it could happen that credentials are send to users that are using
non-GSSAPI methods for authentication. (CVE-2005-2798)
The option is not enabled by default in SUSE Linux.
This affects SUSE Linux 9.2 up to 10.0 and SUSE Linux Enterprise
Server 9.
- gd integer overflows
Some integer overflows were fixed in the image manipulation /
creation library GD that may be exploited to execute arbitrary code.
(Old patch was missing upstream.)
This is tracked by the Mitre CVE ID CVE-2004-0990.
All SUSE Linux based products are affected.
- MediaWiki problems
Two problems were fixed in MediaWiki:
- Several cross-site-scripting bugs (CVE-2005-4501)
- Certain links could lead to denial of service (CVE-2006-0322)
This problem affects SUSE Linux 9.3 and 10.0.
- bogofilter buffer overflows
The Bayes based filter bogofilter was updated to fix following
security problems:
- Decoding Unicode sequences could overflow a heap buffer (CVE-2005-4591).
- Very long lines could overflow a heap buffer (CVE-2005-4592).
This problem only affects SUSE Linux 9.3 and 10.0.
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
- Kernel security issues
Various kernel security issues are known and we will start preparing
updates soon.
The next kernel update will probably be available mid of February.
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and integrity of a
package needs to be verified to ensure that it has not been tampered with.
The internal RPM package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on RPMv4-based
distributions) and the gpg key ring of 'root' during installation. You can
also find it on the first installation CD and included at the end of this
announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ)
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBQ+NeuXey5gA9JdPZAQJ9IwgAkOapn5LK57qTciiL4veN/ULbQ5chE7u2
xzS+5SannyKkSij3OXji1JnYz1mb2pCnzkvD/DQZxomsAz0kxw7lY6LGmA9f7wU2
QA85a6ZAa8SMHoBz4B7V14MpjUo/E+/NESM7pj9NWeTMoaWpLGqH6tnOe5xoMQfO
akxbbemHx/x7pMaLA7M03MxFeMUJAQdU2oNZwjAqFLTDMPW0qvWxwjbwNVZXTHBx
b3aNGte4UcEST6zadzIjQIH116H98+FX30nDa+PoWgO9qqvNWIE4H6N4Gi9UIt27
vezPJOsXYNxVoSyRsRwFB5YMHEVrArM+rR5ryX1KyE3wsuMITVziWg==
=rG7D
-----END PGP SIGNATURE-----
1
0