July 2006 - openSUSE Security Announce

SUSE Security Announcement: apache,apache2 mod_rewrite problem (SUSE-SA:2006:043)
by Marcus Meissner 28 Jul '06

28 Jul '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: apache,apache2 Announcement ID: SUSE-SA:2006:043 Date: Fri, 28 Jul 2006 17:00:00 +0000 Affected Products: SLE SDK 10 SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 SUSE LINUX 9.2 SUSE SLES 10 SUSE SLES 9 Vulnerability Type: remote denial of service Severity (1-10): 6 SUSE Default Package: yes Cross-References: CVE-2005-3352, CVE-2006-3747 Content of This Advisory: 1) Security Vulnerability Resolved: Apache off by one security problem Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The following security problem was fixed in the Apache and Apache 2 web servers: mod_rewrite: Fix an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer being written out of bounds. Depending on stack alignment this could be used to potentially execute code. The mod_rewrite module is not enabled per default in our packages. This problem is tracked by the Mitre CVE ID CVE-2006-3747. A more detailed description of this problem is available in: http://www.apache.org/dist/httpd/Announcement2.0.html For SUSE Linux 10.0, 10.1 and SUSE Linux Enterprise 10 additionally a old bug was fixed that we missed to forward port to the Apache 2.2 packages: mod_imap: Fixes a cross-site-scripting bug in the imagemap module. This issue is tracked by the Mitre CVE ID CVE-2005-3352. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please close and restart all running instances of Apache after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-2.2.0-21.7.i586.rpm 124342d5311b318586d91d12117bdd2a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-prefork-2.2.0-21.7… 4a73ae89777943f4127743f817f0a0a5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-worker-2.2.0-21.7.… 1905af7f606986f1818ebed5bd3382d5 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-2.0.54-10.5.i… adf6c8665b9f0f36c6a7720a8f1bfad1 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-prefork-2.0.5… 1cbcec6896dc46504140177b48ca014d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-worker-2.0.54… f721e397c518cc6160886a1296e5a109 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-2.0.53-9.12.i5… e6ae2ee1353c1f1c31c0595b60d18137 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-prefork-2.0.53… cb02c5f97671d2ab0a64215ed9987c2f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-worker-2.0.53-… b8872991cf54d99659e60d860d0c44e8 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-2.0.50-7.14.i5… 9365d403839e7c0740aae1e2f1b6cdfc ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-prefork-2.0.50… 97d506d68996f80ffaaaa6494a127f7c ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-worker-2.0.50-… f649e8eb98d43d6a44231f0c7453c9b2 Power PC Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-2.2.0-21.7.ppc.rpm 133b02c7a3a52a2bf144ece351ba00a1 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-prefork-2.2.0-21.7.… 099056b7a0f634ff1daf583ce2163839 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-worker-2.2.0-21.7.p… a22ae78408cedfea6d66362509d3c721 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-2.0.54-10.5.pp… 16a119e6dab8e972a992ef37bd9973aa ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-prefork-2.0.54… fcb8c3ca92f1b9a39791f51aad5b8907 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-worker-2.0.54-… 0f5dff953aea37964958bc0ed8932412 x86-64 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-2.2.0-21.7.x86_6… 3ab36db089d7f3d60a7114820970afdd ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-prefork-2.2.0-21… b7e9bc09fe9684292acf0e7ed0218b14 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-worker-2.2.0-21.… b6b1ab1c03073f7f2acc07a0231ea532 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-2.0.54-10.5… 17c4bdc7577446bf45335ba58ebb3513 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-prefork-2.0… d55a93a86ae6b5bf037ee336d4307133 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-worker-2.0.… e64fc86d3337913db0c22ffde3519a36 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-2.0.53-9.12.… d4996884e49ef11d27c97340efb6f079 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-prefork-2.0.… 5b599e78e59c7b59dc199777fe2c4eea ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-worker-2.0.5… 09f0f1dc18761a8a902f2dc5ab166883 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/apache2-2.0.50-7.14.… 595101ab05dfe5117ddab1d1f1463a28 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/apache2-prefork-2.0.… 112fe5dd14b66a4fbb82c3c5178bef69 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/apache2-worker-2.0.5… 7c07b8b400e6ed13a4707c3ebe1eed3a Sources: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/apache2-2.2.0-21.7.src.rpm 493d11cc099e975bc0974611cf936816 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/apache2-2.0.54-10.5.sr… b83da64c6ad0b76d7a3a8bf909d61d39 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/apache2-2.0.53-9.12.src… 5d4c85c7f60ea5c73df0fba7d92bec35 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/apache2-2.0.50-7.14.src… 2c4e95c0ebe9bee49dec733cbdeb42d3 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE SLES 10 http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/90eac595ae9e6c7… SLE SDK 10 http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/90eac595ae9e6c7… SUSE SLES 9 http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/90eac595ae9e6c7… http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/5d0c08a7586a4b9… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBRModD3ey5gA9JdPZAQId4Af/VhoqcRf1+yjri2+3kTMoB6mI638eGzWB Cp95ERRylsDcrhwvqOtESGC78FMN6bGSMgtTOzakhVVDr2Rn2eKjYmHJU4E6W3da UD9nOA3YDWVqHZDxH3XOhbvg7HtQ/44IMBC15Ob8P/vH6IarTLh1CA4ZOop+FClk 183vo2+i8BosBJGSsBGE6dCEQdqm1wGLo33/WYD+9Q3S3Hr8Yl5lZjfr0UEiVzKg t60XhsFdUpS+kXQZlS3axdYaCPi86joji8nWo6ncgeL+VcBtyELHHRdpY2hFO5yU hpAZRRJ/dOASX2MsaOV33v1yYtUEq0jaDxOTDOdUYf4Hz7I8MT01uQ== =beMF -----END PGP SIGNATURE-----

1 0

SUSE Security Summary Report SUSE-SR:2006:018
by Marcus Meissner 28 Jul '06

28 Jul '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2006:018 Date: Fri, 28 Jul 2006 16:00:00 +0000 Cross-References: CVE-2006-3082 Content of this advisory: 1) Solved Security Vulnerabilities: - gpg2 denial of service attack 2) Pending Vulnerabilities, Solutions, and Work-Arounds: - Mozilla Firefox / Thunderbird / Suite Security Update 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for the following incidents are already available on our FTP server and via the YaST Online Update. - gpg2 denial of service attack It is possible to crash (denial of service) the GNU Privacy Guard (gpg) by supplying a specifically crafted message specifying a very large UID, which leads to an out of memory situation or an integer overflow. gpg itself has been updated some weeks ago already, gpg2 (the 1.9.x version) was updated this week. This issue is tracked by the Mitre CVE ID CVE-2006-3082. ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds - Mozilla Firefox / Thunderbird / Suite Security Update We will be updating Mozilla in the next days. - Mozilla Firefox: All Mozilla Firefox on released distributions will be upgraded to version 1.5.0.5. This update affects: Novell Linux Desktop 9, SUSE Linux Enterprise 10, SUSE Linux 9.2 - 10.1 The update might break manually installed Firefox Extensions. - Mozilla Thunderbird Mozilla Thunderbird on released distributions will be upgraded to version 1.5.0.5. - Mozilla Suite discontinuation / replacement by Seamonkey. Since the Mozilla Suite is no longer maintained, we will most likely replace it by Seamonkey 1.0.3. This update affects: SUSE Linux Desktop 1, SUSE Linux Enterprise Server 8, SUSE Linux Enterprise Server 9, Novell Linux Desktop 9, SUSE Linux 9.2 - 10.0. This will likely also require updates of evolution, beagle, and other dependent packages, so it might take some time. In general we recommend not using the Mozilla Suite any longer. ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and included at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ) send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBRMoU53ey5gA9JdPZAQJOMwgAmmcJTRtQJbNJWF9pkWXYZ7pXBOPlOjkO 6ftG7wfjOtFjv5fnAyLByDLNUDESD96jT3e2u43/pOqpSeSS+SdvbOUO3d433y2X fd0/7lKe++ogZdiXuD1946XlxbsUgwbLm2UKItoxTGI4FX/zUbEmowPtkMHI2oKp p4UcXh5dXoyyGJgxrkbQOkIArS+RWSbDiK+Q4pUsULB59YH7YG6qk0OuBRHAQpEE ZP1fXv657UHguXYbP5K9DRpxZcCbmU4Nw6olezAZetAw2VqfMe9KN2fRX+kzE+kY 2/49yp3aChG+lmyLgyMaqcROXZCLljflFMXQxOXMZzaS8FeHjHRjvg== =1w4C -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: kernel security problems (SUSE-SA:2006:042)
by Marcus Meissner 26 Jul '06

26 Jul '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: kernel Announcement ID: SUSE-SA:2006:042 Date: Wed, 26 Jul 2006 14:00:00 +0000 Affected Products: SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 SUSE LINUX 9.2 SUSE LINUX 9.1 Vulnerability Type: local privilege escalation Severity (1-10): 7 SUSE Default Package: yes Cross-References: CVE-2006-0744, CVE-2006-1528, CVE-2006-1855 CVE-2006-1857, CVE-2006-1858, CVE-2006-1859 CVE-2006-1860, CVE-2006-2444, CVE-2006-2445 CVE-2006-2448, CVE-2006-2450, CVE-2006-2451 CVE-2006-2934, CVE-2006-2935, CVE-2006-3085 CVE-2006-3626 Content of This Advisory: 1) Security Vulnerability Resolved: Various kernel security problems Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The Linux kernel has been updated to fix several security issues. This advisory refers to kernel updates for SUSE Linux 9.1 - 10.1. For the SUSE Linux Enterprise 9 and 10, Novell Linux Desktop 9, Open Enterprise Server products the kernel update is still in testing and will be released within the next week. SUSE Linux Enterprise 8 and SUSE Linux Desktop 1 with Linux 2.4 based kernels are not affected by exploitable problems in their default configuration and will not be updated with this security update round. The SUSE Linux 10.1 kernel has been updated to state of the SUSE Linux Enterprise 10 kernel and will continue to track it. The updated kernel enables convenient use of kernel module packages for NVIDIA and ATI drivers on SUSE Linux 10.1. Please see the HOWTOs on http://opensuse.org/ on how to add and use them. The update also includes a set of AppArmor and Kernel Module Package (KMP) updates. Following security issues fixed: - CVE-2006-0744: When the user could have changed %RIP always force IRET, now also fixed for the UML kernel. - CVE-2006-1859: A memory leak in __setlease in fs/locks.c allows local attackers to cause a denial of service (memory consumption) via unspecified actions related to an "uninitialized return value," aka "slab leak." - CVE-2006-1860: lease_init in fs/locks.c allows local attackers to cause a denial of service (fcntl_setlease lockup) via actions that cause lease_init to free a lock that might not have been allocated on the stack. - CVE-2006-1528: Linux allows local users to cause a denial of service (crash) via a Direct I/O transfer from the sg driver to memory mapped (mmap) IO space. - CVE-2006-1855: It was possible to potentially crash the kernel by using CPU timers and timing the termination of the parent process. - CVE-2006-1857: A buffer overflow in the SCTP protocol could allow remote attackers to cause a crash or possibly execute arbitrary code via a malformed HB-ACK chunk. - CVE-2006-1858: SCTP allowed remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters. - CVE-2006-2444: The snmp_trap_decode function in the SNMP NAT helper allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as demonstrated via certain test cases of the PROTOS SNMP test suite. - CVE-2006-2445: A race condition in run_posix_cpu_timers allows local users to cause a denial of service (BUG_ON crash) by causing one CPU to attach a timer to a process that is exiting. - CVE-2006-2448: Due to missing checking of validity of user space pointers it was possible for local attackers to read any kernel memory, potentially exposing sensitive data to the attacker or crash the kernel. This problem is PowerPC specific. - CVE-2006-3085: Fixed a remotely trigger able endless loop in SCTP netfilter handling caused by 0 chunk length. - CVE-2006-2451: Due to an argument validation error in prctl(PR_SET_DUMPABLE) a local attacker can easily gain administrator (root) privileges. - CVE-2006-2934: When a SCTP packet without any chunks is received, the newconntrack variable in sctp_packet contains an out of bounds value that is used to look up an pointer from the array of timeouts, which is then dereferenced, resulting in a crash. Make sure at least a single chunk is present. - CVE-2006-2935: A stack based buffer overflow in CDROM / DVD handling was fixed which could be used by a physical local attacker to crash the kernel or execute code within kernel context, depending on presence of automatic DVD handling in the system. - CVE-2006-3626: A race condition allows local users to gain root privileges by changing the file mode of /proc/self/ files in a way that causes those files (for instance /proc/self/environ) to become setuid root. The SUSE Linux 9.1 kernel update is the final SUSE Linux 9.1 YOU update (see separate announcement from some days ago). 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes SPECIAL INSTALLATION INSTRUCTIONS ================================= The following paragraphs guide you through the installation process in a step-by-step fashion. The character sequence "****" marks the beginning of a new paragraph. In some cases, the steps outlined in a particular paragraph may or may not be applicable to your situation. Therefore, make sure that you read through all of the steps below before attempting any of these procedures. All of the commands that need to be executed must be run as the superuser 'root'. Each step relies on the steps before it to complete successfully. **** Step 1: Determine the needed kernel type. Use the following command to determine which kind of kernel is installed on your system: rpm -qf --qf '%{name}\n' /boot/vmlinuz **** Step 2: Download the packages for your system. Download the kernel RPM package for your distribution with the name indicated by Step 1. Starting from SUSE LINUX 9.2, kernel modules that are not free were moved to a separate package with the suffix '-nongpl' in its name. Download that package as well if you rely on hardware that requires non-free drivers, such as some ISDN adapters. The list of all kernel RPM packages is appended below. The kernel-source package does not contain a binary kernel in bootable form. Instead, it contains the sources that correspond with the binary kernel RPM packages. This package is required to build third party add-on modules. **** Step 3: Verify authenticity of the packages. Verify the authenticity of the kernel RPM package using the methods as listed in Section 6 of this SUSE Security Announcement. **** Step 4: Installing your kernel rpm package. Install the rpm package that you have downloaded in Step 2 with the command rpm -Uhv <FILE> replacing <FILE> with the filename of the RPM package downloaded. Warning: After performing this step, your system may not boot unless the following steps have been followed completely. **** Step 5: Configuring and creating the initrd. The initrd is a RAM disk that is loaded into the memory of your system together with the kernel boot image by the boot loader. The kernel uses the content of this RAM disk to execute commands that must be run before the kernel can mount its root file system. The initrd is typically used to load hard disk controller drivers and file system modules. The variable INITRD_MODULES in /etc/sysconfig/kernel determines which kernel modules are loaded in the initrd. After a new kernel rpm has been installed, the initrd must be recreated to include the updated kernel modules. Usually this happens automatically when installing the kernel rpm. If creating the initrd fails for some reason, manually run the command /sbin/mkinitrd **** Step 6: Update the boot loader, if necessary. Depending on your software configuration, you either have the LILO or GRUB boot loader installed and initialized on your system. Use the command grep LOADER_TYPE /etc/sysconfig/bootloader to find out which boot loader is configured. The GRUB boot loader does not require any further action after a new kernel has been installed. You may proceed to the next step if you are using GRUB. If you use the LILO boot loader, lilo must be run to reinitialize the boot sector of the hard disk. Usually this happens automatically when installing the kernel RPM. In case this step fails, run the command /sbin/lilo Warning: An improperly installed boot loader will render your system unbootable. **** Step 7: Reboot. If all of the steps above have been successfully completed on your system, the new kernel including the kernel modules and the initrd are ready to boot. The system needs to be rebooted for the changes to be active. Make sure that all steps have been completed then reboot using the command /sbin/shutdown -r now Your system will now shut down and restart with the new kernel. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apparmor-parser-2.0-21.5.i… 9cd9a522ee1844e945b580697cf23ad9 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/audit-1.1.3-23.3.i586.rpm 89d2201c3dbc746ec24cf4bd4cb44559 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/audit-devel-1.1.3-23.3.i58… 72540e4f65fd2edf1782a75114fccb9f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/audit-libs-1.1.3-23.3.i586… 4cf153c5f2f544d0766a00fa83b3c8ef ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cloop-kmp-bigsmp-2.01_2.6.… 6bdf25dbf6a23a529fcb03a64b17cebf ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cloop-kmp-debug-2.01_2.6.1… a844ad701dd378b34a4cadc0e4c22e6f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cloop-kmp-default-2.01_2.6… dff4d32521e85e17d4f8ff6adca93949 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cloop-kmp-smp-2.01_2.6.16.… cef9a15763ee6932c53ee21473cd4997 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cloop-kmp-xen-2.01_2.6.16.… ba16f758468d56f1d7923db3b0904631 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cloop-kmp-xenpae-2.01_2.6.… 2c43fb6f07d4bfe9b93870e5427c1895 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/drbd-0.7.18-3.3.i586.rpm e7b20cfae135aa61d35b7a5b21c74330 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/drbd-kmp-bigsmp-0.7.18_2.6… 909215493b300108c63119ab9f096d79 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/drbd-kmp-debug-0.7.18_2.6.… e113b1b042ae80eab80c23c4c28cf97f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/drbd-kmp-default-0.7.18_2.… b69e5fc59ca5d0c240fd53fc98a5484a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/drbd-kmp-smp-0.7.18_2.6.16… 6c9bac44ad763009d4331401d3ac10ec ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/drbd-kmp-xen-0.7.18_2.6.16… 3188da9046488df7bed609ffd7ce54fe ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/drbd-kmp-xenpae-0.7.18_2.6… bb3ef37bcb236e56be33e14e1e367983 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/hbedv-dazuko-kmp-bigsmp-2.… b9ecda8924b39c2ef58543daeb27f35f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/hbedv-dazuko-kmp-debug-2.1… 410388ef1c72ff622aa163a5c2d9df4c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/hbedv-dazuko-kmp-default-2… afb6655fed055160232e9e88da940b24 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/hbedv-dazuko-kmp-smp-2.1.1… 23bab134a07330c207e7318843c82a79 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/hbedv-dazuko-kmp-xen-2.1.1… 4797651065a56662beb54b0a6bc88b12 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/hbedv-dazuko-kmp-xenpae-2.… 77832a824919e683087693f24db509f6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ivtv-kmp-bigsmp-0.7.0_2.6.… 57aefc602afcb1d96e386a748c84077f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ivtv-kmp-debug-0.7.0_2.6.1… 641354f8153682d9657809ff3de2ceef ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ivtv-kmp-default-0.7.0_2.6… 32c3dd5b3aa99ba22851a5b8437c3198 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ivtv-kmp-smp-0.7.0_2.6.16.… 261b6e2cef8380c105f1175813b6652e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ivtv-kmp-xen-0.7.0_2.6.16.… 2b0a21a904508d395e3fb6ae250bb97d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ivtv-kmp-xenpae-0.7.0_2.6.… bdb122fa51617514703c0e6655976ecb ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-bigsmp-2.6.16.21-0.… a7cd535abc7d7369df33218549a40641 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-debug-2.6.16.21-0.1… 76afdaa38402761b7a4547d346128d12 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-default-2.6.16.21-0… c02ef80cf6259e9c2e2367d906ddbce5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-kdump-2.6.16.21-0.1… 7d2ae84459eb40f27eb27ccd17f40065 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-smp-2.6.16.21-0.13.… bb548b149f045f71f0cc77cdeab3554e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-source-2.6.16.21-0.… 06f6819e6b542f818dfc1cf8b177d21c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-syms-2.6.16.21-0.13… c03b63fe79c14b963c2ca952d741507b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-um-2.6.16.21-0.13.i… 47dfc55b417521fc8f89719a26590b8b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-xen-2.6.16.21-0.13.… ce2c2a0c3d8f8de549f7f9e464b215c6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-xenpae-2.6.16.21-0.… 0ebf3e42683ade314e2eb216ee11de72 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kexec-tools-1.101-32.17.i5… 28f60804adcf7e5d19ec52b4d64de043 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/lirc-kmp-bigsmp-0.8.0_2.6.… 67b4f753cc31f80de61e6c3b46511ad8 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/lirc-kmp-default-0.8.0_2.6… fe279b89071ac503553a3ef9f7006ccb ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/lirc-kmp-smp-0.8.0_2.6.16.… b051b17aaa7f5f3faddd7ae04e17b25b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/lirc-kmp-xenpae-0.8.0_2.6.… 91e65fa9b282efc42f012b27f55db16c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/mkinitrd-1.2-106.15.i586.r… 3f795b29fdf6a9bc66eb42c8686c7977 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/multipath-tools-0.4.6-25.9… d8dafe24a0f64529fa92a7f21acd88dd ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ndiswrapper-kmp-bigsmp-1.1… e5a0788af9f6f93be7592212fa4e1d4f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ndiswrapper-kmp-debug-1.10… 188cdc73cf94c84cef6d9bfec587da9d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ndiswrapper-kmp-default-1.… 9b8abac21a6ed044bdde306d27f97b03 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ndiswrapper-kmp-smp-1.10_2… 2865814e726de3c07e4a63433e2408ae ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ndiswrapper-kmp-xen-1.10_2… d49abd0a6bd8319a6bf35665cb20e1f1 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ndiswrapper-kmp-xenpae-1.1… 38bbad45bd3915010d26dd7dbf07b570 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/novfs-kmp-bigsmp-1.2.0_2.6… a20595f9f88f23363aea1e281a853bb9 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/novfs-kmp-debug-1.2.0_2.6.… e266f1647fd1d9b3fe53782249aa8017 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/novfs-kmp-default-1.2.0_2.… 21c7664b863b822b7e6fca494167dca7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/novfs-kmp-smp-1.2.0_2.6.16… 206c4c2c37edbe12a532d7df17992fe5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/novfs-kmp-xen-1.2.0_2.6.16… 74f8ee6ce6fb0ba4264027d82dedfed2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/novfs-kmp-xenpae-1.2.0_2.6… 684fe3618c802c5949c16c2e23490fa7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/omnibook-kmp-bigsmp-200601… aa274c0190792577dae5400fecad7642 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/omnibook-kmp-debug-2006012… b37e5f6d1afff4d17236e781e908c4a2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/omnibook-kmp-default-20060… 504aee4caf372688dd59254b4296a071 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/omnibook-kmp-kdump-2006012… 826ef0e62b77ee7db3515c4f81d918fb ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/omnibook-kmp-smp-20060126_… ba37438f88bb172e407d6e4db00fab9a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/omnibook-kmp-xen-20060126_… 3976e689381649ba359466ba5f891322 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/omnibook-kmp-xenpae-200601… cb6ef7570da4621c6db5c23bbe9e382e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/open-iscsi-0.5.545-9.13.i5… 99aa6db3390acb91b9c67ac251c2ffc3 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/openafs-kmp-xenpae-1.4.0_2… a56246ac270979f33de6dff3aa6b9d43 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/pcfclock-kmp-bigsmp-0.44_2… afa731bcb72c96c2e3554518143a2941 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/pcfclock-kmp-debug-0.44_2.… 8479ea66ef737620144bfa24d5793005 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/pcfclock-kmp-default-0.44_… 702881557801a075ae91c8662556181d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/pcfclock-kmp-smp-0.44_2.6.… fc4dfe6ba9c75dacbd9f4cf5f3b4dfbd ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/quickcam-kmp-default-0.6.3… 82ace92edf245eceddd502b65632b4af ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/tpctl-kmp-bigsmp-4.17_2.6.… 26815c7856a9b3e2912bba2e10baac34 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/tpctl-kmp-debug-4.17_2.6.1… be232e269a6067bd2d936f16e6c8a3a6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/tpctl-kmp-default-4.17_2.6… c4c56fbf67434f5f2939dd4e85cf6108 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/tpctl-kmp-smp-4.17_2.6.16.… 90fda039097bcb9dfea77c93321895e4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/udev-085-30.11.i586.rpm 73a5ffcaeea72c89632f6597113fa435 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/usbvision-kmp-bigsmp-0.9.8… 749b7ec34a2cd0864cd296419bdafcd8 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/usbvision-kmp-debug-0.9.8.… a0eb6f7674520a01b151c490dc342dc7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/usbvision-kmp-default-0.9.… 37a4e14ce1ec4965f26e1326d7241762 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/usbvision-kmp-smp-0.9.8.2_… 5c9926a62a9e5096ce63349acbe89724 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/usbvision-kmp-xen-0.9.8.2_… d2410737db46df9bada726bfc2416a2c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/usbvision-kmp-xenpae-0.9.8… 694c781f29dccaa1f26fcd58c79d4371 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/wlan-kmp-bigsmp-1_2.6.16.2… 01f91c7bd6eb1ca1edf5bee04ea2786a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/wlan-kmp-debug-1_2.6.16.21… 5a1adb87796cc4dc05dd38ff285e3408 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/wlan-kmp-default-1_2.6.16.… 38786dc33bfa6f02d3aa1bf997d25398 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/wlan-kmp-smp-1_2.6.16.21_0… 0b4cbdb97296ee00c6a67179f4b4efb7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/wlan-kmp-xen-1_2.6.16.21_0… f139106bdfbc3e4faf1f4bad2a5f326b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/wlan-kmp-xenpae-1_2.6.16.2… 14ed4ae45d2d65ad5c78581940bb353a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xen-3.0.2_09749-0.7.i586.r… 59d56377f67d382fa5adca980a21caa8 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xen-devel-3.0.2_09749-0.7.… 2b7d4f9881b452a48abff40cf56241f4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xen-doc-html-3.0.2_09749-0… 59363777b0f98db4f96722fc95752866 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xen-doc-pdf-3.0.2_09749-0.… 0fa70e52865138e9644a24c036e3bda2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xen-doc-ps-3.0.2_09749-0.7… ad5649957c67a8ecf5fae796fb7e40db ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xen-libs-3.0.2_09749-0.7.i… e2c1e535725b5b24cd19c51a0e8dc8f4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xen-tools-3.0.2_09749-0.7.… 0cadd80f58357b3135825cba81785b56 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xen-tools-ioemu-3.0.2_0974… 8387b6d495aa45270872f60aabc1c394 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/zaptel-kmp-bigsmp-1.2.4_2.… f7b74bcb292788f9cc5c584a01a9a47b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/zaptel-kmp-debug-1.2.4_2.6… 42a59aacc105356cfa1565cad548fd88 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/zaptel-kmp-default-1.2.4_2… d4c16bdda9973cec6f66b6cb6216e7d1 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/zaptel-kmp-smp-1.2.4_2.6.1… 042d4daa42d5941ed5efce7d10c72c25 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/zaptel-kmp-xen-1.2.4_2.6.1… cd8d8148c21c5acb1739ba3467dfe119 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/zaptel-kmp-xenpae-1.2.4_2.… d4b664e27c6c8ec2eb4154d73b498171 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/Intel-536ep-4.69-14.6… f1a8ba80079b81685d9426f09b64bb99 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-bigsmp-2.6.13-… d2390ddccfaad103ae4d80fb59a73800 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-bigsmp-nongpl-… f45d3b6f92c7e07be02ac7c45d6d2420 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-default-2.6.13… d5ddb4d7c4e729712abd31c16d1d00fb ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-default-nongpl… 5354e1fa6372548bb998eacbb438fc9d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-smp-2.6.13-15.… f358de08699bfbd90c2a96b63d04ebe9 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-smp-nongpl-2.6… 002fde4bfccb45b7b928f2d6cb175702 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-source-2.6.13-… 8dcc7463d139b67f4058196077fd77bb ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-syms-2.6.13-15… 82ef2c427e48d71d088bccdd3090051d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-um-2.6.13-15.1… 4cada92e8b362a18a6cb2e7b9dad1867 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-um-nongpl-2.6.… a5c1fb1d7ba62cb7d47e1ebc68b6043b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-xen-2.6.13-15.… e2e53924d3dd90ae1ed6fd6cf65e5a98 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-xen-nongpl-2.6… cd9bad0b01cdad5dc70d4fbc82352af0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/um-host-kernel-2.6.13… d0af6de05ca9a572cf9ea25ba702867c SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/Intel-536ep-4.69-10.7.… fb640315cdcf43f2ffd7f6f51828eccc ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-bigsmp-2.6.11.4… 474bcbd50739da47319f62ea9efac697 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-bigsmp-nongpl-2… f591a96ebe1788fa7503ed80b35f4b9b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-default-2.6.11.… 00c44c19362f6256a95496de93500524 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-default-nongpl-… cc6aebefa35a4bca90cc22cf4522fe97 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-smp-2.6.11.4-21… 00dfc63513b64f9aa6534ee0424a4d42 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-smp-nongpl-2.6.… cfab4802ff6cdb522494690a53166bbe ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-source-2.6.11.4… a8b6221034411bf63093fa7c2b8e6ad4 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-syms-2.6.11.4-2… 267669734dc0e95e2bdf96a4c9ce5321 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-um-2.6.11.4-21.… 31d0831adab64bbf848433c2b0b68db8 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-um-nongpl-2.6.1… 751dad14c0578d2522cad557ad00f13f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-xen-2.6.11.4-21… 32523934ffd726b303cd7650168262f2 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-xen-nongpl-2.6.… 5155c42795497c07f27093677b011d2c ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/ltmodem-8.31a10-7.7.i5… 23bb3edd5eccdbfdba9abcfb1c356a7c ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/um-host-install-initrd… 7e0d874eacfb71671ef2cce0287f8cb0 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/um-host-kernel-2.6.11.… 7e561721fad94a6d744864bce5dd551e SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/Intel-536ep-4.69-5.16.… bb0396417107d32fed4997d7a70b37f9 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-bigsmp-2.6.8-24… bde42b68a6ed0eb3c3633ceb125f348c ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-bigsmp-nongpl-2… ef4c6540b77fa646649fdc473039a569 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-default-2.6.8-2… 740f4bb7cbb56cf55360bf4a1edf32fe ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-default-nongpl-… 19313402b487108c4ef883dfcb7aa03e ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-smp-2.6.8-24.24… 4acac5fcacfb83abe2326c880a9ab94b ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-smp-nongpl-2.6.… d5649a51a381106a7733bfe093c71bc4 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-source-2.6.8-24… 0415a737781d2906b3d380ccf3946dc7 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-syms-2.6.8-24.2… 5bf912e55bb0fb5aec445eafa0075784 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-um-2.6.8-24.24.… f56fe753c10797532e7239b9a68e97d6 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-um-nongpl-2.6.8… a2f9dbcacff96e556ff82cc716417ed5 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/ltmodem-8.31a8-6.16.i5… 5a062eb816a7a4638f9261ba98767dd2 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/um-host-install-initrd… 9e31db031ba57f3af146a17d9597986f ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/um-host-kernel-2.6.8-2… 0f9837aa3de9897a5983af8726615339 SUSE LINUX 9.1: ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-bigsmp-2.6.5-7.… ceba69d6952612d1cc2434b8da1cbf75 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-default-2.6.5-7… 1c1d3680df647755a922fbf8028b58b9 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-smp-2.6.5-7.276… 217d25d2d474d4f7eb974d966fd4c926 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-source-2.6.5-7.… aabe3bb797ddaacc5f19b144d37b4be5 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-syms-2.6.5-7.27… d87358add6318890f66d0de62a2bcbea ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/ltmodem-2.6.2-38.24.i5… d8eadd159248361b0a9ee0e0cb3f4168 Platform Independent: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/noarch/apparmor-admin_en-10-7.5… 8a183fb7f7b69af041e1f6f4a5b46d68 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/noarch/apparmor-docs-2.0-17.5.n… 827b675a6c216ec32902183c79433479 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/noarch/apparmor-profiles-2.0-34… f6ae693557732b8f27eba4dfde4a9eb4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/noarch/apparmor-utils-2.0-23.5.… acb673a77bfe60d6d036e60f5b19764b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/noarch/yast2-apparmor-2.0-27.5.… 83c76ee5e56846ec7545d5fe0bf25098 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/noarch/kernel-docs-2.6.11.4… 1ebb82bcf1316493ca8b4355db932d0b SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/noarch/kernel-docs-2.6.8-24… e7d6caf8cb9c23119d181b98efaf7ba7 SUSE LINUX 9.1: ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/noarch/kernel-docs-2.6.5-7.… ece4fe625855902c637abe9f1252f6d4 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/noarch/kernel-docs-2.6.5-… 556b8059e67605daa9d789907db10778 Power PC Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apparmor-parser-2.0-21.5.pp… f630cd2887055b6442706a229bd79f34 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/audit-1.1.3-23.3.ppc.rpm 8aa6cc2de24e4bb4d4c74307986ca354 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/audit-devel-1.1.3-23.3.ppc.… f7e3b65e5754df2c7e3f81387f4dfce5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/audit-libs-1.1.3-23.3.ppc.r… 5c6861388a938b80c266a1932fac85d0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cloop-kmp-default-2.01_2.6.… ac3295455812a021ad5f239ab56287cb ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cloop-kmp-iseries64-2.01_2.… 8dd405813e14d317831dc5b6a657d55d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cloop-kmp-ppc64-2.01_2.6.16… c59982049da9a11ebf26e3ac477442ab ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/drbd-0.7.18-3.3.ppc.rpm fdcc271b40cfc14985951fb94154c0ef ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/drbd-kmp-default-0.7.18_2.6… 16e8bf1e04d4574ea116fd8a9617c5ed ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/drbd-kmp-iseries64-0.7.18_2… 0e648065b5442763404396603e1c2782 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/drbd-kmp-ppc64-0.7.18_2.6.1… a7dcee57666e9ca61d4dea5b4953655b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-default-2.6.16.21-0.… e37ef749e89e0785dee5cb0bb1efa740 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-iseries64-2.6.16.21-… 1623a8a97419a2272027aa166430860a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-kdump-2.6.16.21-0.13… 76c9fdf080d3697ba2b97a18b3c031f8 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-ppc64-2.6.16.21-0.13… 181a7668969c02dd217f77f795f88214 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-source-2.6.16.21-0.1… 216d42cb7f22a423bb62b1af3124ca5a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-syms-2.6.16.21-0.13.… 2442412bc80a1301b3cf4a8e491e1a1d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/lirc-kmp-default-0.8.0_2.6.… 583928fdc71ae4a8790bc1d04be092d0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/lirc-kmp-iseries64-0.8.0_2.… 0c617c35763488383d31e09776981ffc ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/lirc-kmp-ppc64-0.8.0_2.6.16… b64cd82811dc7d7f279b87e5dbc51276 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/mkinitrd-1.2-106.15.ppc.rpm 70ca7ada636755d8ba1d159d38cfb98c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/multipath-tools-0.4.6-25.9.… 0df9787c0d34cdde227e76218accbafb ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/open-iscsi-0.5.545-9.13.ppc… 8b19b4b4d10841fc0edcfad8bead5321 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/pcfclock-kmp-default-0.44_2… 108d8f2c2b660bfd805ef76820a8a835 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/pcfclock-kmp-ppc64-0.44_2.6… 0dab492bad5d5815c678df2987ebae62 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/quickcam-kmp-default-0.6.3_… 61cd65508674e71fe619bec2fb9026f3 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/udev-085-30.11.ppc.rpm 4571532a54b7e221448b324ca994e4d1 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/wlan-kmp-default-1_2.6.16.2… 079bb0db9f9396f5daf64cb00246bbd1 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/wlan-kmp-iseries64-1_2.6.16… 835067ccf55f42ed34cff08e9b6ffce4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/wlan-kmp-ppc64-1_2.6.16.21_… 3bd1bb0e1150dc95f94858e956f4dc22 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/zaptel-kmp-default-1.2.4_2.… 068e5337926200f980be3dcb67c2eb98 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-default-2.6.13-… 8351be43b5c3896df83c63ba65cfeb5a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-iseries64-2.6.1… 7747fa43d835b3320b3a3fa54f235013 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-ppc64-2.6.13-15… 18c443c60f7829c88bd821fb865046ac ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-source-2.6.13-1… 06cf812b56183eb5156e344db7fe310c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-syms-2.6.13-15.… 2f44c721c158dd9f56a497223b54431d x86-64 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apparmor-parser-2.0-21.5… 060873e93856d7954d33812f2cb26c13 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/audit-1.1.3-23.3.x86_64.… a3149bc43d13af6a808efce907f11b53 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/audit-devel-1.1.3-23.3.x… 48d28c73627c036e60fbcba5daa889ff ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/audit-libs-1.1.3-23.3.x8… dee93d43a783ebf6ca16202a1382118f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cloop-kmp-debug-2.01_2.6… dc2bb193b8f30b6d3444aa9371826d23 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cloop-kmp-default-2.01_2… df81804f31015ce6baf0eec3354a75b9 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cloop-kmp-smp-2.01_2.6.1… a9f20351762bccc74ebc1df2d5b5adf4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cloop-kmp-xen-2.01_2.6.1… 1013121fc139ace267bb33f3b10e114d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/drbd-0.7.18-3.3.x86_64.r… 44025e09c1571e735f82d4d60e71fc0b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/drbd-kmp-debug-0.7.18_2.… 3331bff87496d9e9afa1fb83919b1111 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/drbd-kmp-default-0.7.18_… 2b85c2e78d4ecb2e0e21f7908c7257f6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/drbd-kmp-smp-0.7.18_2.6.… bd3e07b7356c64b541be792c97868d19 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/drbd-kmp-xen-0.7.18_2.6.… 35ee253010ade83dc595c8a27f308335 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/hbedv-dazuko-kmp-debug-2… d845a7df15fdb571df85b31e6a667005 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/hbedv-dazuko-kmp-default… a3f8918d10b82a61042f3044a695e877 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/hbedv-dazuko-kmp-smp-2.1… 82f20f84b58d676999e5e909336c66b7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/hbedv-dazuko-kmp-xen-2.1… c5584a0cbbc8d0fef477afe195dcf277 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ivtv-kmp-debug-0.7.0_2.6… fe4d8f6e1297c41dd04b1dc6473d47c1 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ivtv-kmp-default-0.7.0_2… 1a03723657be633a35162e31940ae647 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ivtv-kmp-smp-0.7.0_2.6.1… 66875b4b65f2e48df27491a2d0d93de9 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ivtv-kmp-xen-0.7.0_2.6.1… 0e8f15d78033b73a96440736820e5cbb ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-debug-2.6.16.21-0… d237873002ea1a5501f3b61f76b6903c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-default-2.6.16.21… f44e5a424121b256b3c1287997ba4061 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-kdump-2.6.16.21-0… 170baeb8f839651598ddbcbf93aa4670 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-smp-2.6.16.21-0.1… d32a01850aebf660e1a740c2f9b9927a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-source-2.6.16.21-… 8002fc7b644f2c64c258400f29050e5d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-syms-2.6.16.21-0.… 9c7549f01707a434c0247f73eb9b0152 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-xen-2.6.16.21-0.1… 9ecef38e308f2e4ef644e832fee15a8b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kexec-tools-1.101-32.17.… 121b57cabdcb74e90f3992ad2a7843c8 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/lirc-kmp-default-0.8.0_2… 84ef08317d3bcf6552ec57a0487349e0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/lirc-kmp-smp-0.8.0_2.6.1… 64898d1f8f8e98ab43f2d52a10bd3a52 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/mkinitrd-1.2-106.15.x86_… 49bee58e184fe82330f0b9c1720a97f4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/multipath-tools-0.4.6-25… e01336dc8e630ffa76918c4e487dba9f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ndiswrapper-kmp-debug-1.… fe54b39f60d50c48f25d9e756212991e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ndiswrapper-kmp-default-… 2906ea2b8c781eda354a83bcd668ea10 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ndiswrapper-kmp-smp-1.10… 16ee21b17dcd1e5c3db212d9b9f281ba ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ndiswrapper-kmp-xen-1.10… 59f733077e5cf2d208802599111778b1 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/novfs-kmp-debug-1.2.0_2.… 6bce5050ab3d11597c129b2a86a22599 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/novfs-kmp-default-1.2.0_… b033fe6ec282491fc8227718a2ccddb3 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/novfs-kmp-smp-1.2.0_2.6.… e0a234ff6261e1b3d28afcfb1b09cb52 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/novfs-kmp-xen-1.2.0_2.6.… e262ada6e83e80b394f84deb18d367c7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/omnibook-kmp-debug-20060… 1ba9eece36909166f129f3a05c5b0a34 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/omnibook-kmp-default-200… 0c61295b0a053475f6a31619f761d67d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/omnibook-kmp-kdump-20060… 28c2c42e81b473b533800c26fb161db8 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/omnibook-kmp-smp-2006012… b490a216fad445f0499dabb64307de75 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/omnibook-kmp-xen-2006012… f72df7eddb5a3f417878e5680fab5cd1 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/open-iscsi-0.5.545-9.13.… c51104356caeb53cd189079bfc8f7bb4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/pcfclock-kmp-debug-0.44_… 5487af5844e98b6a3d51394671d19fd5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/pcfclock-kmp-default-0.4… 5547a66c2172a1e37cf83352a2971bf7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/pcfclock-kmp-smp-0.44_2.… fbd677b5ef2747de9f038efb55ff5162 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/quickcam-kmp-default-0.6… 01f40956b13ece3ffac89484d99784f1 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/udev-085-30.11.x86_64.rpm 149b04dbd960e9c853578c5357ce142d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/wlan-kmp-debug-1_2.6.16.… 3356f6a1d58c98344b354fc556a7ed32 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/wlan-kmp-default-1_2.6.1… 3fcf84553e3039c1ad1659681fa59c4f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/wlan-kmp-smp-1_2.6.16.21… c9c8d7587bd5922fb0d87d066f402d72 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/wlan-kmp-xen-1_2.6.16.21… dffd5eab1d7e201b8802b96bd5b39030 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xen-3.0.2_09749-0.7.x86_… 8f08be21026a337d1331288d0ed33192 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xen-devel-3.0.2_09749-0.… 9e9806f40e6ab9961543306d1ee236cf ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xen-doc-html-3.0.2_09749… 7ef2bf1b781916f5a778804380ad921b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xen-doc-pdf-3.0.2_09749-… 04e9674d20bbbf8785b5cfcc2131e7da ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xen-doc-ps-3.0.2_09749-0… a0b1277b24d9c2c0a46557bb6f4e4473 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xen-libs-3.0.2_09749-0.7… b5eb3c8eb334d8f09bce0ec67d9e9ca7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xen-libs-32bit-3.0.2_097… 9955c0c24e174ec83f46ce52e76ab98e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xen-tools-3.0.2_09749-0.… 523ccc5bee4cfdbb9b1b7080f9a05649 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xen-tools-ioemu-3.0.2_09… 08159c0dd7ea459396d5de547e75d7f0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/zaptel-kmp-debug-1.2.4_2… b2499ba0ba2367da270f690b75ee40c8 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/zaptel-kmp-default-1.2.4… 45d781cffb80f6d8bd5d58be522aa2f4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/zaptel-kmp-smp-1.2.4_2.6… 7ad169812c058a21be7b49fd86fd9237 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/zaptel-kmp-xen-1.2.4_2.6… f9c0361874d265be3e6e2e8ef66ae635 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-default-2.6.… b85489f0ad8cc9bbb5728c64e7c8fc2f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-default-nong… 4e132e7adbada352e112c64a3c9f2408 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-smp-2.6.13-1… 087fea22e9d90ef98337c30f55318db3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-smp-nongpl-2… e6f47d4bd1fda55cabf5a59b62c2e183 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-source-2.6.1… 0a6f8350214710e2f600ac204eb1a0a5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-syms-2.6.13-… 5fff86f3834368fa34c5e32855f44d0c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-xen-2.6.13-1… f87081d87e0f9c7d3ba627309107bddf ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-xen-nongpl-2… b8d9b58c238d533550ccce278dad30f0 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-default-2.6.1… 43f6fb67727c88b0f4aeda733120ac84 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-default-nongp… bf333ee5088cc7f5a4888530557fb719 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-smp-2.6.11.4-… be4142bb00d29a20b18159add573fc74 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-smp-nongpl-2.… 8c47ed2a4949b3e9aaa046830472b2ef ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-source-2.6.11… 1d373c25c0590d223f17e1d9feba1f6c ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-syms-2.6.11.4… f21817e9293fc603914958b0eed983ca SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-default-2.6.8… c4d600c67fa16520e30e4f306c2f174c ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-default-nongp… 1e5a69fdd455ba1c9317b5386b4f887d ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-smp-2.6.8-24.… 37a138694706fdd8229d51f75256ca74 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-smp-nongpl-2.… 9ede22ac6b4119995d4c8ea6329f2851 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-source-2.6.8-… 9c28c19a989ad975e26c3c4210ab93df ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-syms-2.6.8-24… ef6477f4e8d9386e8c14e5f33cab6e15 SUSE LINUX 9.1: ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-default-2.6… a1ec9ed29e7b844639fb264c0c051f79 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-smp-2.6.5-7… 9c18e347968bc60d4e32b67557c1830b ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-source-2.6.… 205bd72a791fd24589330c152f73d18b ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-syms-2.6.5-… 63ada2081021bc1307c6153ccd043b87 Sources: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/apparmor-admin_en-10-7.5.sr… 43095bf3f55a08d8064a021d6aaa1db7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/apparmor-docs-2.0-17.5.src.… abe9f0dc42be1ce5c7590f357d9d134b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/apparmor-parser-2.0-21.5.sr… 7fe00c347fec96fef49bf0463b209210 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/apparmor-profiles-2.0-34.9.… c6b49655962246afcc288c2df8eed31f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/apparmor-utils-2.0-23.5.src… 5257e473bc5e8a6f7c4dccd5e6a9ae55 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/audit-1.1.3-23.3.src.rpm cf3d5c02a37d737c0178c72ea84ee203 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/drbd-0.7.18-3.3.src.rpm f7c33143e57fb99cf0b392096d9f7d44 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-bigsmp-2.6.16.21-0.1… 9359a72d2f9016a61beb36f6b2f0fa28 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-debug-2.6.16.21-0.13… 4a26cacb10c6dbf2706fadc4b83535e4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-default-2.6.16.21-0.… 235efd96d5f7c6ccfc9a398cc8d27108 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-iseries64-2.6.16.21-… 40dc372c825056205aa0c1cc1de2473b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-kdump-2.6.16.21-0.13… ed77128c1b3433a22c12cb78491d9353 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-ppc64-2.6.16.21-0.13… d322ff866d8534ad3bc53e6dabc3443d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-smp-2.6.16.21-0.13.n… a4aeb424592289ef78edcdd6cd1449db ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-source-2.6.16.21-0.1… 9173110fbf71bfb007b9a560e3a9bad6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-syms-2.6.16.21-0.13.… 02cdf335631f2da95056cba8eda0f165 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-um-2.6.16.21-0.13.no… 1324aec2bfd8c3530e8f90088cc25c81 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-xen-2.6.16.21-0.13.n… 1250728306b9b3253ae82afedf0f1e4a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-xenpae-2.6.16.21-0.1… f193f3d82e8b0aa15d7ab13a081a7cf2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kexec-tools-1.101-32.17.src… 3374197c18ba7324995f433a939fbe54 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/mkinitrd-1.2-106.15.src.rpm ddf61f16d38e997d85fd04fdf64eaa02 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/multipath-tools-0.4.6-25.9.… 261e2516378e1e6596f9ad767a0594bc ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/open-iscsi-0.5.545-9.13.src… 852e15549b54733414a667631052840b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/udev-085-30.11.src.rpm 330f5f4e04d9448b023301d3ff332305 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/xen-3.0.2_09749-0.7.src.rpm 9adfc5f7c109b6c7f206d2765b99f1ec ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/yast2-apparmor-2.0-27.5.src… 279b8397e1cd4fd829b12f09018f46cc SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/Intel-536ep-4.69-14.6.… 4b3fb42d44b1cf10ab6d4ede6bb67fa0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-bigsmp-2.6.13-1… e05d21d1ad9f1c3ea3268dde157fe13b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-default-2.6.13-… f10fad044c2193fa6261096b223db611 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-iseries64-2.6.1… 3190b4017784a56bb412971d6ed06a1f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-ppc64-2.6.13-15… bcfbd7b1edbc5a97d9fda3f540d0be9d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-smp-2.6.13-15.1… b590965d0190dfe933b8e3572a190706 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-source-2.6.13-1… 00a4a6bcab31204089ec8464b070ecf9 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-source-2.6.13-1… 790f0f0352d0f3cceb730a4e06f1951f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-syms-2.6.13-15.… 0c017619952331561adfbed8399d7aff ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-um-2.6.13-15.11… c2ed71e73606a5330f55870b8f1d7d38 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-xen-2.6.13-15.1… 9fcc6eb7846ddd324f4c88a9f1a99eea SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/Intel-536ep-4.69-10.7.s… e84f71edcbbad93da19fca50936e457f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-bigsmp-2.6.11.4-… c2d704c30248e369c1256c9cbda9c792 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-default-2.6.11.4… a83446d1d83069403cf167da49f7e4ac ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-docs-2.6.11.4-21… 515752e1ce2951bf3338664c6db1e93f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-smp-2.6.11.4-21.… 2227766974f9d279173ff67adac2846a ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-source-2.6.11.4-… a7eb9d1dde2fbf036057c3eea7da228f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-syms-2.6.11.4-21… bd62cf4acca249292569a439d1b95a08 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-um-2.6.11.4-21.1… 7f5d2e691cf0e2373b85895e7518a1ff ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-xen-2.6.11.4-21.… f637f470f98d0c2ed239dae6d57461b8 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/ltmodem-8.31a10-7.7.src… a070d16b8d8f48d7df10f4a2a7553746 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/um-host-install-initrd-… a4df9d5558c21e322565bb837443b249 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/Intel-536ep-4.69-5.16.s… df33c271d1a488f4b546947c9100e856 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-bigsmp-2.6.8-24.… 4baaed24bac712a743c68e6da5328bbd ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-default-2.6.8-24… a12e6479c058a95c5c057359df1f87ac ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-docs-2.6.8-24.24… d49b746c707e82b7552e09ca752b012c ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-smp-2.6.8-24.24.… 2e4370a418fb2cd663e19f1b5722e8d2 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-source-2.6.8-24.… ddb880da28744d6906698a6d71772b9a ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-syms-2.6.8-24.24… be826c69b6a717786bc4a42d4558d666 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-um-2.6.8-24.24.n… 73f298756b8c260db19f66045702de42 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/ltmodem-8.31a8-6.16.src… 929a46b7e2e7045c182909134c90f764 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/um-host-install-initrd-… 933712007872a733e4f8f2f7a2d6040f SUSE LINUX 9.1: ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-bigsmp-2.6.5-7.2… 86501653c20812d977ea23f47af5c9d3 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-default-2.6.5-7.… 6fc2656d5c81821db987ccfa26ad51ea ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-docs-2.6.5-7.276… 8541534925706aa2063d874f14a365a6 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-smp-2.6.5-7.276.… c9a6e3ee6a98005ecd4710a8b0bc8c4e ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-source-2.6.5-7.2… 523fd5b4a12c8c666818ea94e9e699e3 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-syms-2.6.5-7.276… 660abce3f8e14427bbaf17e3fa01d115 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/ltmodem-2.6.2-38.24.src… d259fef3b0115765990fb4e58cee0e40 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-default-2.6.5-… 77411e0e5b44ae7ca78bc0e9ed77e646 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-docs-2.6.5-7.2… da439bf54800360273231d0a62e00f72 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-smp-2.6.5-7.27… 862a7fafdee7df50a02aceac09f86017 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-source-2.6.5-7… 61a48f3900f2c1d2fd389dff0566225d ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-syms-2.6.5-7.2… cd0906f0fc78df823b65df1b6de63944 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBRMd4lXey5gA9JdPZAQI79gf/R9BbReJKlkRL8YMn8TOrWJXc4sJ1M2xA SGQV4vq7cuhYPoyiW9TANnRn/w57iBIrwZWUtg4atSENOhjaZrjm8nwiHoSp1xZn u+iM57hbt38CiPt06CzLf0DrC9vKh7znHhTOXh0/8QeQA+gGF0g1z+LHcmxECkom JFcZ82lz7jKknTycH8ySo09o25eGUrfhzmpzPb8JLglUUpZ4tXaWN+OJG0c7RiWl fN8xyq9zyVjxK4uLHwWtIjAUvT3mriJdJU7Snr+11H/mkJEq3Of8LobMFKVVKPTQ 7YweB4E0KwsMBIJpweeT6x+nXEupxtAlKkhBlZpX/9vgmdUjdjZa0w== =qXhX -----END PGP SIGNATURE-----

1 0

SUSE Security Summary Report SUSE-SR:2006:017
by Marcus Meissner 21 Jul '06

21 Jul '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2006:017 Date: Fri, 21 Jul 2006 17:00:00 +0000 Cross-References: CVE-2006-2223 CVE-2006-2224 CVE-2006-3403 CVE-2006-2842 CVE-2006-2451 CVE-2006-3626 Content of this advisory: 1) Solved Security Vulnerabilities: - quagga/zebra RIPv2 auth evasion - samba remote denial of service - squirrelmail local file inclusion - CASA various fixes 2) Pending Vulnerabilities, Solutions, and Work-Arounds: - Local root exploits in Linux kernel 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for the following incidents are already available on our FTP server and via the YaST Online Update. - quagga/zebra RIPv2 auth evasion In the routing suites zebra and quagga it was possible to bypass RIPv2 authentication requirements by using RIPv1. Since RIPv1 doesn't support authentication at all this update introduces an option to switch off RIPv1 (CVE-2006-2223, CVE-2006-2224). This affects all SUSE Linux based products. - samba remote denial of service The Samba smbd daemon could be made to allocate huge amounts of memory by sending malformed packets from remote and so effecting a remote denial of service attack due to memory exhaustion. This issue is tracked by the Mitre CVE ID CVE-2006-3403 and affects all SUSE Linux based products. - squirrelmail local file inclusion The squirrelmail webmail front end could be made to include local files into its PHP code, potentially causing code execution. This issue is tracked by the Mitre CVE ID CVE-2006-2842 and affects all SUSE Linux products. - CASA various fixes Various bugs and problems were fixed in the CASA authentication framework, some of them security relevant: - Secrets with special characters inside were handled incorrectly. - Enhanced Salt generation. We updated the CASA packages on 10.1 to SLE 10 level. ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds - Local root exploits in Linux kernel The Mitre CVE ID CVE-2006-2451 references a local root exploit using the prctl() system call. This affects SUSE Linux Enterprise Server 9 and 10, SUSE Linux 10.0 and SUSE Linux 10.1 The Mitre CVE ID CVE-2006-3626 references a local root exploit using /proc/ files. This affects all 2.6 Kernel using products, SUSE Linux 9.2 up to 10.1, SUSE Linux Enterprise Server 9 and 10. The SUSE Linux 10.1, 10.0 and 9.3 kernel updates for this issue were released this week, but included in the later summary. We are QA testing updates for this problem, but they will take at least a week due to QA turnaround times. ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and included at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ) send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBRMDrHHey5gA9JdPZAQI5vAgAk1TyCOBb1uRM/y65b99btVItgLaz0Mmx zBeFNX3TgcyJ27i8pjT5+hOmbQ1eTpKg7u4KvKnIwr7J41deA5d6O/xRT5ujcwLT hzVcraEqyC6quySCrDHLoIrbd3u7Ddpd39M4VuHzOwOSlO7Vrs9mTKtRdCvTEp5D gcJ6kJNKWFU1+sgb2HcbysU+0dXe6OdXC0JFZ4d4o6Zt/LaLRrZ0qCJTu0023RJH FXzkAFX9Ck03nYh8R69M4t+6gxw9T7LRUpZgy+YhiZ+uz7PAG7YZsvBYhv9DHEet dD3Z2oQad7SJXcKlMsvYiiMrD6LgQ1y/ZzaqMc9FRWBpand8LS+unQ== =yjMo -----END PGP SIGNATURE-----

1 0

SUSE Linux 9.1 is done
by Marcus Meissner 21 Jul '06

21 Jul '06

Hi folks, We released the last update for SUSE Linux 9.1 today (quagga). This means no further updates to SUSE Linux 9.1 will be published and it can be considered finished aka end-of-lifed aka "done". The update mirror areas will be moved away/removed at some point in the next weeks. Here is a small summary over the YOU patches we released for SUSE Linux 9.1: Total Patches: 639 (300 active, 339 obsolete) Security Patches: 492 (213 active, 279 obsolete) Recommended Patches: 119 (68 active, 51 obsolete) Optional Patches: 28 (19 active, 9 obsolete) This makes 0.9 updates per real day and 1.3 updates per work day. This also makes 0.67 security updates per real day and 1.0 security updates per work day. We have released updates for certain packages multiple times: 20 kernel (nearly 1 per month) 17 php4 13 clamav 11 opera 11 MozillaFirefox 11 kdelibs3 10 squid 10 ethereal 9 phpMyAdmin 9 apache2 7 xine-lib 6 xpdf 6 squirrelmail 6 samba 6 mozilla 6 mailman 6 gaim 5 postgresql 5 libtiff 5 heimdal 5 gpg 5 cyrus-imapd 4 XFree86-libs 4 tetex 4 subversion 4 snort 4 ruby 4 rsync 4 pdftohtml 4 mysql 4 mpg123 4 mkinitrd 4 liby2util 4 kdegraphics3-pdf 4 java2 4 ImageMagick 4 hotplug 4 gpdf 4 gd 4 cups 4 acroread (others are 3 times or less) Ciao, Marcus

1 0

SUSE Security Summary Report SUSE-SR:2006:016
by Marcus Meissner 14 Jul '06

14 Jul '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2006:016 Date: Fri, 14 Jul 2006 17:00:00 +0000 Cross-References: CVE-2004-1488, CVE-2005-4190, CVE-2006-2195 CVE-2006-2451, CVE-2006-3093, CVE-2006-3242 CVE-2006-3334 Content of this advisory: 1) Solved Security Vulnerabilities: - Acroread 7.0.8 problems - not affected - libpng buffer overflow - not affected - wget file overwrite and terminal characters - mutt remove overflow by IMAP servers - horde cross site scripting problems fixed 2) Pending Vulnerabilities, Solutions, and Work-Arounds: - Local root exploit in Linux kernel 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for the following incidents are already available on our FTP server and via the YaST Online Update. - Acroread 7.0.8 problems - not affected In SUSE-SA:2006:041 we reported that Acrobat Reader on Linux is affected by the problem referenced by CVE-2006-3093. Further information showed that this is not the case. This means that Acrobat Reader 7.0.5 is not vulnerable to this problem. - libpng buffer overflow - not affected The PNG developers released a new version of libpng, which fixes a buffer overflow. This issue is tracked by the Mitre CVE ID CVE-2006-3334. Our investigations show: - With the current interaction between libpng and zlib it is not possible to get the error return code that triggers the buffer overflow. - The overflow would overwrite 2 bytes of stack padding (assuming a default padding of 4 bytes). - And last but not least it would be caught by _FORTIFY_SOURCE on SUSE Linux 10.0 and newer products. So no SUSE product is affected by this problem. - wget file overwrite and terminal characters A security issue was fixed in wget, where evil servers could send terminal escape codes to the user calling wget. This would only affect interactive sessions. (CVE-2004-1488) Additionally the previous ".file" fix was found to be buggy and replaced. This bug could lead to ".directories" not being retrievable and "_files" being overwritten. All SUSE Linux based products were affected by those problems. - mutt remove overflow by IMAP servers Mutt had a buffer overflow in IMAP name space parsing code which may open a possible remote vulnerability (CVE-2006-3242). This requires attaching to an "evil" IMAP server. All SUSE Linux based products containing mutt were affected. - horde cross site scripting problems fixed Some cross site scripting problems where fixed in the horde framework. These are tracked by the Mitre CVE IDs CVE-2005-4190,CVE-2006-2195. All SUSE Linux based products containing horde were affected. ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds - Local root exploit in Linux kernel The Mitre CVE ID CVE-2006-2451 is referencing a local root exploit using the prctl() system call. SUSE Linux Enterprise Server 9, Novell Linux Desktop 9, Open Enterprise Server, SUSE Linux 10.0, SUSE Linux 10.1 and SUSE Linux Enterprise (Server and Desktop) 10 are affected by this problem. We are preparing updates for this problem, but they will take at least a week due to QA turnaround times. Temporary Kernel updates can be gotten from our Kernel Of The Day repository (unsupported): SLES9, NLD9 and OES: ftp://ftp.suse.com/pub/projects/kernel/kotd/sles9-<arch>/SLES9_SP3_BRANCH/ SUSE Linux 10.0: ftp://ftp.suse.com/pub/projects/kernel/kotd/10.0-<arch>/SL100_BRANCH/ SUSE Linux 10.1, SLE10: No fixed kernel of the day available currently. ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and included at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ) send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBRLes1Xey5gA9JdPZAQI0Xwf/YCMtw5VYG8QixcmSR4ZtJHXRSHMYwFeq 76dNxtraBNYpnCZi+nfgJOQCDAsVZzXKbtDW/U5SAifkyDYnvOD6Vkaeo5OV2OP4 QN2t9+MqvGcAuoIXoPpPduS1a9br1lxm7TfFW2PZi9l4nH3P8P/FOa0yEPcPDC+6 i4SleWQHdAPHUoXuoF6bYZ4GTLC+TyrszeThnNMFyUUJ88hQanSBslpTewmPgcEx aT3aAQj1pfuRSmsXuYorTV1tsIIkZLtZkAfkbk64H8zPX3paJPykx8I55198DFXW lA/KklkYHQCBh12lzwT/J1FM30JIvOLsULhO2I3XsfKEte7tsnDCog== =DTGr -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: acroread remote code execution (SUSE-SA:2006:041)
by Marcus Meissner 04 Jul '06

04 Jul '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: acroread Announcement ID: SUSE-SA:2006:041 Date: Tue, 04 Jul 2006 14:00:00 +0000 Affected Products: SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 SUSE LINUX 9.2 SUSE SLES 9 Vulnerability Type: unknown Severity (1-10): 8 SUSE Default Package: yes Cross-References: CVE-2006-3093 Content of This Advisory: 1) Security Vulnerability Resolved: Acroread security upgrade to 7.0.8 Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Various unspecified security problems have been fixed in Acrobat Reader version 7.0.8. Adobe does not provide detailed information about the nature of the security problems. Therefore, it is necessary to assume that remote code execution is possible. Adobe does not provide update packages for Acroread that are compatible with some of our releases from the past. Therefore, updates are missing (and might not be provided) for the products listed as follows. As a solution to Adobe acroread security problems on older products we suggest removal of the package from exposed systems and to use the longer maintained open source PDF viewers. - SUSE Linux Enterprise Server 9, Open Enterprise Server, Novell Linux POS 9 Acrobat Reader 7.0.8 has a new requirement on GTK+ 2.4 libraries (previously GTK+ 2.2). Since the above products contain only GTK+ 2.2, the Acrobat Reader 7.0.8 provided by Adobe is currently not functional. We have postponed the updates and wait for Adobe to clarify this problem. - SUSE Linux Enterprise Server 8, SUSE Linux Enterprise Desktop 1 These versions only support Acrobat Reader 5 and could not be upgraded for Acrobat Reader 7 due to glibc and GTK+ requirements. We discontinued security support for Acrobat Reader on those products some time ago already. This issue is tracked by the Mitre CVE ID CVE-2006-3093. 2) Solution or Work-Around Please install the update packages. You can also use the open source PDF viewer replacements, as for instance xpdf, kpdf, evince, gpdf or similar programs. 3) Special Instructions and Notes Please close and restart all running instances of acroread after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/acroread-7.0.8-0.4.i586.rpm 0a439b3541fec2329b55f3b9b3bc4858 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/acroread-7.0.8-1.1.i5… 76d13f4fd89e25549a363ae443cbab04 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/acroread-7.0.8-1.1.i58… 953a36fb273d1245a122ea9a0774fcc2 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/acroread-7.0.8-1.1.i58… 4691f003b517f23bad4b923f24f45133 Sources: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/acroread-7.0.8-0.4.nosrc.rpm cdf32850c4a770fe4458df7e78fd0dbe SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/acroread-7.0.8-1.1.nos… 76eb5e155e370109b0d55226e8b94895 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/acroread-7.0.8-1.1.src.… e55b674570116b348ba7091f2b8b906e SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/acroread-7.0.8-1.1.src.… 97fdaba08621d339fdfde9b94db62a70 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE SLES 9 http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/4bcb737ce757116… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBRKpxEHey5gA9JdPZAQJTzgf+IGvAswMRbi25ToZgdF9GmfsWckV/MR2Z GNbKHarDKWJtpNrrhL/YQ9F/EDcZxKyYErZ3J7H3WMRIrutri7e064k019Ln2J6q F1PQNE2Yv9OROF/5cSuZg1hA5ZEm37QslnSL6YQxV1hfj6zaacpqgXI+WLMg+1mz le49xi3X9VygDt0pGgi7gLGHwEAAMNgZwSKxS1oO/piz3BcsWZcPK5/MCGEnBclz /VNanZQhkZM/sbUQxikgQSVg2zfw8vDrjfANJ/hDRYRe4B4is93I9ZF7n7JoDyPD 97Ri1agGBDeiYy2TzEq8Ta0MNeKEIGMnPtJLxGoXhlS6Wmh+uuORig== =5yN7 -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: OpenOffice_org remote code execution (SUSE-SA:2006:040)
by Marcus Meissner 03 Jul '06

03 Jul '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: OpenOffice_org Announcement ID: SUSE-SA:2006:040 Date: Mon, 03 Jul 2006 16:00:00 +0000 Affected Products: Novell Linux Desktop 9 SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 SUSE LINUX 9.2 SUSE LINUX 9.1 SuSE Linux Desktop 1.0 Vulnerability Type: remote code execution Severity (1-10): 8 SUSE Default Package: yes Cross-References: CVE-2006-2198, CVE-2006-2199, CVE-2006-3117 Content of This Advisory: 1) Security Vulnerability Resolved: OpenOffice_org security problems Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Following security problems were found and fixed in OpenOffice_org: - CVE-2006-2198: A security vulnerability in OpenOffice.org may make it possible to inject basic code into documents which is executed upon loading of the document. The user will not be asked or notified and the macro will have full access to system resources with current user's privileges. As a result, the macro may delete/replace system files, read/send private data and/or cause additional security issues. Note that this attack works even with Macro execution disabled. This attack allows remote attackers to modify files / execute code as the user opening the document. - CVE-2006-2199: A security vulnerability related to OpenOffice.org documents may allow certain Java applets to break through the "sandbox" and therefore have full access to system resources with current user privileges. The offending Applets may be constructed to destroy/replace system files, read or send private data, and/or cause additional security issues. Since Java applet support is only there for historical reasons, as StarOffice was providing browser support, the support has now been disabled by default. - CVE-2006-3117: A buffer overflow in the XML UTF8 converter allows for a value to be written to an arbitrary location in memory. This may lead to command execution in the context of the current user. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please close and restart all running instances of OpenOffice_org after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-2.0.2-27.12… 649b45c223e2eef491f3e89b457be3f2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-af-2.0.2-27… 09afa80d882ab9c1388139874e7107e9 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ar-2.0.2-27… 70d9cf35ca87e78f8a30821ba271ac30 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-be-BY-2.0.2… d044a2f22c518322ea35388adb7d8bd0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-bg-2.0.2-27… 37cac5cbe14215491e65f78fd7d1f013 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ca-2.0.2-27… f458c2b61425e171b556a40e918d07db ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-cs-2.0.2-27… 0af5024dafc41d80456eb14950cbcdb5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-cy-2.0.2-27… ef66e97820d34e6f61c0f0dc61e0f690 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-da-2.0.2-27… d8055edb875cd9fe2e5f441873c7b1f1 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-de-2.0.2-27… 1888f3c8225796823fb77a2ee40b7a3a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-el-2.0.2-27… 08114d9d40b506c69e8d801e4a7ed32c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-en-GB-2.0.2… 5fab3729eecc0464eb10b28469057989 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-es-2.0.2-27… e4005f3cea8aabdd53be930297cd4f6d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-et-2.0.2-27… d1e42f731b53e91831d408cd405368ac ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-fi-2.0.2-27… c79f60fe55e03dd7cd6600f202187479 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-fr-2.0.2-27… 9c7972e70611f20134f9fe5475789717 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-galleries-2… 13ee2cd4fd0e32622bae32eaa1bf1256 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-gnome-2.0.2… b979f10a559b5cb0e76c6933840af921 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-gu-IN-2.0.2… 2d0e850814a6283c5d179a33b1da7b2d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-hi-IN-2.0.2… bce3d5bd63fc5e11789162c8fb223cee ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-hr-2.0.2-27… e0afe5d68098a3bd247db2451315bb28 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-hu-2.0.2-27… 3a68ebbe6dc351903f6242618ad645fb ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-it-2.0.2-27… 570b6f273047682706dd3d4fe64f4bc7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ja-2.0.2-27… 70c75a7e0e15f701e35228c8d7ec8c55 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-kde-2.0.2-2… c6a70315e98476882cf77a393efd6974 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-km-2.0.2-27… 3f5c0a8af36797b3a554d3a24b2c00ef ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ko-2.0.2-27… 160ea2698657b98e7e621d942919b65e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-lt-2.0.2-27… d810b4aee9fe30edd0263cdae3196060 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-mk-2.0.2-27… e511be49fe7e2c967e3da2905a3f7fbe ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-mono-2.0.2-… 82a12d481f04d019c0cec2209c2a2971 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-nb-2.0.2-27… 61d2b26bfa1f51afaf80ec617bf3e663 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-nl-2.0.2-27… fa19baea78646e2b4991431d3ddfec27 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-nn-2.0.2-27… 66828e59320aa46d7e54a0f1235872c1 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-officebean-… d23fa6f7f3913c13ba5b8bd1c04f0df8 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-pa-IN-2.0.2… e57a48a0cc278bd99793defe4201eefe ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-pl-2.0.2-27… eb6ef2bc250858f9b20db76c5cd706da ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-pt-2.0.2-27… 4e6209b8d5247782d9d84ad1f30d34fa ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-pt-BR-2.0.2… 0f191b0c65719f13b8f8f044f8f39e69 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ru-2.0.2-27… 10bc6833827d7ec7c07c4a8116a3d12e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-rw-2.0.2-27… dfd0aca0d185b942c613e93acd48d8ce ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-sk-2.0.2-27… c5cc18748bb6b9b6bca0435f07c7a253 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-sl-2.0.2-27… cf1a3177bdedeff1ae1e491ac11530c1 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-sr-CS-2.0.2… 519ea269f02a82bfd1f8d958fa370738 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-st-2.0.2-27… 4003034be001b7775dca81ddb9a97a83 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-sv-2.0.2-27… 021db8f722c96457843f03d62b10a649 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-tr-2.0.2-27… 67a45bee7269d2ef389e583b7e3508e4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ts-2.0.2-27… 4d61096578a3755addedd9bbeffadaaa ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-vi-2.0.2-27… fdb321de8e74127118b49a8d7ce41434 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-xh-2.0.2-27… 7cd9351904a78c9171694cd0b9e02f32 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-zh-CN-2.0.2… deb40352002369f87ef792393b49ce86 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-zh-TW-2.0.2… b797651549b5bb641e041980ff0a8141 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-zu-2.0.2-27… b7d6c8f0289d43ea2f8faec91350aadc SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-2.0.0-… da78f2aa9188797b1cd3e299b49209b5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-af-2.0… caa54cab09c89e637f3f1c1df7a67dce ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ar-2.0… 48487a3fb8fa411db5d370f6aa6eafb7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-be-BY-… b4fdab8ecd23508fd55d277b2bb5f11a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-bg-2.0… ff685813e964117486bc5c711db3e561 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ca-2.0… deebd2abe143a43f48fda9a3446e41a5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-cs-2.0… a49e6ccee5faf1add6910ad40e291b17 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-cy-2.0… ec4c7b05bf68fe257a914cf2711ef5c8 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-da-2.0… 1e942a4ba31edd58f1545f0df035c6f3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-de-2.0… 19a16d84bb786add605f3ad611598d7c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-el-2.0… 711ce212e0d745a208844dbb42742ab5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-en-GB-… 5609ba537669f78b844434631c40c3c7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-es-2.0… 10f730be1719398ebbc333a42e7bb8f7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-et-2.0… ae5ccd77c6250a093710011aaebd58b2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-fi-2.0… 825f37194b7791ba2b26d724050d430b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-fr-2.0… e87717e887825ef26215f5e00234914e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-galler… a08767175cbc2cb92fd43bdc85847d32 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-gnome-… 23bc8ec9d9be1f6713f27c79ceacbb49 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-gu-IN-… 17af1071ce462563c17edadc195c070f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-hr-2.0… bef07a2731af1b2c8ebc54bc274b9cb7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-hu-2.0… 70498b4072c1d36e97907947744a65cd ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-hunspe… abafcf2c00d0a339632a1e8f45380a7d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-it-2.0… 65bdb71368174c3f2f14942be4d66544 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ja-2.0… f9af53897841b85754a2c228beee72e1 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-kde-2.… f8ceceef6b26f932435537e8f5062eb7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ko-2.0… 95f52980240c4904ae35dc3d34e59363 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-mono-2… 971ac59d5c5e7fb123d710dadbace416 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-nb-2.0… ff3ad25a65a8c463ebb1797b2ba9175b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-nl-2.0… b550d2826df4ef2b806e9e719055a05e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-nn-2.0… db460e9c304252e2b7c986c958476d9e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-office… 89c4e4cee07eb4b200f82151176f9c7a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-pa-IN-… 21e44d9925f756ff1898af3a864a93d6 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-pl-2.0… 84330671533bd4c5808487280dee2f5b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-pt-2.0… e3ec47019c925d90393c91a5ddf25124 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-pt-BR-… 5fe40d8ac239fe2fda04b7b536bc49c1 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ru-2.0… d6434c0982660b35cc6817f40b5c1c94 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-sk-2.0… 10c350525d66fd482edd5714622a7b69 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-sl-2.0… f9a347406c614908c53f7cff130a1d30 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-sv-2.0… b9873b16314f7d2af4ba13f7920a9a4d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-tr-2.0… 3248cb2fdde4037305da28bb83b41250 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-vi-2.0… 1fbc7f91551db60b1ee0698b3558ec11 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-xh-2.0… a3e9ce2da19dc3a8e60408099191c477 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-zh-CN-… 983421f7b45c6ccc3abcdd17d951e768 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-zh-TW-… 6f4a51458731a1d160e30d40d0bb5e5c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-zu-2.0… 4b2421c9d8408c70017b097459e9a25c SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-2.0.0-1… 26b4d9dbc015942ccb19d701acb328df ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ar-2.0.… 338dbc688a48f9db20087d544340a14f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ca-2.0.… b6cde4d6483eb17f7a925cbf153f8b83 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-cs-2.0.… 270729a1ddb07753e2eba7327763f136 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-da-2.0.… 50e03a4624b3401afa756881616676da ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-de-2.0.… 09aba02d13551ecd5ec002f3794b9d68 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-el-2.0.… 49dcfc49c4b53bd825fdea5491bcaf95 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-es-2.0.… c950792706b2a595166ed94cad4c13ce ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-et-2.0.… 2b9e239e2bfed188f38ace3f2e263a2a ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-fi-2.0.… e436591bb58f036d6dbc9c563b36bc60 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-fr-2.0.… cafed2dbe15aeb4ee30ea34748f2b3aa ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-gnome-2… 7da16da80c36abf50270ae764bdf60f8 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-hu-2.0.… 1446b0f9bedb86b9fb62ad769ca52379 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-it-2.0.… 44fac316ec36214a9f5f82c11eebe910 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ja-2.0.… b4692f2c954216c3e149a7464cde5574 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-kde-2.0… c929442e498729484723c476a8956eea ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ko-2.0.… 9261e230d4ee41317585f55f74e6b4bd ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-nl-2.0.… 1fdcc5d6d3c6dfb30d0060c53adfc0ca ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-pl-2.0.… de4fe2b074eace927af5814cb8d5e4ac ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-pt-2.0.… 303cc03f4ca6f1d4fc316abe5e9e087a ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ru-2.0.… 8923c18240d104c19849f9a3b5b719ca ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-sk-2.0.… ede0ae1a4cf6a960d8529bb3b82b18ed ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-sl-2.0.… b5ae3309f069c95bad88b1a39e47c33e ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-sv-2.0.… 442a18ee93e2bcdff52f7e92122747c3 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-tr-2.0.… cebf0930ab9475628c176dc833c87055 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-zh-CN-2… 46d852b7681131e640dec1d11d9b5d67 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-zh-TW-2… 9a388bab6e2af9d100e2964dd87b5e34 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-1.1.3-1… 3404ebdb749babddc0065120e351da8f ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ar-1.1.… 5a2ab250098d10f224a08e9f85eb5038 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ca-1.1.… 824b17f0444ff9bbe255999a26c4d079 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-cs-1.1.… 4f8bb4aa2df22a21ec8971e14189e19e ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-da-1.1.… 02d3606b13e6757ad889d8baadaab914 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-de-1.1.… d316856e7d15e533f6c9d058534e1406 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-el-1.1.… f2b4121b81fa40240f1930363bac4a54 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-en-1.1.… bcbe1e06359210be24e1614242b65f3c ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-es-1.1.… 0f4d6a6283e92889e17540b3a819dea5 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-et-1.1.… a5554ef59fa8498def24ddb860fdd672 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-fi-1.1.… 30535e484bd1e0de6ce7822fd58c7c47 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-fr-1.1.… 21fd9ea2f970870b5fdbd5ac282b01d7 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-gnome-1… 04cbf860584bbfe640075912810d85b6 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-hu-1.1.… b7d2bd841d972a08f82c3a25b04cc985 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-it-1.1.… 9df2f98463db7e68095bf70194739f62 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ja-1.1.… 13f7e1fbba69c93d6f8618322c0653f7 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-kde-1.1… d795619af7d8b78d3c378ce8f06c4a6e ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ko-1.1.… 9ae90d991758549494e457b418bd582b ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-nl-1.1.… c4df7b850627a94d1d7c497716da4a69 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-pl-1.1.… cb20f834ad2004159efe572007c8252c ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-pt-1.1.… 84182e2dec58664fb4356f797e8bdec6 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ru-1.1.… 265f6aa28cfd6499eab7e7e5860a6b44 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-sk-1.1.… 97560149c00f283860b372c67e3700ca ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-sl-1.1.… 6f2864c9361f66457d8882d83b14b5b8 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-sv-1.1.… 0591dfed4d88e1d400230eaa0392f479 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-tr-1.1.… 666edec0b1a397ad2413ad72ebc6b4c1 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-zh-CN-1… 689edd2066ecf91916a1d4c7ba23aa99 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-zh-TW-1… 06c44a641a1b617d7c6b501688972655 SUSE LINUX 9.1: ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-1.1.1-2… 53e8171e949bc12da39a29388a118d44 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-ar-1.1.… 11814b3f46dc0be180421f5e1a79d12a ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-cs-1.1.… a8c9285df1bbdc320b4c5b5aee056559 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-da-1.1.… ddd367fa5f6cbb427e9d148115b49c34 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-de-1.1.… 7eaca9d4205c29926684f20d3eababb3 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-el-1.1.… bdecfc05bde7573b0eb153fb05396f33 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-en-1.1.… 693d371adf34246154c1c4f181cbd32a ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-es-1.1.… f52dd53e16f0a21e9136d99867a4db82 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-et-1.1.… bedf5c2c7496cbcfc2ccd2ca7f6db9ca ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-fr-1.1.… b49ccc9ba19ea53fe35c8d4e8f1f276f ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-hu-1.1.… 67c337e0dbba37f5d81a60f47dfd1eb9 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-it-1.1.… 3a45967f359fae8fc4f3c701ad2231fc ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-ja-1.1.… 4a91baac0693a23bc477136c2131fe1b ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-ko-1.1.… 3880ef7ef1f60165d43a10cd6a746426 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-nl-1.1.… a5d9a200ae1c078217c62ee7a8a78b6e ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-pl-1.1.… 508f34526e700e9ddf0234d5cd587aa4 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-pt-1.1.… bc160723b53a3c651737aebb251833bc ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-ru-1.1.… 5630cdd456d7325a74071c0eefff2018 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-sk-1.1.… 596010219ffb37e3df8d0f2a4c25d5af ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-sl-1.1.… b5610c4117a7914cc52d718be3d43878 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-sv-1.1.… adcfa58f60e1b0c75db2ac7e7da4bd0b ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-tr-1.1.… f7e2ee28b2d37369edd474d44e44e4bc ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-zh-CN-1… 1ad1791f5b01cf29c3506c03b62ffaa8 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-zh-TW-1… 97b11b36c15d44d8f7f751a13692bf68 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-1.1.1… 53e8171e949bc12da39a29388a118d44 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-ar-1.… 11814b3f46dc0be180421f5e1a79d12a ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-cs-1.… a8c9285df1bbdc320b4c5b5aee056559 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-da-1.… ddd367fa5f6cbb427e9d148115b49c34 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-de-1.… 7eaca9d4205c29926684f20d3eababb3 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-el-1.… bdecfc05bde7573b0eb153fb05396f33 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-en-1.… 693d371adf34246154c1c4f181cbd32a ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-es-1.… f52dd53e16f0a21e9136d99867a4db82 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-et-1.… bedf5c2c7496cbcfc2ccd2ca7f6db9ca ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-fr-1.… b49ccc9ba19ea53fe35c8d4e8f1f276f ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-hu-1.… 67c337e0dbba37f5d81a60f47dfd1eb9 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-it-1.… 3a45967f359fae8fc4f3c701ad2231fc ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-ja-1.… 4a91baac0693a23bc477136c2131fe1b ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-ko-1.… 3880ef7ef1f60165d43a10cd6a746426 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-nl-1.… a5d9a200ae1c078217c62ee7a8a78b6e ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-pl-1.… 508f34526e700e9ddf0234d5cd587aa4 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-pt-1.… bc160723b53a3c651737aebb251833bc ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-ru-1.… 5630cdd456d7325a74071c0eefff2018 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-sk-1.… 596010219ffb37e3df8d0f2a4c25d5af ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-sl-1.… b5610c4117a7914cc52d718be3d43878 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-sv-1.… adcfa58f60e1b0c75db2ac7e7da4bd0b ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-tr-1.… f7e2ee28b2d37369edd474d44e44e4bc ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-zh-CN… 1ad1791f5b01cf29c3506c03b62ffaa8 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-zh-TW… 97b11b36c15d44d8f7f751a13692bf68 Power PC Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-2.0.2-27.12.… e21cad16a35adad9fd8e3d0e7e9ab498 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-af-2.0.2-27.… 876b500b3f18de7c0d58ce88e2df20ce ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ar-2.0.2-27.… 23cbab6c8716578bff90a9e02e743025 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-be-BY-2.0.2-… 5a903ee3eb25bcb32777f6aec9bd175e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-bg-2.0.2-27.… b292d0d57426a337922c24905eb5d750 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ca-2.0.2-27.… f00188672e300175eb73f97aefa764d3 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-cs-2.0.2-27.… 91120c3c2e6b9c76f9cff151d78b8cd6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-cy-2.0.2-27.… 4258ff54ce0dcb002fd22a315e9e9f75 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-da-2.0.2-27.… a012edaed3561ac90cb35bcfbc8bfd3d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-de-2.0.2-27.… 5a0e25512a8913b63aa13d8216fa5925 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-el-2.0.2-27.… 20134831a9f76cd62cb28a5e6522bc8b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-en-GB-2.0.2-… 56cf83797527301f0856027ce5ae8b8e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-es-2.0.2-27.… fab867572119eeb6e7a1fb9d201ca858 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-et-2.0.2-27.… 581316fc893fbc3c15937e070fea5458 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-fi-2.0.2-27.… 3c49f9e412fda548b694d8ceadefbf2c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-fr-2.0.2-27.… 7523ade7b3403b9134968537c342af7a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-galleries-2.… 94e609de323fd6f11ef227f72a986e65 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-gnome-2.0.2-… d6675d798537c7383a36b33d3731f03e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-gu-IN-2.0.2-… 0f5ee2d05b9de160f44368d75ec203ad ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-hi-IN-2.0.2-… a9655d354b6cdd2dc9a7f7e77556b4ff ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-hr-2.0.2-27.… 40b670c08df5a37aeb5a8f83c6d4b896 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-hu-2.0.2-27.… 6807e1c5f023d405539f8625413e14a3 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-it-2.0.2-27.… 02293cd1817b99f636c88df6d9fd52cc ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ja-2.0.2-27.… 5269f63982b7b68278da1b69df3f2d57 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-kde-2.0.2-27… f853f2d32b1f4c0f7ff805a0541cd106 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-km-2.0.2-27.… 835afe1890f61dd8b0b3bc52e4906a70 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ko-2.0.2-27.… 037e3fa756caeec84ec7f0834fbd976a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-lt-2.0.2-27.… 33047e34386cad97b73e10aa6d5eeb2f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-mk-2.0.2-27.… 4b84f8a6088ef595746854511bb6b233 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-mono-2.0.2-2… b3bb797798bb3425c5c74117c83ade07 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-nb-2.0.2-27.… 2960798993563198a0a82dfcba836054 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-nl-2.0.2-27.… 77fbf36aa00f7ec5852417aa20e12b6d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-nn-2.0.2-27.… 30582274e6f6a11b53a9d612da184fb1 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-officebean-2… 4d4664bad0185d33dcf04069094ddabe ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-pa-IN-2.0.2-… f41533305958c65ad9b49e0f2b7ea49b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-pl-2.0.2-27.… 11099b4a2a05f50c64fe0becdf02a7d3 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-pt-2.0.2-27.… 3f8b8b3c6f78152cf9b76086cd4587e9 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-pt-BR-2.0.2-… c79c91f6bf2ca7fd9d2f82f996b1e347 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ru-2.0.2-27.… 24e59b2661985f3734648c8439419108 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-rw-2.0.2-27.… 51b6ffbeeae68502a59883a5b0672fed ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-sk-2.0.2-27.… a5b6d505578753737ef297ea51c3ad01 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-sl-2.0.2-27.… 6b477f4856b761eea4f661e59d055803 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-sr-CS-2.0.2-… 9e1251123ec54c499caf01f19c501bcb ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-st-2.0.2-27.… fe44fe3998f9d7a30d9a9127c284eb92 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-sv-2.0.2-27.… c82836cdfe99eaa4c2ba82f37f93d72d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-tr-2.0.2-27.… 1e2fcbaa9f47748b446e1cd043de22bf ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ts-2.0.2-27.… 20db8260798bf038a591f649678945d7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-vi-2.0.2-27.… 8ef1e82d5bd643fd80e1c8bea67027da ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-xh-2.0.2-27.… e8659fe51475a2c8fdf758eaa307846c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-zh-CN-2.0.2-… 99b5e6854a5d4c9d48f363add47628e0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-zh-TW-2.0.2-… ac398efb31231d9c8aa4ec858a36e6c6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-zu-2.0.2-27.… 33e7011b6af2919f2a12baacf208a9e6 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-2.0.0-1… 61d9d5bc7aac7849cb4cbfb8790f37a6 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-af-2.0.… da05207bba91da697c94c488e3156889 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ar-2.0.… d1bc8359d869f1a4172eb51020b3326a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-be-BY-2… 74053d44c643c03ffa40a6de76aa027d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-bg-2.0.… c1725913b432af8f3ec439f04a40c7a2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ca-2.0.… 414d67ef5587e8ac8603bf2c425562a5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-cs-2.0.… b52cfc169e34ddd48ab924ef83260764 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-cy-2.0.… 8454d64c4b93e4446597d7906508bf3c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-da-2.0.… d5912a847b4f5b5785c998992e588ca8 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-de-2.0.… a96be7030a4ec3caea6b0546cd6bf8c9 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-el-2.0.… 470ae19a03ea33aac71519f175597f43 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-en-GB-2… 12e1b829b543c4de8f5cd30d6e7a2b11 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-es-2.0.… 07fe62feda63bd45b37b00b289cf4eee ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-et-2.0.… 0062b22b187ef897b7ba868653dac095 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-fi-2.0.… f6d38c40d984ae481482374a8eab6c65 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-fr-2.0.… b946608cdf61b99da92e1f5a671c2ff2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-galleri… b49d7ae870ee8c00d051c5449fdaa7b1 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-gnome-2… 6bbe65a7e920012e5595dd6bfdef48c5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-gu-IN-2… 29972433d06db409d3af4e9856921faa ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-hr-2.0.… 677c7f83e4ab91c6396a910e955ac0ea ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-hu-2.0.… 4d08a84837dfc2a0e6b2329f6c172d0b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-hunspel… 5e3465a80a21b7632b21a35b83d4ed2c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-it-2.0.… b37e2abd09b9a1c385f9cfeefc7cb918 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ja-2.0.… b399f2a47aa9fdc09c26b34ccead77d3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-kde-2.0… 8ff6cc73c265b253c870a7b622f045f0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ko-2.0.… 324bdcbc6d2e67e397e4fe025332fceb ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-mono-2.… 96c3db3801bd35886c95e7af67bb6449 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-nb-2.0.… 20b832a3190837501871d65011e0f7df ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-nl-2.0.… 29735fa76ba9ecb3a794052ed1bb6cd6 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-nn-2.0.… 93c364471320695312ce4f0d7e441fce ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-officeb… 45b09d3f52fab3ef3abf682d610400f5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-pa-IN-2… 5430ae8cc447a0f9cfc5e56f594e9aa3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-pl-2.0.… d38c63c6e62b5acd962bb89cec6e7bcc ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-pt-2.0.… 7b197b21ad3473745726cb5cd034c73b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-pt-BR-2… e4f5917800a94a1c9a220db9b20472c0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ru-2.0.… 29b7170afbd030a79e3e165de7e70f5a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-sk-2.0.… eb0cecbaa8ee9f990a60af2439d87247 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-sl-2.0.… 478c2c8b3e40d94e629372f43bd0b2da ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-sv-2.0.… ecb2ac813fecdbe1fe0a30bf2b49343e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-tr-2.0.… 85a276e3fd03f0dba981f5a8f27043f3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-vi-2.0.… 3aad86d3301f6306c5ac40dcc8f680d4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-xh-2.0.… 0d8866b667cc40caba33c67c21d413a6 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-zh-CN-2… d7d069ad57a36f21fc07919566dcf38b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-zh-TW-2… abce5f68f7398e6a2465cd489a826f8b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-zu-2.0.… d9a220df58f6b192ee2a23271dc4bbe4 Sources: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/OpenOffice_org-2.0.2-27.12.… b125986f9b6951f506ccfa47ee725f9e SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/OpenOffice_org-2.0.0-1… 38a6066b04cd70cb3f0b5a110ed61161 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/OpenOffice_org-2.0.0-1.… 86d35626732e626bd123b526d45df374 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/OpenOffice_org-1.1.3-16… c9983e539cbd07f2c7e260e955b1896b SUSE LINUX 9.1: ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/OpenOffice_org-1.1.1-23… a0c54aa34852c50994e32b1c688ffd8c ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/OpenOffice_org-1.1.1-… a0c54aa34852c50994e32b1c688ffd8c Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SuSE Linux Desktop 1.0 http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/fd3768697ff2063… Novell Linux Desktop 9 for x86 http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/9c33c18a6978aef… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBRKk2vney5gA9JdPZAQLpBgf+Pd6QTLMO1ZNDqDdi4jvrUW5tBNamyktZ DS9oSrq1Pd0NiiZa4O1cbDVhphrpyKK32SjJG7yDfcj3Nnf4kFzXC7l0GZ+/6R6l 1xbLi0i+u5EPgU0NgV25+c/f+FST3CVeEpkzBaFF++l2yXPk6nMIDhA7VyLL9RGk X8zikmN2QA9/wP6HSo7RytOpqguKSaSc2LL4OUfjJtw6f/ijeAWmuFjIv/f4uQG3 Uagak5q79F8udJ+Y6gSW/ohT4EKY4iQjH3StpywxUg47Tw8tRo1V71rRYP+vAhDA 4PwFoFZXAbbfzyveoSJv04TmtMtbgMyrjjxD70CA6BfUV3nbA5QCdQ== =aHre -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: kdebase3-kdm information disclosure (SUSE-SA:2006:039)
by Marcus Meissner 03 Jul '06

03 Jul '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: kdebase3-kdm Announcement ID: SUSE-SA:2006:039 Date: Mon, 03 Jul 2006 16:00:00 +0000 Affected Products: Novell Linux Desktop 9 SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 SUSE LINUX 9.2 SUSE LINUX 9.1 SUSE SLES 9 Vulnerability Type: local privilege escalation Severity (1-10): 7 SUSE Default Package: yes Cross-References: CVE-2006-2449 Content of This Advisory: 1) Security Vulnerability Resolved: KDM local information exposure Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The KDE Display Manager KDM stores the type of the previously used session in the user's home directory. By using a symlink a local attacker could trick kdm into also storing content of files that are normally not accessible by users, like for instance /etc/shadow. This problem is tracked by Mitre CVE ID CVE-2006-2449 and was found by Ludwig Nussel of the SUSE Security Team. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please restart all running instances of kdm after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kdebase3-kdm-3.5.1-69.23.i… 6b51aa1795da71a71119cf6aa6820153 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kdebase3-kdm-3.4.2-27… 5b36c9bc7cee1cdde72d7ad70860d596 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kdebase3-kdm-3.4.0-28.… f5a7cc054bf5223057e36aeef4bb2e55 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kdebase3-kdm-3.3.0-29.… e3b919080e181d5854526410675e116e SUSE LINUX 9.1: ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kdebase3-kdm-3.2.1-68.… 247b449b8b6142ff9ee413acbd4efc57 Power PC Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kdebase3-kdm-3.5.1-69.23.pp… 6db4614fe15867245801e17c72e9c8bd SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kdebase3-kdm-3.4.2-27.… 6366c0536eb41220bd1686513fe6e2c1 x86-64 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kdebase3-kdm-3.5.1-69.23… 6c31f10bd18a53f585a1cc6ac45ccbe4 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kdebase3-kdm-3.4.2-… f606da7a6561ec09fbbb70a467da1790 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kdebase3-kdm-3.4.0-2… fece9cedbe4033094c62124d85fe37cd SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kdebase3-kdm-3.3.0-2… 421cfc9dcacc8d1a59009cc849182297 SUSE LINUX 9.1: ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kdebase3-kdm-3.2.1… 3456c10099c7c075ef2653e750f0ad72 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: Novell Linux Desktop 9 http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/c43d8bdde8ba418… SUSE SLES 9 http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/292ea0b25bd919e… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBRKkhr3ey5gA9JdPZAQJwGAf+J5wt1zWBdHvVTXWeqfh0rfSznNNiLSPz D7S5JTXG+SG2vKUiF/Vi/CeD5W86CrT3MpHQyVNxrK9P12L5b08Fm5U5hhMwub7V SJNWC79agPuFMNh0wNqSOhqsfMB/vSwGSdLQ3TnQLHIdAyredmXu0wE52v2BfjPW HxuOVBRl5Cp4yFwMxWfmTfvqwNIyWdjF7HLzu0xtmYLZw4Mh09MvfnrzyhC3TxNO fTzxs38Eki2EYdrIIHknnA02GNVLCMDblms4+9q5gAe+tlrVHnS91FJ3zO/qkSZD 4Q6YhosCsnjFZLHTWtZI7dNBlQE9JbEblXs0JdvwFbi9o992lYOh5g== =wahD -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: Opera 9.0 security upgrade (SUSE-SA:2006:038)
by Marcus Meissner 03 Jul '06

03 Jul '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: opera Announcement ID: SUSE-SA:2006:038 Date: Mon, 03 Jul 2006 16:00:00 +0000 Affected Products: SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 SUSE LINUX 9.2 Vulnerability Type: remote code execution Severity (1-10): 6 SUSE Default Package: no Cross-References: CVE-2006-3198, CVE-2006-3331 Content of This Advisory: 1) Security Vulnerability Resolved: Opera security upgrade to version 9.0 Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The web browser Opera has been upgraded to version 9.0 to add lots of new features, and to fix the following security problem: - CVE-2006-3198: An integer overflow vulnerability exists in the Opera Web Browser due to the improper handling of JPEG files. If excessively large height and width values are specified in certain fields of a JPEG file, an integer overflow may cause Opera to allocate insufficient memory for the image. This will lead to a buffer overflow when the image is loaded into memory, which can be exploited to execute arbitrary code. - CVE-2006-3331: Opera did not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please close and restart all running instances of Opera after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/opera-9.0-1.3.i586.rpm dbe4f7ebdc8cf6c136f353be8e548954 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/opera-9.0-1.3.i586.rpm dc16c7c133a5d9a479552b8940735bbd SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/opera-9.0-1.3.i586.rpm 1eada48d9a4ccba242d9d8ec92872065 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/opera-9.0-1.4.i586.rpm 03715655bbc24e45645937fde9c9927a Power PC Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/opera-9.0-1.3.ppc.rpm ff66785910294364e7c0d043b48889dc x86-64 Platform: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/opera-9.0-1.3.x86_64.rpm a4e2435b110a28d29650998a2f08eb22 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/opera-9.0-1.3.x86_6… 94af3ffd12a53616ecd3b7ec572279f5 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/opera-9.0-1.3.x86_64… 4f55ed7caeaa590436c8ad0344a24353 SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/opera-9.0-1.4.x86_64… e03753b7a7a0448a66073f2d83c8f2d4 Sources: SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/opera-9.0-1.3.nosrc.rpm 7f74b7b8d4756a99070f0c9c566ef81d SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/opera-9.0-1.3.nosrc.rpm e984adc5a788c1ad8d7fcced4a29e237 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/opera-9.0-1.3.nosrc.rpm efcf570644020fbb33be81a647fe478f SUSE LINUX 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/opera-9.0-1.4.nosrc.rpm 0c1d68b31fcbd9d45a10805d2a3cc1fd Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (FAQ), send mail to <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQEVAwUBRKkeKXey5gA9JdPZAQLRGwf/YCDkTd3lnkrJDH1ZsEiAjeekee96EPfz 5FQcTRPivrCikSSUzXHLBXBnaGi9Q/it0SqXnPs/hdePr3QxY7IOWKLrePS05bAY qGR0eCWRpnvG7v7Q8vVrNnzvop44UMJXqq48KBLj29ACsr6SMjML8UNLKUWchgPV s0ExrtounnErvRxrlaqg/M18or8vMb8JmEQvFUJgUSP6rDbNu6lIo4KE925ZF8C7 De2KzIHTmF/ulLv+1OhtyvsGmJtPQE/vcf0DFp0VbBzT2LWq3FKP46mNJ8gGJjiY 1UEamXhiUEeywTzfJ7cTiqfLYFFsYfpf/YMc+2CPTHCFzqPcXhxilw== =EXm9 -----END PGP SIGNATURE-----

1 0