openSUSE Security Announce
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
July 2006
- 1 participants
- 10 discussions
SUSE Security Announcement: apache,apache2 mod_rewrite problem (SUSE-SA:2006:043)
by Marcus Meissner 28 Jul '06
by Marcus Meissner 28 Jul '06
28 Jul '06
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: apache,apache2
Announcement ID: SUSE-SA:2006:043
Date: Fri, 28 Jul 2006 17:00:00 +0000
Affected Products: SLE SDK 10
SUSE LINUX 10.1
SUSE LINUX 10.0
SUSE LINUX 9.3
SUSE LINUX 9.2
SUSE SLES 10
SUSE SLES 9
Vulnerability Type: remote denial of service
Severity (1-10): 6
SUSE Default Package: yes
Cross-References: CVE-2005-3352, CVE-2006-3747
Content of This Advisory:
1) Security Vulnerability Resolved:
Apache off by one security problem
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The following security problem was fixed in the Apache and Apache 2
web servers:
mod_rewrite: Fix an off-by-one security problem in the ldap scheme
handling. For some RewriteRules this could lead to a pointer being
written out of bounds. Depending on stack alignment this could be
used to potentially execute code.
The mod_rewrite module is not enabled per default in our packages.
This problem is tracked by the Mitre CVE ID CVE-2006-3747.
A more detailed description of this problem is available in:
http://www.apache.org/dist/httpd/Announcement2.0.html
For SUSE Linux 10.0, 10.1 and SUSE Linux Enterprise 10 additionally
a old bug was fixed that we missed to forward port to the Apache 2.2
packages:
mod_imap: Fixes a cross-site-scripting bug in the imagemap module.
This issue is tracked by the Mitre CVE ID CVE-2005-3352.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please close and restart all running instances of Apache after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-2.2.0-21.7.i586.rpm
124342d5311b318586d91d12117bdd2a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-prefork-2.2.0-21.7…
4a73ae89777943f4127743f817f0a0a5
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-worker-2.2.0-21.7.…
1905af7f606986f1818ebed5bd3382d5
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-2.0.54-10.5.i…
adf6c8665b9f0f36c6a7720a8f1bfad1
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-prefork-2.0.5…
1cbcec6896dc46504140177b48ca014d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-worker-2.0.54…
f721e397c518cc6160886a1296e5a109
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-2.0.53-9.12.i5…
e6ae2ee1353c1f1c31c0595b60d18137
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-prefork-2.0.53…
cb02c5f97671d2ab0a64215ed9987c2f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-worker-2.0.53-…
b8872991cf54d99659e60d860d0c44e8
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-2.0.50-7.14.i5…
9365d403839e7c0740aae1e2f1b6cdfc
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-prefork-2.0.50…
97d506d68996f80ffaaaa6494a127f7c
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-worker-2.0.50-…
f649e8eb98d43d6a44231f0c7453c9b2
Power PC Platform:
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-2.2.0-21.7.ppc.rpm
133b02c7a3a52a2bf144ece351ba00a1
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-prefork-2.2.0-21.7.…
099056b7a0f634ff1daf583ce2163839
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-worker-2.2.0-21.7.p…
a22ae78408cedfea6d66362509d3c721
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-2.0.54-10.5.pp…
16a119e6dab8e972a992ef37bd9973aa
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-prefork-2.0.54…
fcb8c3ca92f1b9a39791f51aad5b8907
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-worker-2.0.54-…
0f5dff953aea37964958bc0ed8932412
x86-64 Platform:
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-2.2.0-21.7.x86_6…
3ab36db089d7f3d60a7114820970afdd
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-prefork-2.2.0-21…
b7e9bc09fe9684292acf0e7ed0218b14
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-worker-2.2.0-21.…
b6b1ab1c03073f7f2acc07a0231ea532
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-2.0.54-10.5…
17c4bdc7577446bf45335ba58ebb3513
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-prefork-2.0…
d55a93a86ae6b5bf037ee336d4307133
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-worker-2.0.…
e64fc86d3337913db0c22ffde3519a36
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-2.0.53-9.12.…
d4996884e49ef11d27c97340efb6f079
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-prefork-2.0.…
5b599e78e59c7b59dc199777fe2c4eea
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-worker-2.0.5…
09f0f1dc18761a8a902f2dc5ab166883
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/apache2-2.0.50-7.14.…
595101ab05dfe5117ddab1d1f1463a28
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/apache2-prefork-2.0.…
112fe5dd14b66a4fbb82c3c5178bef69
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/apache2-worker-2.0.5…
7c07b8b400e6ed13a4707c3ebe1eed3a
Sources:
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/apache2-2.2.0-21.7.src.rpm
493d11cc099e975bc0974611cf936816
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/apache2-2.0.54-10.5.sr…
b83da64c6ad0b76d7a3a8bf909d61d39
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/apache2-2.0.53-9.12.src…
5d4c85c7f60ea5c73df0fba7d92bec35
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/apache2-2.0.50-7.14.src…
2c4e95c0ebe9bee49dec733cbdeb42d3
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
SUSE SLES 10
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/90eac595ae9e6c7…
SLE SDK 10
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/90eac595ae9e6c7…
SUSE SLES 9
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/90eac595ae9e6c7…
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/5d0c08a7586a4b9…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBRModD3ey5gA9JdPZAQId4Af/VhoqcRf1+yjri2+3kTMoB6mI638eGzWB
Cp95ERRylsDcrhwvqOtESGC78FMN6bGSMgtTOzakhVVDr2Rn2eKjYmHJU4E6W3da
UD9nOA3YDWVqHZDxH3XOhbvg7HtQ/44IMBC15Ob8P/vH6IarTLh1CA4ZOop+FClk
183vo2+i8BosBJGSsBGE6dCEQdqm1wGLo33/WYD+9Q3S3Hr8Yl5lZjfr0UEiVzKg
t60XhsFdUpS+kXQZlS3axdYaCPi86joji8nWo6ncgeL+VcBtyELHHRdpY2hFO5yU
hpAZRRJ/dOASX2MsaOV33v1yYtUEq0jaDxOTDOdUYf4Hz7I8MT01uQ==
=beMF
-----END PGP SIGNATURE-----
1
0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2006:018
Date: Fri, 28 Jul 2006 16:00:00 +0000
Cross-References: CVE-2006-3082
Content of this advisory:
1) Solved Security Vulnerabilities:
- gpg2 denial of service attack
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
- Mozilla Firefox / Thunderbird / Suite Security Update
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for minor
issues, SUSE Security releases weekly summary reports for the low profile
vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums
or download URLs like the SUSE Security Announcements that are released for
more severe vulnerabilities.
Fixed packages for the following incidents are already available on our FTP
server and via the YaST Online Update.
- gpg2 denial of service attack
It is possible to crash (denial of service) the GNU Privacy Guard
(gpg) by supplying a specifically crafted message specifying a
very large UID, which leads to an out of memory situation or an
integer overflow.
gpg itself has been updated some weeks ago already, gpg2 (the 1.9.x
version) was updated this week.
This issue is tracked by the Mitre CVE ID CVE-2006-3082.
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
- Mozilla Firefox / Thunderbird / Suite Security Update
We will be updating Mozilla in the next days.
- Mozilla Firefox:
All Mozilla Firefox on released distributions will be upgraded
to version 1.5.0.5.
This update affects: Novell Linux Desktop 9, SUSE Linux Enterprise 10,
SUSE Linux 9.2 - 10.1
The update might break manually installed Firefox Extensions.
- Mozilla Thunderbird
Mozilla Thunderbird on released distributions will be upgraded
to version 1.5.0.5.
- Mozilla Suite discontinuation / replacement by Seamonkey.
Since the Mozilla Suite is no longer maintained, we will most
likely replace it by Seamonkey 1.0.3.
This update affects: SUSE Linux Desktop 1, SUSE Linux Enterprise
Server 8, SUSE Linux Enterprise Server 9, Novell Linux Desktop 9,
SUSE Linux 9.2 - 10.0.
This will likely also require updates of evolution, beagle,
and other dependent packages, so it might take some time.
In general we recommend not using the Mozilla Suite any longer.
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and integrity of a
package needs to be verified to ensure that it has not been tampered with.
The internal RPM package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on RPMv4-based
distributions) and the gpg key ring of 'root' during installation. You can
also find it on the first installation CD and included at the end of this
announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ)
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBRMoU53ey5gA9JdPZAQJOMwgAmmcJTRtQJbNJWF9pkWXYZ7pXBOPlOjkO
6ftG7wfjOtFjv5fnAyLByDLNUDESD96jT3e2u43/pOqpSeSS+SdvbOUO3d433y2X
fd0/7lKe++ogZdiXuD1946XlxbsUgwbLm2UKItoxTGI4FX/zUbEmowPtkMHI2oKp
p4UcXh5dXoyyGJgxrkbQOkIArS+RWSbDiK+Q4pUsULB59YH7YG6qk0OuBRHAQpEE
ZP1fXv657UHguXYbP5K9DRpxZcCbmU4Nw6olezAZetAw2VqfMe9KN2fRX+kzE+kY
2/49yp3aChG+lmyLgyMaqcROXZCLljflFMXQxOXMZzaS8FeHjHRjvg==
=1w4C
-----END PGP SIGNATURE-----
1
0
SUSE Security Announcement: kernel security problems (SUSE-SA:2006:042)
by Marcus Meissner 26 Jul '06
by Marcus Meissner 26 Jul '06
26 Jul '06
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: kernel
Announcement ID: SUSE-SA:2006:042
Date: Wed, 26 Jul 2006 14:00:00 +0000
Affected Products: SUSE LINUX 10.1
SUSE LINUX 10.0
SUSE LINUX 9.3
SUSE LINUX 9.2
SUSE LINUX 9.1
Vulnerability Type: local privilege escalation
Severity (1-10): 7
SUSE Default Package: yes
Cross-References: CVE-2006-0744, CVE-2006-1528, CVE-2006-1855
CVE-2006-1857, CVE-2006-1858, CVE-2006-1859
CVE-2006-1860, CVE-2006-2444, CVE-2006-2445
CVE-2006-2448, CVE-2006-2450, CVE-2006-2451
CVE-2006-2934, CVE-2006-2935, CVE-2006-3085
CVE-2006-3626
Content of This Advisory:
1) Security Vulnerability Resolved:
Various kernel security problems
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The Linux kernel has been updated to fix several security issues.
This advisory refers to kernel updates for SUSE Linux 9.1 - 10.1.
For the SUSE Linux Enterprise 9 and 10, Novell Linux Desktop 9, Open
Enterprise Server products the kernel update is still in testing and
will be released within the next week.
SUSE Linux Enterprise 8 and SUSE Linux Desktop 1 with Linux 2.4 based
kernels are not affected by exploitable problems in their default
configuration and will not be updated with this security update round.
The SUSE Linux 10.1 kernel has been updated to state of the SUSE
Linux Enterprise 10 kernel and will continue to track it.
The updated kernel enables convenient use of kernel module packages
for NVIDIA and ATI drivers on SUSE Linux 10.1.
Please see the HOWTOs on http://opensuse.org/ on how to add and use
them. The update also includes a set of AppArmor and Kernel Module
Package (KMP) updates.
Following security issues fixed:
- CVE-2006-0744: When the user could have changed %RIP always force IRET,
now also fixed for the UML kernel.
- CVE-2006-1859: A memory leak in __setlease in fs/locks.c allows
local attackers to cause a denial of service (memory
consumption) via unspecified actions related to an
"uninitialized return value," aka "slab leak."
- CVE-2006-1860: lease_init in fs/locks.c allows local attackers to cause a
denial of service (fcntl_setlease lockup) via actions
that cause lease_init to free a lock that might not
have been allocated on the stack.
- CVE-2006-1528: Linux allows local users to cause a denial of service (crash)
via a Direct I/O transfer from the sg driver to memory
mapped (mmap) IO space.
- CVE-2006-1855: It was possible to potentially crash the kernel by
using CPU timers and timing the termination of the
parent process.
- CVE-2006-1857: A buffer overflow in the SCTP protocol could allow remote
attackers to cause a crash or possibly execute arbitrary
code via a malformed HB-ACK chunk.
- CVE-2006-1858: SCTP allowed remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a chunk
length that is inconsistent with the actual length of
provided parameters.
- CVE-2006-2444: The snmp_trap_decode function in the SNMP NAT helper
allows remote attackers to cause a denial of service
(crash) via unspecified remote attack vectors that cause
failures in snmp_trap_decode that trigger (1) frees of
random memory or (2) frees of previously-freed memory
(double-free) by snmp_trap_decode as well as its calling
function, as demonstrated via certain test cases of
the PROTOS SNMP test suite.
- CVE-2006-2445: A race condition in run_posix_cpu_timers allows local
users to cause a denial of service (BUG_ON crash)
by causing one CPU to attach a timer to a process that
is exiting.
- CVE-2006-2448: Due to missing checking of validity of user space pointers
it was possible for local attackers to read any kernel
memory, potentially exposing sensitive data to the
attacker or crash the kernel.
This problem is PowerPC specific.
- CVE-2006-3085: Fixed a remotely trigger able endless loop in SCTP netfilter
handling caused by 0 chunk length.
- CVE-2006-2451: Due to an argument validation error in prctl(PR_SET_DUMPABLE)
a local attacker can easily gain administrator (root)
privileges.
- CVE-2006-2934: When a SCTP packet without any chunks is received, the
newconntrack variable in sctp_packet contains an out of
bounds value that is used to look up an pointer from the
array of timeouts, which is then dereferenced, resulting
in a crash. Make sure at least a single chunk is present.
- CVE-2006-2935: A stack based buffer overflow in CDROM / DVD handling was
fixed which could be used by a physical local attacker
to crash the kernel or execute code within kernel
context, depending on presence of automatic DVD handling
in the system.
- CVE-2006-3626: A race condition allows local users to gain root
privileges by changing the file mode of /proc/self/
files in a way that causes those files (for instance
/proc/self/environ) to become setuid root.
The SUSE Linux 9.1 kernel update is the final SUSE Linux 9.1 YOU
update (see separate announcement from some days ago).
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
SPECIAL INSTALLATION INSTRUCTIONS
=================================
The following paragraphs guide you through the installation
process in a step-by-step fashion. The character sequence "****"
marks the beginning of a new paragraph. In some cases, the steps
outlined in a particular paragraph may or may not be applicable
to your situation. Therefore, make sure that you read through
all of the steps below before attempting any of these
procedures. All of the commands that need to be executed must be
run as the superuser 'root'. Each step relies on the steps
before it to complete successfully.
**** Step 1: Determine the needed kernel type.
Use the following command to determine which kind of kernel is
installed on your system:
rpm -qf --qf '%{name}\n' /boot/vmlinuz
**** Step 2: Download the packages for your system.
Download the kernel RPM package for your distribution with the
name indicated by Step 1. Starting from SUSE LINUX 9.2, kernel
modules that are not free were moved to a separate package with
the suffix '-nongpl' in its name. Download that package as well
if you rely on hardware that requires non-free drivers, such as
some ISDN adapters. The list of all kernel RPM packages is
appended below.
The kernel-source package does not contain a binary kernel in
bootable form. Instead, it contains the sources that correspond
with the binary kernel RPM packages. This package is required to
build third party add-on modules.
**** Step 3: Verify authenticity of the packages.
Verify the authenticity of the kernel RPM package using the
methods as listed in Section 6 of this SUSE Security
Announcement.
**** Step 4: Installing your kernel rpm package.
Install the rpm package that you have downloaded in Step 2 with
the command
rpm -Uhv <FILE>
replacing <FILE> with the filename of the RPM package
downloaded.
Warning: After performing this step, your system may not boot
unless the following steps have been followed
completely.
**** Step 5: Configuring and creating the initrd.
The initrd is a RAM disk that is loaded into the memory of your
system together with the kernel boot image by the boot loader.
The kernel uses the content of this RAM disk to execute commands
that must be run before the kernel can mount its root file
system. The initrd is typically used to load hard disk
controller drivers and file system modules. The variable
INITRD_MODULES in /etc/sysconfig/kernel determines which kernel
modules are loaded in the initrd.
After a new kernel rpm has been installed, the initrd must be
recreated to include the updated kernel modules. Usually this
happens automatically when installing the kernel rpm. If
creating the initrd fails for some reason, manually run the
command
/sbin/mkinitrd
**** Step 6: Update the boot loader, if necessary.
Depending on your software configuration, you either have the
LILO or GRUB boot loader installed and initialized on your
system. Use the command
grep LOADER_TYPE /etc/sysconfig/bootloader
to find out which boot loader is configured.
The GRUB boot loader does not require any further action after a
new kernel has been installed. You may proceed to the next step
if you are using GRUB.
If you use the LILO boot loader, lilo must be run to
reinitialize the boot sector of the hard disk. Usually this
happens automatically when installing the kernel RPM. In case
this step fails, run the command
/sbin/lilo
Warning: An improperly installed boot loader will render your
system unbootable.
**** Step 7: Reboot.
If all of the steps above have been successfully completed on
your system, the new kernel including the kernel modules and the
initrd are ready to boot. The system needs to be rebooted for
the changes to be active. Make sure that all steps have been
completed then reboot using the command
/sbin/shutdown -r now
Your system will now shut down and restart with the new kernel.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apparmor-parser-2.0-21.5.i…
9cd9a522ee1844e945b580697cf23ad9
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/audit-1.1.3-23.3.i586.rpm
89d2201c3dbc746ec24cf4bd4cb44559
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/audit-devel-1.1.3-23.3.i58…
72540e4f65fd2edf1782a75114fccb9f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/audit-libs-1.1.3-23.3.i586…
4cf153c5f2f544d0766a00fa83b3c8ef
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cloop-kmp-bigsmp-2.01_2.6.…
6bdf25dbf6a23a529fcb03a64b17cebf
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cloop-kmp-debug-2.01_2.6.1…
a844ad701dd378b34a4cadc0e4c22e6f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cloop-kmp-default-2.01_2.6…
dff4d32521e85e17d4f8ff6adca93949
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cloop-kmp-smp-2.01_2.6.16.…
cef9a15763ee6932c53ee21473cd4997
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cloop-kmp-xen-2.01_2.6.16.…
ba16f758468d56f1d7923db3b0904631
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cloop-kmp-xenpae-2.01_2.6.…
2c43fb6f07d4bfe9b93870e5427c1895
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/drbd-0.7.18-3.3.i586.rpm
e7b20cfae135aa61d35b7a5b21c74330
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/drbd-kmp-bigsmp-0.7.18_2.6…
909215493b300108c63119ab9f096d79
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/drbd-kmp-debug-0.7.18_2.6.…
e113b1b042ae80eab80c23c4c28cf97f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/drbd-kmp-default-0.7.18_2.…
b69e5fc59ca5d0c240fd53fc98a5484a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/drbd-kmp-smp-0.7.18_2.6.16…
6c9bac44ad763009d4331401d3ac10ec
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/drbd-kmp-xen-0.7.18_2.6.16…
3188da9046488df7bed609ffd7ce54fe
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/drbd-kmp-xenpae-0.7.18_2.6…
bb3ef37bcb236e56be33e14e1e367983
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/hbedv-dazuko-kmp-bigsmp-2.…
b9ecda8924b39c2ef58543daeb27f35f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/hbedv-dazuko-kmp-debug-2.1…
410388ef1c72ff622aa163a5c2d9df4c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/hbedv-dazuko-kmp-default-2…
afb6655fed055160232e9e88da940b24
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/hbedv-dazuko-kmp-smp-2.1.1…
23bab134a07330c207e7318843c82a79
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/hbedv-dazuko-kmp-xen-2.1.1…
4797651065a56662beb54b0a6bc88b12
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/hbedv-dazuko-kmp-xenpae-2.…
77832a824919e683087693f24db509f6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ivtv-kmp-bigsmp-0.7.0_2.6.…
57aefc602afcb1d96e386a748c84077f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ivtv-kmp-debug-0.7.0_2.6.1…
641354f8153682d9657809ff3de2ceef
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ivtv-kmp-default-0.7.0_2.6…
32c3dd5b3aa99ba22851a5b8437c3198
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ivtv-kmp-smp-0.7.0_2.6.16.…
261b6e2cef8380c105f1175813b6652e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ivtv-kmp-xen-0.7.0_2.6.16.…
2b0a21a904508d395e3fb6ae250bb97d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ivtv-kmp-xenpae-0.7.0_2.6.…
bdb122fa51617514703c0e6655976ecb
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-bigsmp-2.6.16.21-0.…
a7cd535abc7d7369df33218549a40641
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-debug-2.6.16.21-0.1…
76afdaa38402761b7a4547d346128d12
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-default-2.6.16.21-0…
c02ef80cf6259e9c2e2367d906ddbce5
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-kdump-2.6.16.21-0.1…
7d2ae84459eb40f27eb27ccd17f40065
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-smp-2.6.16.21-0.13.…
bb548b149f045f71f0cc77cdeab3554e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-source-2.6.16.21-0.…
06f6819e6b542f818dfc1cf8b177d21c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-syms-2.6.16.21-0.13…
c03b63fe79c14b963c2ca952d741507b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-um-2.6.16.21-0.13.i…
47dfc55b417521fc8f89719a26590b8b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-xen-2.6.16.21-0.13.…
ce2c2a0c3d8f8de549f7f9e464b215c6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kernel-xenpae-2.6.16.21-0.…
0ebf3e42683ade314e2eb216ee11de72
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kexec-tools-1.101-32.17.i5…
28f60804adcf7e5d19ec52b4d64de043
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/lirc-kmp-bigsmp-0.8.0_2.6.…
67b4f753cc31f80de61e6c3b46511ad8
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/lirc-kmp-default-0.8.0_2.6…
fe279b89071ac503553a3ef9f7006ccb
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/lirc-kmp-smp-0.8.0_2.6.16.…
b051b17aaa7f5f3faddd7ae04e17b25b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/lirc-kmp-xenpae-0.8.0_2.6.…
91e65fa9b282efc42f012b27f55db16c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/mkinitrd-1.2-106.15.i586.r…
3f795b29fdf6a9bc66eb42c8686c7977
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/multipath-tools-0.4.6-25.9…
d8dafe24a0f64529fa92a7f21acd88dd
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ndiswrapper-kmp-bigsmp-1.1…
e5a0788af9f6f93be7592212fa4e1d4f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ndiswrapper-kmp-debug-1.10…
188cdc73cf94c84cef6d9bfec587da9d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ndiswrapper-kmp-default-1.…
9b8abac21a6ed044bdde306d27f97b03
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ndiswrapper-kmp-smp-1.10_2…
2865814e726de3c07e4a63433e2408ae
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ndiswrapper-kmp-xen-1.10_2…
d49abd0a6bd8319a6bf35665cb20e1f1
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ndiswrapper-kmp-xenpae-1.1…
38bbad45bd3915010d26dd7dbf07b570
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/novfs-kmp-bigsmp-1.2.0_2.6…
a20595f9f88f23363aea1e281a853bb9
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/novfs-kmp-debug-1.2.0_2.6.…
e266f1647fd1d9b3fe53782249aa8017
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/novfs-kmp-default-1.2.0_2.…
21c7664b863b822b7e6fca494167dca7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/novfs-kmp-smp-1.2.0_2.6.16…
206c4c2c37edbe12a532d7df17992fe5
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/novfs-kmp-xen-1.2.0_2.6.16…
74f8ee6ce6fb0ba4264027d82dedfed2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/novfs-kmp-xenpae-1.2.0_2.6…
684fe3618c802c5949c16c2e23490fa7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/omnibook-kmp-bigsmp-200601…
aa274c0190792577dae5400fecad7642
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/omnibook-kmp-debug-2006012…
b37e5f6d1afff4d17236e781e908c4a2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/omnibook-kmp-default-20060…
504aee4caf372688dd59254b4296a071
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/omnibook-kmp-kdump-2006012…
826ef0e62b77ee7db3515c4f81d918fb
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/omnibook-kmp-smp-20060126_…
ba37438f88bb172e407d6e4db00fab9a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/omnibook-kmp-xen-20060126_…
3976e689381649ba359466ba5f891322
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/omnibook-kmp-xenpae-200601…
cb6ef7570da4621c6db5c23bbe9e382e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/open-iscsi-0.5.545-9.13.i5…
99aa6db3390acb91b9c67ac251c2ffc3
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/openafs-kmp-xenpae-1.4.0_2…
a56246ac270979f33de6dff3aa6b9d43
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/pcfclock-kmp-bigsmp-0.44_2…
afa731bcb72c96c2e3554518143a2941
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/pcfclock-kmp-debug-0.44_2.…
8479ea66ef737620144bfa24d5793005
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/pcfclock-kmp-default-0.44_…
702881557801a075ae91c8662556181d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/pcfclock-kmp-smp-0.44_2.6.…
fc4dfe6ba9c75dacbd9f4cf5f3b4dfbd
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/quickcam-kmp-default-0.6.3…
82ace92edf245eceddd502b65632b4af
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/tpctl-kmp-bigsmp-4.17_2.6.…
26815c7856a9b3e2912bba2e10baac34
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/tpctl-kmp-debug-4.17_2.6.1…
be232e269a6067bd2d936f16e6c8a3a6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/tpctl-kmp-default-4.17_2.6…
c4c56fbf67434f5f2939dd4e85cf6108
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/tpctl-kmp-smp-4.17_2.6.16.…
90fda039097bcb9dfea77c93321895e4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/udev-085-30.11.i586.rpm
73a5ffcaeea72c89632f6597113fa435
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/usbvision-kmp-bigsmp-0.9.8…
749b7ec34a2cd0864cd296419bdafcd8
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/usbvision-kmp-debug-0.9.8.…
a0eb6f7674520a01b151c490dc342dc7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/usbvision-kmp-default-0.9.…
37a4e14ce1ec4965f26e1326d7241762
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/usbvision-kmp-smp-0.9.8.2_…
5c9926a62a9e5096ce63349acbe89724
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/usbvision-kmp-xen-0.9.8.2_…
d2410737db46df9bada726bfc2416a2c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/usbvision-kmp-xenpae-0.9.8…
694c781f29dccaa1f26fcd58c79d4371
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/wlan-kmp-bigsmp-1_2.6.16.2…
01f91c7bd6eb1ca1edf5bee04ea2786a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/wlan-kmp-debug-1_2.6.16.21…
5a1adb87796cc4dc05dd38ff285e3408
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/wlan-kmp-default-1_2.6.16.…
38786dc33bfa6f02d3aa1bf997d25398
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/wlan-kmp-smp-1_2.6.16.21_0…
0b4cbdb97296ee00c6a67179f4b4efb7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/wlan-kmp-xen-1_2.6.16.21_0…
f139106bdfbc3e4faf1f4bad2a5f326b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/wlan-kmp-xenpae-1_2.6.16.2…
14ed4ae45d2d65ad5c78581940bb353a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xen-3.0.2_09749-0.7.i586.r…
59d56377f67d382fa5adca980a21caa8
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xen-devel-3.0.2_09749-0.7.…
2b7d4f9881b452a48abff40cf56241f4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xen-doc-html-3.0.2_09749-0…
59363777b0f98db4f96722fc95752866
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xen-doc-pdf-3.0.2_09749-0.…
0fa70e52865138e9644a24c036e3bda2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xen-doc-ps-3.0.2_09749-0.7…
ad5649957c67a8ecf5fae796fb7e40db
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xen-libs-3.0.2_09749-0.7.i…
e2c1e535725b5b24cd19c51a0e8dc8f4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xen-tools-3.0.2_09749-0.7.…
0cadd80f58357b3135825cba81785b56
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xen-tools-ioemu-3.0.2_0974…
8387b6d495aa45270872f60aabc1c394
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/zaptel-kmp-bigsmp-1.2.4_2.…
f7b74bcb292788f9cc5c584a01a9a47b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/zaptel-kmp-debug-1.2.4_2.6…
42a59aacc105356cfa1565cad548fd88
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/zaptel-kmp-default-1.2.4_2…
d4c16bdda9973cec6f66b6cb6216e7d1
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/zaptel-kmp-smp-1.2.4_2.6.1…
042d4daa42d5941ed5efce7d10c72c25
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/zaptel-kmp-xen-1.2.4_2.6.1…
cd8d8148c21c5acb1739ba3467dfe119
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/zaptel-kmp-xenpae-1.2.4_2.…
d4b664e27c6c8ec2eb4154d73b498171
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/Intel-536ep-4.69-14.6…
f1a8ba80079b81685d9426f09b64bb99
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-bigsmp-2.6.13-…
d2390ddccfaad103ae4d80fb59a73800
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-bigsmp-nongpl-…
f45d3b6f92c7e07be02ac7c45d6d2420
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-default-2.6.13…
d5ddb4d7c4e729712abd31c16d1d00fb
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-default-nongpl…
5354e1fa6372548bb998eacbb438fc9d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-smp-2.6.13-15.…
f358de08699bfbd90c2a96b63d04ebe9
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-smp-nongpl-2.6…
002fde4bfccb45b7b928f2d6cb175702
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-source-2.6.13-…
8dcc7463d139b67f4058196077fd77bb
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-syms-2.6.13-15…
82ef2c427e48d71d088bccdd3090051d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-um-2.6.13-15.1…
4cada92e8b362a18a6cb2e7b9dad1867
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-um-nongpl-2.6.…
a5c1fb1d7ba62cb7d47e1ebc68b6043b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-xen-2.6.13-15.…
e2e53924d3dd90ae1ed6fd6cf65e5a98
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-xen-nongpl-2.6…
cd9bad0b01cdad5dc70d4fbc82352af0
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/um-host-kernel-2.6.13…
d0af6de05ca9a572cf9ea25ba702867c
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/Intel-536ep-4.69-10.7.…
fb640315cdcf43f2ffd7f6f51828eccc
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-bigsmp-2.6.11.4…
474bcbd50739da47319f62ea9efac697
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-bigsmp-nongpl-2…
f591a96ebe1788fa7503ed80b35f4b9b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-default-2.6.11.…
00c44c19362f6256a95496de93500524
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-default-nongpl-…
cc6aebefa35a4bca90cc22cf4522fe97
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-smp-2.6.11.4-21…
00dfc63513b64f9aa6534ee0424a4d42
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-smp-nongpl-2.6.…
cfab4802ff6cdb522494690a53166bbe
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-source-2.6.11.4…
a8b6221034411bf63093fa7c2b8e6ad4
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-syms-2.6.11.4-2…
267669734dc0e95e2bdf96a4c9ce5321
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-um-2.6.11.4-21.…
31d0831adab64bbf848433c2b0b68db8
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-um-nongpl-2.6.1…
751dad14c0578d2522cad557ad00f13f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-xen-2.6.11.4-21…
32523934ffd726b303cd7650168262f2
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kernel-xen-nongpl-2.6.…
5155c42795497c07f27093677b011d2c
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/ltmodem-8.31a10-7.7.i5…
23bb3edd5eccdbfdba9abcfb1c356a7c
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/um-host-install-initrd…
7e0d874eacfb71671ef2cce0287f8cb0
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/um-host-kernel-2.6.11.…
7e561721fad94a6d744864bce5dd551e
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/Intel-536ep-4.69-5.16.…
bb0396417107d32fed4997d7a70b37f9
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-bigsmp-2.6.8-24…
bde42b68a6ed0eb3c3633ceb125f348c
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-bigsmp-nongpl-2…
ef4c6540b77fa646649fdc473039a569
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-default-2.6.8-2…
740f4bb7cbb56cf55360bf4a1edf32fe
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-default-nongpl-…
19313402b487108c4ef883dfcb7aa03e
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-smp-2.6.8-24.24…
4acac5fcacfb83abe2326c880a9ab94b
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-smp-nongpl-2.6.…
d5649a51a381106a7733bfe093c71bc4
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-source-2.6.8-24…
0415a737781d2906b3d380ccf3946dc7
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-syms-2.6.8-24.2…
5bf912e55bb0fb5aec445eafa0075784
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-um-2.6.8-24.24.…
f56fe753c10797532e7239b9a68e97d6
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kernel-um-nongpl-2.6.8…
a2f9dbcacff96e556ff82cc716417ed5
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/ltmodem-8.31a8-6.16.i5…
5a062eb816a7a4638f9261ba98767dd2
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/um-host-install-initrd…
9e31db031ba57f3af146a17d9597986f
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/um-host-kernel-2.6.8-2…
0f9837aa3de9897a5983af8726615339
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-bigsmp-2.6.5-7.…
ceba69d6952612d1cc2434b8da1cbf75
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-default-2.6.5-7…
1c1d3680df647755a922fbf8028b58b9
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-smp-2.6.5-7.276…
217d25d2d474d4f7eb974d966fd4c926
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-source-2.6.5-7.…
aabe3bb797ddaacc5f19b144d37b4be5
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kernel-syms-2.6.5-7.27…
d87358add6318890f66d0de62a2bcbea
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/ltmodem-2.6.2-38.24.i5…
d8eadd159248361b0a9ee0e0cb3f4168
Platform Independent:
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/noarch/apparmor-admin_en-10-7.5…
8a183fb7f7b69af041e1f6f4a5b46d68
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/noarch/apparmor-docs-2.0-17.5.n…
827b675a6c216ec32902183c79433479
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/noarch/apparmor-profiles-2.0-34…
f6ae693557732b8f27eba4dfde4a9eb4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/noarch/apparmor-utils-2.0-23.5.…
acb673a77bfe60d6d036e60f5b19764b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/noarch/yast2-apparmor-2.0-27.5.…
83c76ee5e56846ec7545d5fe0bf25098
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/noarch/kernel-docs-2.6.11.4…
1ebb82bcf1316493ca8b4355db932d0b
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/noarch/kernel-docs-2.6.8-24…
e7d6caf8cb9c23119d181b98efaf7ba7
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/noarch/kernel-docs-2.6.5-7.…
ece4fe625855902c637abe9f1252f6d4
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/noarch/kernel-docs-2.6.5-…
556b8059e67605daa9d789907db10778
Power PC Platform:
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apparmor-parser-2.0-21.5.pp…
f630cd2887055b6442706a229bd79f34
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/audit-1.1.3-23.3.ppc.rpm
8aa6cc2de24e4bb4d4c74307986ca354
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/audit-devel-1.1.3-23.3.ppc.…
f7e3b65e5754df2c7e3f81387f4dfce5
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/audit-libs-1.1.3-23.3.ppc.r…
5c6861388a938b80c266a1932fac85d0
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cloop-kmp-default-2.01_2.6.…
ac3295455812a021ad5f239ab56287cb
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cloop-kmp-iseries64-2.01_2.…
8dd405813e14d317831dc5b6a657d55d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cloop-kmp-ppc64-2.01_2.6.16…
c59982049da9a11ebf26e3ac477442ab
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/drbd-0.7.18-3.3.ppc.rpm
fdcc271b40cfc14985951fb94154c0ef
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/drbd-kmp-default-0.7.18_2.6…
16e8bf1e04d4574ea116fd8a9617c5ed
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/drbd-kmp-iseries64-0.7.18_2…
0e648065b5442763404396603e1c2782
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/drbd-kmp-ppc64-0.7.18_2.6.1…
a7dcee57666e9ca61d4dea5b4953655b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-default-2.6.16.21-0.…
e37ef749e89e0785dee5cb0bb1efa740
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-iseries64-2.6.16.21-…
1623a8a97419a2272027aa166430860a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-kdump-2.6.16.21-0.13…
76c9fdf080d3697ba2b97a18b3c031f8
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-ppc64-2.6.16.21-0.13…
181a7668969c02dd217f77f795f88214
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-source-2.6.16.21-0.1…
216d42cb7f22a423bb62b1af3124ca5a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kernel-syms-2.6.16.21-0.13.…
2442412bc80a1301b3cf4a8e491e1a1d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/lirc-kmp-default-0.8.0_2.6.…
583928fdc71ae4a8790bc1d04be092d0
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/lirc-kmp-iseries64-0.8.0_2.…
0c617c35763488383d31e09776981ffc
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/lirc-kmp-ppc64-0.8.0_2.6.16…
b64cd82811dc7d7f279b87e5dbc51276
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/mkinitrd-1.2-106.15.ppc.rpm
70ca7ada636755d8ba1d159d38cfb98c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/multipath-tools-0.4.6-25.9.…
0df9787c0d34cdde227e76218accbafb
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/open-iscsi-0.5.545-9.13.ppc…
8b19b4b4d10841fc0edcfad8bead5321
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/pcfclock-kmp-default-0.44_2…
108d8f2c2b660bfd805ef76820a8a835
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/pcfclock-kmp-ppc64-0.44_2.6…
0dab492bad5d5815c678df2987ebae62
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/quickcam-kmp-default-0.6.3_…
61cd65508674e71fe619bec2fb9026f3
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/udev-085-30.11.ppc.rpm
4571532a54b7e221448b324ca994e4d1
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/wlan-kmp-default-1_2.6.16.2…
079bb0db9f9396f5daf64cb00246bbd1
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/wlan-kmp-iseries64-1_2.6.16…
835067ccf55f42ed34cff08e9b6ffce4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/wlan-kmp-ppc64-1_2.6.16.21_…
3bd1bb0e1150dc95f94858e956f4dc22
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/zaptel-kmp-default-1.2.4_2.…
068e5337926200f980be3dcb67c2eb98
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-default-2.6.13-…
8351be43b5c3896df83c63ba65cfeb5a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-iseries64-2.6.1…
7747fa43d835b3320b3a3fa54f235013
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-ppc64-2.6.13-15…
18c443c60f7829c88bd821fb865046ac
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-source-2.6.13-1…
06cf812b56183eb5156e344db7fe310c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-syms-2.6.13-15.…
2f44c721c158dd9f56a497223b54431d
x86-64 Platform:
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apparmor-parser-2.0-21.5…
060873e93856d7954d33812f2cb26c13
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/audit-1.1.3-23.3.x86_64.…
a3149bc43d13af6a808efce907f11b53
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/audit-devel-1.1.3-23.3.x…
48d28c73627c036e60fbcba5daa889ff
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/audit-libs-1.1.3-23.3.x8…
dee93d43a783ebf6ca16202a1382118f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cloop-kmp-debug-2.01_2.6…
dc2bb193b8f30b6d3444aa9371826d23
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cloop-kmp-default-2.01_2…
df81804f31015ce6baf0eec3354a75b9
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cloop-kmp-smp-2.01_2.6.1…
a9f20351762bccc74ebc1df2d5b5adf4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cloop-kmp-xen-2.01_2.6.1…
1013121fc139ace267bb33f3b10e114d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/drbd-0.7.18-3.3.x86_64.r…
44025e09c1571e735f82d4d60e71fc0b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/drbd-kmp-debug-0.7.18_2.…
3331bff87496d9e9afa1fb83919b1111
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/drbd-kmp-default-0.7.18_…
2b85c2e78d4ecb2e0e21f7908c7257f6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/drbd-kmp-smp-0.7.18_2.6.…
bd3e07b7356c64b541be792c97868d19
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/drbd-kmp-xen-0.7.18_2.6.…
35ee253010ade83dc595c8a27f308335
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/hbedv-dazuko-kmp-debug-2…
d845a7df15fdb571df85b31e6a667005
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/hbedv-dazuko-kmp-default…
a3f8918d10b82a61042f3044a695e877
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/hbedv-dazuko-kmp-smp-2.1…
82f20f84b58d676999e5e909336c66b7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/hbedv-dazuko-kmp-xen-2.1…
c5584a0cbbc8d0fef477afe195dcf277
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ivtv-kmp-debug-0.7.0_2.6…
fe4d8f6e1297c41dd04b1dc6473d47c1
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ivtv-kmp-default-0.7.0_2…
1a03723657be633a35162e31940ae647
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ivtv-kmp-smp-0.7.0_2.6.1…
66875b4b65f2e48df27491a2d0d93de9
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ivtv-kmp-xen-0.7.0_2.6.1…
0e8f15d78033b73a96440736820e5cbb
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-debug-2.6.16.21-0…
d237873002ea1a5501f3b61f76b6903c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-default-2.6.16.21…
f44e5a424121b256b3c1287997ba4061
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-kdump-2.6.16.21-0…
170baeb8f839651598ddbcbf93aa4670
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-smp-2.6.16.21-0.1…
d32a01850aebf660e1a740c2f9b9927a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-source-2.6.16.21-…
8002fc7b644f2c64c258400f29050e5d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-syms-2.6.16.21-0.…
9c7549f01707a434c0247f73eb9b0152
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kernel-xen-2.6.16.21-0.1…
9ecef38e308f2e4ef644e832fee15a8b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kexec-tools-1.101-32.17.…
121b57cabdcb74e90f3992ad2a7843c8
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/lirc-kmp-default-0.8.0_2…
84ef08317d3bcf6552ec57a0487349e0
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/lirc-kmp-smp-0.8.0_2.6.1…
64898d1f8f8e98ab43f2d52a10bd3a52
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/mkinitrd-1.2-106.15.x86_…
49bee58e184fe82330f0b9c1720a97f4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/multipath-tools-0.4.6-25…
e01336dc8e630ffa76918c4e487dba9f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ndiswrapper-kmp-debug-1.…
fe54b39f60d50c48f25d9e756212991e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ndiswrapper-kmp-default-…
2906ea2b8c781eda354a83bcd668ea10
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ndiswrapper-kmp-smp-1.10…
16ee21b17dcd1e5c3db212d9b9f281ba
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ndiswrapper-kmp-xen-1.10…
59f733077e5cf2d208802599111778b1
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/novfs-kmp-debug-1.2.0_2.…
6bce5050ab3d11597c129b2a86a22599
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/novfs-kmp-default-1.2.0_…
b033fe6ec282491fc8227718a2ccddb3
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/novfs-kmp-smp-1.2.0_2.6.…
e0a234ff6261e1b3d28afcfb1b09cb52
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/novfs-kmp-xen-1.2.0_2.6.…
e262ada6e83e80b394f84deb18d367c7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/omnibook-kmp-debug-20060…
1ba9eece36909166f129f3a05c5b0a34
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/omnibook-kmp-default-200…
0c61295b0a053475f6a31619f761d67d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/omnibook-kmp-kdump-20060…
28c2c42e81b473b533800c26fb161db8
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/omnibook-kmp-smp-2006012…
b490a216fad445f0499dabb64307de75
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/omnibook-kmp-xen-2006012…
f72df7eddb5a3f417878e5680fab5cd1
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/open-iscsi-0.5.545-9.13.…
c51104356caeb53cd189079bfc8f7bb4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/pcfclock-kmp-debug-0.44_…
5487af5844e98b6a3d51394671d19fd5
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/pcfclock-kmp-default-0.4…
5547a66c2172a1e37cf83352a2971bf7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/pcfclock-kmp-smp-0.44_2.…
fbd677b5ef2747de9f038efb55ff5162
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/quickcam-kmp-default-0.6…
01f40956b13ece3ffac89484d99784f1
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/udev-085-30.11.x86_64.rpm
149b04dbd960e9c853578c5357ce142d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/wlan-kmp-debug-1_2.6.16.…
3356f6a1d58c98344b354fc556a7ed32
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/wlan-kmp-default-1_2.6.1…
3fcf84553e3039c1ad1659681fa59c4f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/wlan-kmp-smp-1_2.6.16.21…
c9c8d7587bd5922fb0d87d066f402d72
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/wlan-kmp-xen-1_2.6.16.21…
dffd5eab1d7e201b8802b96bd5b39030
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xen-3.0.2_09749-0.7.x86_…
8f08be21026a337d1331288d0ed33192
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xen-devel-3.0.2_09749-0.…
9e9806f40e6ab9961543306d1ee236cf
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xen-doc-html-3.0.2_09749…
7ef2bf1b781916f5a778804380ad921b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xen-doc-pdf-3.0.2_09749-…
04e9674d20bbbf8785b5cfcc2131e7da
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xen-doc-ps-3.0.2_09749-0…
a0b1277b24d9c2c0a46557bb6f4e4473
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xen-libs-3.0.2_09749-0.7…
b5eb3c8eb334d8f09bce0ec67d9e9ca7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xen-libs-32bit-3.0.2_097…
9955c0c24e174ec83f46ce52e76ab98e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xen-tools-3.0.2_09749-0.…
523ccc5bee4cfdbb9b1b7080f9a05649
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xen-tools-ioemu-3.0.2_09…
08159c0dd7ea459396d5de547e75d7f0
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/zaptel-kmp-debug-1.2.4_2…
b2499ba0ba2367da270f690b75ee40c8
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/zaptel-kmp-default-1.2.4…
45d781cffb80f6d8bd5d58be522aa2f4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/zaptel-kmp-smp-1.2.4_2.6…
7ad169812c058a21be7b49fd86fd9237
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/zaptel-kmp-xen-1.2.4_2.6…
f9c0361874d265be3e6e2e8ef66ae635
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-default-2.6.…
b85489f0ad8cc9bbb5728c64e7c8fc2f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-default-nong…
4e132e7adbada352e112c64a3c9f2408
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-smp-2.6.13-1…
087fea22e9d90ef98337c30f55318db3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-smp-nongpl-2…
e6f47d4bd1fda55cabf5a59b62c2e183
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-source-2.6.1…
0a6f8350214710e2f600ac204eb1a0a5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-syms-2.6.13-…
5fff86f3834368fa34c5e32855f44d0c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-xen-2.6.13-1…
f87081d87e0f9c7d3ba627309107bddf
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-xen-nongpl-2…
b8d9b58c238d533550ccce278dad30f0
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-default-2.6.1…
43f6fb67727c88b0f4aeda733120ac84
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-default-nongp…
bf333ee5088cc7f5a4888530557fb719
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-smp-2.6.11.4-…
be4142bb00d29a20b18159add573fc74
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-smp-nongpl-2.…
8c47ed2a4949b3e9aaa046830472b2ef
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-source-2.6.11…
1d373c25c0590d223f17e1d9feba1f6c
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kernel-syms-2.6.11.4…
f21817e9293fc603914958b0eed983ca
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-default-2.6.8…
c4d600c67fa16520e30e4f306c2f174c
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-default-nongp…
1e5a69fdd455ba1c9317b5386b4f887d
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-smp-2.6.8-24.…
37a138694706fdd8229d51f75256ca74
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-smp-nongpl-2.…
9ede22ac6b4119995d4c8ea6329f2851
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-source-2.6.8-…
9c28c19a989ad975e26c3c4210ab93df
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kernel-syms-2.6.8-24…
ef6477f4e8d9386e8c14e5f33cab6e15
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-default-2.6…
a1ec9ed29e7b844639fb264c0c051f79
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-smp-2.6.5-7…
9c18e347968bc60d4e32b67557c1830b
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-source-2.6.…
205bd72a791fd24589330c152f73d18b
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-syms-2.6.5-…
63ada2081021bc1307c6153ccd043b87
Sources:
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/apparmor-admin_en-10-7.5.sr…
43095bf3f55a08d8064a021d6aaa1db7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/apparmor-docs-2.0-17.5.src.…
abe9f0dc42be1ce5c7590f357d9d134b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/apparmor-parser-2.0-21.5.sr…
7fe00c347fec96fef49bf0463b209210
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/apparmor-profiles-2.0-34.9.…
c6b49655962246afcc288c2df8eed31f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/apparmor-utils-2.0-23.5.src…
5257e473bc5e8a6f7c4dccd5e6a9ae55
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/audit-1.1.3-23.3.src.rpm
cf3d5c02a37d737c0178c72ea84ee203
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/drbd-0.7.18-3.3.src.rpm
f7c33143e57fb99cf0b392096d9f7d44
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-bigsmp-2.6.16.21-0.1…
9359a72d2f9016a61beb36f6b2f0fa28
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-debug-2.6.16.21-0.13…
4a26cacb10c6dbf2706fadc4b83535e4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-default-2.6.16.21-0.…
235efd96d5f7c6ccfc9a398cc8d27108
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-iseries64-2.6.16.21-…
40dc372c825056205aa0c1cc1de2473b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-kdump-2.6.16.21-0.13…
ed77128c1b3433a22c12cb78491d9353
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-ppc64-2.6.16.21-0.13…
d322ff866d8534ad3bc53e6dabc3443d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-smp-2.6.16.21-0.13.n…
a4aeb424592289ef78edcdd6cd1449db
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-source-2.6.16.21-0.1…
9173110fbf71bfb007b9a560e3a9bad6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-syms-2.6.16.21-0.13.…
02cdf335631f2da95056cba8eda0f165
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-um-2.6.16.21-0.13.no…
1324aec2bfd8c3530e8f90088cc25c81
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-xen-2.6.16.21-0.13.n…
1250728306b9b3253ae82afedf0f1e4a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kernel-xenpae-2.6.16.21-0.1…
f193f3d82e8b0aa15d7ab13a081a7cf2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/kexec-tools-1.101-32.17.src…
3374197c18ba7324995f433a939fbe54
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/mkinitrd-1.2-106.15.src.rpm
ddf61f16d38e997d85fd04fdf64eaa02
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/multipath-tools-0.4.6-25.9.…
261e2516378e1e6596f9ad767a0594bc
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/open-iscsi-0.5.545-9.13.src…
852e15549b54733414a667631052840b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/udev-085-30.11.src.rpm
330f5f4e04d9448b023301d3ff332305
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/xen-3.0.2_09749-0.7.src.rpm
9adfc5f7c109b6c7f206d2765b99f1ec
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/yast2-apparmor-2.0-27.5.src…
279b8397e1cd4fd829b12f09018f46cc
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/Intel-536ep-4.69-14.6.…
4b3fb42d44b1cf10ab6d4ede6bb67fa0
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-bigsmp-2.6.13-1…
e05d21d1ad9f1c3ea3268dde157fe13b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-default-2.6.13-…
f10fad044c2193fa6261096b223db611
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-iseries64-2.6.1…
3190b4017784a56bb412971d6ed06a1f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-ppc64-2.6.13-15…
bcfbd7b1edbc5a97d9fda3f540d0be9d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-smp-2.6.13-15.1…
b590965d0190dfe933b8e3572a190706
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-source-2.6.13-1…
00a4a6bcab31204089ec8464b070ecf9
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-source-2.6.13-1…
790f0f0352d0f3cceb730a4e06f1951f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-syms-2.6.13-15.…
0c017619952331561adfbed8399d7aff
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-um-2.6.13-15.11…
c2ed71e73606a5330f55870b8f1d7d38
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-xen-2.6.13-15.1…
9fcc6eb7846ddd324f4c88a9f1a99eea
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/Intel-536ep-4.69-10.7.s…
e84f71edcbbad93da19fca50936e457f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-bigsmp-2.6.11.4-…
c2d704c30248e369c1256c9cbda9c792
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-default-2.6.11.4…
a83446d1d83069403cf167da49f7e4ac
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-docs-2.6.11.4-21…
515752e1ce2951bf3338664c6db1e93f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-smp-2.6.11.4-21.…
2227766974f9d279173ff67adac2846a
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-source-2.6.11.4-…
a7eb9d1dde2fbf036057c3eea7da228f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-syms-2.6.11.4-21…
bd62cf4acca249292569a439d1b95a08
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-um-2.6.11.4-21.1…
7f5d2e691cf0e2373b85895e7518a1ff
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/kernel-xen-2.6.11.4-21.…
f637f470f98d0c2ed239dae6d57461b8
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/ltmodem-8.31a10-7.7.src…
a070d16b8d8f48d7df10f4a2a7553746
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/um-host-install-initrd-…
a4df9d5558c21e322565bb837443b249
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/Intel-536ep-4.69-5.16.s…
df33c271d1a488f4b546947c9100e856
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-bigsmp-2.6.8-24.…
4baaed24bac712a743c68e6da5328bbd
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-default-2.6.8-24…
a12e6479c058a95c5c057359df1f87ac
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-docs-2.6.8-24.24…
d49b746c707e82b7552e09ca752b012c
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-smp-2.6.8-24.24.…
2e4370a418fb2cd663e19f1b5722e8d2
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-source-2.6.8-24.…
ddb880da28744d6906698a6d71772b9a
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-syms-2.6.8-24.24…
be826c69b6a717786bc4a42d4558d666
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/kernel-um-2.6.8-24.24.n…
73f298756b8c260db19f66045702de42
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/ltmodem-8.31a8-6.16.src…
929a46b7e2e7045c182909134c90f764
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/um-host-install-initrd-…
933712007872a733e4f8f2f7a2d6040f
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-bigsmp-2.6.5-7.2…
86501653c20812d977ea23f47af5c9d3
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-default-2.6.5-7.…
6fc2656d5c81821db987ccfa26ad51ea
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-docs-2.6.5-7.276…
8541534925706aa2063d874f14a365a6
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-smp-2.6.5-7.276.…
c9a6e3ee6a98005ecd4710a8b0bc8c4e
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-source-2.6.5-7.2…
523fd5b4a12c8c666818ea94e9e699e3
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/kernel-syms-2.6.5-7.276…
660abce3f8e14427bbaf17e3fa01d115
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/ltmodem-2.6.2-38.24.src…
d259fef3b0115765990fb4e58cee0e40
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-default-2.6.5-…
77411e0e5b44ae7ca78bc0e9ed77e646
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-docs-2.6.5-7.2…
da439bf54800360273231d0a62e00f72
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-smp-2.6.5-7.27…
862a7fafdee7df50a02aceac09f86017
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-source-2.6.5-7…
61a48f3900f2c1d2fd389dff0566225d
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/kernel-syms-2.6.5-7.2…
cd0906f0fc78df823b65df1b6de63944
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBRMd4lXey5gA9JdPZAQI79gf/R9BbReJKlkRL8YMn8TOrWJXc4sJ1M2xA
SGQV4vq7cuhYPoyiW9TANnRn/w57iBIrwZWUtg4atSENOhjaZrjm8nwiHoSp1xZn
u+iM57hbt38CiPt06CzLf0DrC9vKh7znHhTOXh0/8QeQA+gGF0g1z+LHcmxECkom
JFcZ82lz7jKknTycH8ySo09o25eGUrfhzmpzPb8JLglUUpZ4tXaWN+OJG0c7RiWl
fN8xyq9zyVjxK4uLHwWtIjAUvT3mriJdJU7Snr+11H/mkJEq3Of8LobMFKVVKPTQ
7YweB4E0KwsMBIJpweeT6x+nXEupxtAlKkhBlZpX/9vgmdUjdjZa0w==
=qXhX
-----END PGP SIGNATURE-----
1
0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2006:017
Date: Fri, 21 Jul 2006 17:00:00 +0000
Cross-References: CVE-2006-2223 CVE-2006-2224 CVE-2006-3403
CVE-2006-2842 CVE-2006-2451 CVE-2006-3626
Content of this advisory:
1) Solved Security Vulnerabilities:
- quagga/zebra RIPv2 auth evasion
- samba remote denial of service
- squirrelmail local file inclusion
- CASA various fixes
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
- Local root exploits in Linux kernel
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for minor
issues, SUSE Security releases weekly summary reports for the low profile
vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums
or download URLs like the SUSE Security Announcements that are released for
more severe vulnerabilities.
Fixed packages for the following incidents are already available on our FTP
server and via the YaST Online Update.
- quagga/zebra RIPv2 auth evasion
In the routing suites zebra and quagga it was possible to bypass
RIPv2 authentication requirements by using RIPv1.
Since RIPv1 doesn't support authentication at all this update
introduces an option to switch off RIPv1 (CVE-2006-2223,
CVE-2006-2224).
This affects all SUSE Linux based products.
- samba remote denial of service
The Samba smbd daemon could be made to allocate huge amounts of
memory by sending malformed packets from remote and so effecting
a remote denial of service attack due to memory exhaustion.
This issue is tracked by the Mitre CVE ID CVE-2006-3403 and affects
all SUSE Linux based products.
- squirrelmail local file inclusion
The squirrelmail webmail front end could be made to include local
files into its PHP code, potentially causing code execution.
This issue is tracked by the Mitre CVE ID CVE-2006-2842 and affects
all SUSE Linux products.
- CASA various fixes
Various bugs and problems were fixed in the CASA authentication
framework, some of them security relevant:
- Secrets with special characters inside were handled incorrectly.
- Enhanced Salt generation.
We updated the CASA packages on 10.1 to SLE 10 level.
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
- Local root exploits in Linux kernel
The Mitre CVE ID CVE-2006-2451 references a local root exploit using
the prctl() system call. This affects SUSE Linux Enterprise Server
9 and 10, SUSE Linux 10.0 and SUSE Linux 10.1
The Mitre CVE ID CVE-2006-3626 references a local root exploit
using /proc/ files. This affects all 2.6 Kernel using products,
SUSE Linux 9.2 up to 10.1, SUSE Linux Enterprise Server 9 and 10.
The SUSE Linux 10.1, 10.0 and 9.3 kernel updates for this issue
were released this week, but included in the later summary.
We are QA testing updates for this problem, but they will take at
least a week due to QA turnaround times.
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and integrity of a
package needs to be verified to ensure that it has not been tampered with.
The internal RPM package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on RPMv4-based
distributions) and the gpg key ring of 'root' during installation. You can
also find it on the first installation CD and included at the end of this
announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ)
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBRMDrHHey5gA9JdPZAQI5vAgAk1TyCOBb1uRM/y65b99btVItgLaz0Mmx
zBeFNX3TgcyJ27i8pjT5+hOmbQ1eTpKg7u4KvKnIwr7J41deA5d6O/xRT5ujcwLT
hzVcraEqyC6quySCrDHLoIrbd3u7Ddpd39M4VuHzOwOSlO7Vrs9mTKtRdCvTEp5D
gcJ6kJNKWFU1+sgb2HcbysU+0dXe6OdXC0JFZ4d4o6Zt/LaLRrZ0qCJTu0023RJH
FXzkAFX9Ck03nYh8R69M4t+6gxw9T7LRUpZgy+YhiZ+uz7PAG7YZsvBYhv9DHEet
dD3Z2oQad7SJXcKlMsvYiiMrD6LgQ1y/ZzaqMc9FRWBpand8LS+unQ==
=yjMo
-----END PGP SIGNATURE-----
1
0
Hi folks,
We released the last update for SUSE Linux 9.1 today (quagga).
This means no further updates to SUSE Linux 9.1 will be published
and it can be considered finished aka end-of-lifed aka "done".
The update mirror areas will be moved away/removed at some
point in the next weeks.
Here is a small summary over the YOU patches we released
for SUSE Linux 9.1:
Total Patches: 639 (300 active, 339 obsolete)
Security Patches: 492 (213 active, 279 obsolete)
Recommended Patches: 119 (68 active, 51 obsolete)
Optional Patches: 28 (19 active, 9 obsolete)
This makes 0.9 updates per real day and 1.3 updates per work day.
This also makes 0.67 security updates per real day and 1.0 security
updates per work day.
We have released updates for certain packages multiple times:
20 kernel (nearly 1 per month)
17 php4
13 clamav
11 opera
11 MozillaFirefox
11 kdelibs3
10 squid
10 ethereal
9 phpMyAdmin
9 apache2
7 xine-lib
6 xpdf
6 squirrelmail
6 samba
6 mozilla
6 mailman
6 gaim
5 postgresql
5 libtiff
5 heimdal
5 gpg
5 cyrus-imapd
4 XFree86-libs
4 tetex
4 subversion
4 snort
4 ruby
4 rsync
4 pdftohtml
4 mysql
4 mpg123
4 mkinitrd
4 liby2util
4 kdegraphics3-pdf
4 java2
4 ImageMagick
4 hotplug
4 gpdf
4 gd
4 cups
4 acroread
(others are 3 times or less)
Ciao, Marcus
1
0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2006:016
Date: Fri, 14 Jul 2006 17:00:00 +0000
Cross-References: CVE-2004-1488, CVE-2005-4190, CVE-2006-2195
CVE-2006-2451, CVE-2006-3093, CVE-2006-3242
CVE-2006-3334
Content of this advisory:
1) Solved Security Vulnerabilities:
- Acroread 7.0.8 problems - not affected
- libpng buffer overflow - not affected
- wget file overwrite and terminal characters
- mutt remove overflow by IMAP servers
- horde cross site scripting problems fixed
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
- Local root exploit in Linux kernel
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for
minor issues, SUSE Security releases weekly summary reports for the
low profile vulnerability fixes. The SUSE Security Summary Reports do
not list md5 sums or download URLs like the SUSE Security Announcements
that are released for more severe vulnerabilities.
Fixed packages for the following incidents are already available on
our FTP server and via the YaST Online Update.
- Acroread 7.0.8 problems - not affected
In SUSE-SA:2006:041 we reported that Acrobat Reader on Linux is
affected by the problem referenced by CVE-2006-3093.
Further information showed that this is not the case.
This means that Acrobat Reader 7.0.5 is not vulnerable to this
problem.
- libpng buffer overflow - not affected
The PNG developers released a new version of libpng, which fixes
a buffer overflow. This issue is tracked by the Mitre CVE ID
CVE-2006-3334.
Our investigations show:
- With the current interaction between libpng and zlib it is not
possible to get the error return code that triggers the buffer
overflow.
- The overflow would overwrite 2 bytes of stack padding (assuming
a default padding of 4 bytes).
- And last but not least it would be caught by _FORTIFY_SOURCE on
SUSE Linux 10.0 and newer products.
So no SUSE product is affected by this problem.
- wget file overwrite and terminal characters
A security issue was fixed in wget, where evil servers could send
terminal escape codes to the user calling wget. This would only
affect interactive sessions. (CVE-2004-1488)
Additionally the previous ".file" fix was found to be buggy and
replaced. This bug could lead to ".directories" not being retrievable
and "_files" being overwritten.
All SUSE Linux based products were affected by those problems.
- mutt remove overflow by IMAP servers
Mutt had a buffer overflow in IMAP name space parsing code which
may open a possible remote vulnerability (CVE-2006-3242).
This requires attaching to an "evil" IMAP server.
All SUSE Linux based products containing mutt were affected.
- horde cross site scripting problems fixed
Some cross site scripting problems where fixed in the horde
framework.
These are tracked by the Mitre CVE IDs CVE-2005-4190,CVE-2006-2195.
All SUSE Linux based products containing horde were affected.
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
- Local root exploit in Linux kernel
The Mitre CVE ID CVE-2006-2451 is referencing a local root exploit
using the prctl() system call.
SUSE Linux Enterprise Server 9, Novell Linux Desktop 9, Open Enterprise
Server, SUSE Linux 10.0, SUSE Linux 10.1 and SUSE Linux Enterprise
(Server and Desktop) 10 are affected by this problem.
We are preparing updates for this problem, but they will take at
least a week due to QA turnaround times.
Temporary Kernel updates can be gotten from our Kernel Of The Day
repository (unsupported):
SLES9, NLD9 and OES:
ftp://ftp.suse.com/pub/projects/kernel/kotd/sles9-<arch>/SLES9_SP3_BRANCH/
SUSE Linux 10.0:
ftp://ftp.suse.com/pub/projects/kernel/kotd/10.0-<arch>/SL100_BRANCH/
SUSE Linux 10.1, SLE10: No fixed kernel of the day available currently.
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and integrity of a
package needs to be verified to ensure that it has not been tampered with.
The internal RPM package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on RPMv4-based
distributions) and the gpg key ring of 'root' during installation. You can
also find it on the first installation CD and included at the end of this
announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ)
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBRLes1Xey5gA9JdPZAQI0Xwf/YCMtw5VYG8QixcmSR4ZtJHXRSHMYwFeq
76dNxtraBNYpnCZi+nfgJOQCDAsVZzXKbtDW/U5SAifkyDYnvOD6Vkaeo5OV2OP4
QN2t9+MqvGcAuoIXoPpPduS1a9br1lxm7TfFW2PZi9l4nH3P8P/FOa0yEPcPDC+6
i4SleWQHdAPHUoXuoF6bYZ4GTLC+TyrszeThnNMFyUUJ88hQanSBslpTewmPgcEx
aT3aAQj1pfuRSmsXuYorTV1tsIIkZLtZkAfkbk64H8zPX3paJPykx8I55198DFXW
lA/KklkYHQCBh12lzwT/J1FM30JIvOLsULhO2I3XsfKEte7tsnDCog==
=DTGr
-----END PGP SIGNATURE-----
1
0
SUSE Security Announcement: acroread remote code execution (SUSE-SA:2006:041)
by Marcus Meissner 04 Jul '06
by Marcus Meissner 04 Jul '06
04 Jul '06
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: acroread
Announcement ID: SUSE-SA:2006:041
Date: Tue, 04 Jul 2006 14:00:00 +0000
Affected Products: SUSE LINUX 10.1
SUSE LINUX 10.0
SUSE LINUX 9.3
SUSE LINUX 9.2
SUSE SLES 9
Vulnerability Type: unknown
Severity (1-10): 8
SUSE Default Package: yes
Cross-References: CVE-2006-3093
Content of This Advisory:
1) Security Vulnerability Resolved:
Acroread security upgrade to 7.0.8
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
Various unspecified security problems have been fixed in Acrobat
Reader version 7.0.8.
Adobe does not provide detailed information about the nature of the
security problems. Therefore, it is necessary to assume that remote
code execution is possible.
Adobe does not provide update packages for Acroread that are compatible
with some of our releases from the past. Therefore, updates are missing
(and might not be provided) for the products listed as follows.
As a solution to Adobe acroread security problems on older products
we suggest removal of the package from exposed systems and to use
the longer maintained open source PDF viewers.
- SUSE Linux Enterprise Server 9, Open Enterprise Server,
Novell Linux POS 9
Acrobat Reader 7.0.8 has a new requirement on GTK+ 2.4 libraries
(previously GTK+ 2.2).
Since the above products contain only GTK+ 2.2, the Acrobat Reader
7.0.8 provided by Adobe is currently not functional.
We have postponed the updates and wait for Adobe to clarify this
problem.
- SUSE Linux Enterprise Server 8, SUSE Linux Enterprise Desktop 1
These versions only support Acrobat Reader 5 and could not be
upgraded for Acrobat Reader 7 due to glibc and GTK+ requirements.
We discontinued security support for Acrobat Reader on those
products some time ago already.
This issue is tracked by the Mitre CVE ID CVE-2006-3093.
2) Solution or Work-Around
Please install the update packages.
You can also use the open source PDF viewer replacements, as for
instance xpdf, kpdf, evince, gpdf or similar programs.
3) Special Instructions and Notes
Please close and restart all running instances of acroread after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/acroread-7.0.8-0.4.i586.rpm
0a439b3541fec2329b55f3b9b3bc4858
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/acroread-7.0.8-1.1.i5…
76d13f4fd89e25549a363ae443cbab04
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/acroread-7.0.8-1.1.i58…
953a36fb273d1245a122ea9a0774fcc2
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/acroread-7.0.8-1.1.i58…
4691f003b517f23bad4b923f24f45133
Sources:
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/acroread-7.0.8-0.4.nosrc.rpm
cdf32850c4a770fe4458df7e78fd0dbe
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/acroread-7.0.8-1.1.nos…
76eb5e155e370109b0d55226e8b94895
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/acroread-7.0.8-1.1.src.…
e55b674570116b348ba7091f2b8b906e
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/acroread-7.0.8-1.1.src.…
97fdaba08621d339fdfde9b94db62a70
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
SUSE SLES 9
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/4bcb737ce757116…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBRKpxEHey5gA9JdPZAQJTzgf+IGvAswMRbi25ToZgdF9GmfsWckV/MR2Z
GNbKHarDKWJtpNrrhL/YQ9F/EDcZxKyYErZ3J7H3WMRIrutri7e064k019Ln2J6q
F1PQNE2Yv9OROF/5cSuZg1hA5ZEm37QslnSL6YQxV1hfj6zaacpqgXI+WLMg+1mz
le49xi3X9VygDt0pGgi7gLGHwEAAMNgZwSKxS1oO/piz3BcsWZcPK5/MCGEnBclz
/VNanZQhkZM/sbUQxikgQSVg2zfw8vDrjfANJ/hDRYRe4B4is93I9ZF7n7JoDyPD
97Ri1agGBDeiYy2TzEq8Ta0MNeKEIGMnPtJLxGoXhlS6Wmh+uuORig==
=5yN7
-----END PGP SIGNATURE-----
1
0
SUSE Security Announcement: OpenOffice_org remote code execution (SUSE-SA:2006:040)
by Marcus Meissner 03 Jul '06
by Marcus Meissner 03 Jul '06
03 Jul '06
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: OpenOffice_org
Announcement ID: SUSE-SA:2006:040
Date: Mon, 03 Jul 2006 16:00:00 +0000
Affected Products: Novell Linux Desktop 9
SUSE LINUX 10.1
SUSE LINUX 10.0
SUSE LINUX 9.3
SUSE LINUX 9.2
SUSE LINUX 9.1
SuSE Linux Desktop 1.0
Vulnerability Type: remote code execution
Severity (1-10): 8
SUSE Default Package: yes
Cross-References: CVE-2006-2198, CVE-2006-2199, CVE-2006-3117
Content of This Advisory:
1) Security Vulnerability Resolved:
OpenOffice_org security problems
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
Following security problems were found and fixed in OpenOffice_org:
- CVE-2006-2198:
A security vulnerability in OpenOffice.org may make it possible to
inject basic code into documents which is executed upon loading
of the document. The user will not be asked or notified and the
macro will have full access to system resources with current user's
privileges. As a result, the macro may delete/replace system files,
read/send private data and/or cause additional security issues.
Note that this attack works even with Macro execution disabled.
This attack allows remote attackers to modify files / execute code
as the user opening the document.
- CVE-2006-2199:
A security vulnerability related to OpenOffice.org documents
may allow certain Java applets to break through the "sandbox"
and therefore have full access to system resources with current
user privileges. The offending Applets may be constructed to
destroy/replace system files, read or send private data, and/or
cause additional security issues.
Since Java applet support is only there for historical reasons,
as StarOffice was providing browser support, the support has now
been disabled by default.
- CVE-2006-3117:
A buffer overflow in the XML UTF8 converter allows for a value to
be written to an arbitrary location in memory. This may lead to
command execution in the context of the current user.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please close and restart all running instances of OpenOffice_org
after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-2.0.2-27.12…
649b45c223e2eef491f3e89b457be3f2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-af-2.0.2-27…
09afa80d882ab9c1388139874e7107e9
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ar-2.0.2-27…
70d9cf35ca87e78f8a30821ba271ac30
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-be-BY-2.0.2…
d044a2f22c518322ea35388adb7d8bd0
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-bg-2.0.2-27…
37cac5cbe14215491e65f78fd7d1f013
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ca-2.0.2-27…
f458c2b61425e171b556a40e918d07db
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-cs-2.0.2-27…
0af5024dafc41d80456eb14950cbcdb5
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-cy-2.0.2-27…
ef66e97820d34e6f61c0f0dc61e0f690
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-da-2.0.2-27…
d8055edb875cd9fe2e5f441873c7b1f1
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-de-2.0.2-27…
1888f3c8225796823fb77a2ee40b7a3a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-el-2.0.2-27…
08114d9d40b506c69e8d801e4a7ed32c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-en-GB-2.0.2…
5fab3729eecc0464eb10b28469057989
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-es-2.0.2-27…
e4005f3cea8aabdd53be930297cd4f6d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-et-2.0.2-27…
d1e42f731b53e91831d408cd405368ac
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-fi-2.0.2-27…
c79f60fe55e03dd7cd6600f202187479
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-fr-2.0.2-27…
9c7972e70611f20134f9fe5475789717
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-galleries-2…
13ee2cd4fd0e32622bae32eaa1bf1256
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-gnome-2.0.2…
b979f10a559b5cb0e76c6933840af921
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-gu-IN-2.0.2…
2d0e850814a6283c5d179a33b1da7b2d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-hi-IN-2.0.2…
bce3d5bd63fc5e11789162c8fb223cee
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-hr-2.0.2-27…
e0afe5d68098a3bd247db2451315bb28
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-hu-2.0.2-27…
3a68ebbe6dc351903f6242618ad645fb
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-it-2.0.2-27…
570b6f273047682706dd3d4fe64f4bc7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ja-2.0.2-27…
70c75a7e0e15f701e35228c8d7ec8c55
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-kde-2.0.2-2…
c6a70315e98476882cf77a393efd6974
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-km-2.0.2-27…
3f5c0a8af36797b3a554d3a24b2c00ef
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ko-2.0.2-27…
160ea2698657b98e7e621d942919b65e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-lt-2.0.2-27…
d810b4aee9fe30edd0263cdae3196060
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-mk-2.0.2-27…
e511be49fe7e2c967e3da2905a3f7fbe
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-mono-2.0.2-…
82a12d481f04d019c0cec2209c2a2971
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-nb-2.0.2-27…
61d2b26bfa1f51afaf80ec617bf3e663
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-nl-2.0.2-27…
fa19baea78646e2b4991431d3ddfec27
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-nn-2.0.2-27…
66828e59320aa46d7e54a0f1235872c1
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-officebean-…
d23fa6f7f3913c13ba5b8bd1c04f0df8
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-pa-IN-2.0.2…
e57a48a0cc278bd99793defe4201eefe
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-pl-2.0.2-27…
eb6ef2bc250858f9b20db76c5cd706da
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-pt-2.0.2-27…
4e6209b8d5247782d9d84ad1f30d34fa
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-pt-BR-2.0.2…
0f191b0c65719f13b8f8f044f8f39e69
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ru-2.0.2-27…
10bc6833827d7ec7c07c4a8116a3d12e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-rw-2.0.2-27…
dfd0aca0d185b942c613e93acd48d8ce
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-sk-2.0.2-27…
c5cc18748bb6b9b6bca0435f07c7a253
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-sl-2.0.2-27…
cf1a3177bdedeff1ae1e491ac11530c1
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-sr-CS-2.0.2…
519ea269f02a82bfd1f8d958fa370738
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-st-2.0.2-27…
4003034be001b7775dca81ddb9a97a83
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-sv-2.0.2-27…
021db8f722c96457843f03d62b10a649
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-tr-2.0.2-27…
67a45bee7269d2ef389e583b7e3508e4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ts-2.0.2-27…
4d61096578a3755addedd9bbeffadaaa
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-vi-2.0.2-27…
fdb321de8e74127118b49a8d7ce41434
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-xh-2.0.2-27…
7cd9351904a78c9171694cd0b9e02f32
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-zh-CN-2.0.2…
deb40352002369f87ef792393b49ce86
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-zh-TW-2.0.2…
b797651549b5bb641e041980ff0a8141
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-zu-2.0.2-27…
b7d6c8f0289d43ea2f8faec91350aadc
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-2.0.0-…
da78f2aa9188797b1cd3e299b49209b5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-af-2.0…
caa54cab09c89e637f3f1c1df7a67dce
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ar-2.0…
48487a3fb8fa411db5d370f6aa6eafb7
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-be-BY-…
b4fdab8ecd23508fd55d277b2bb5f11a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-bg-2.0…
ff685813e964117486bc5c711db3e561
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ca-2.0…
deebd2abe143a43f48fda9a3446e41a5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-cs-2.0…
a49e6ccee5faf1add6910ad40e291b17
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-cy-2.0…
ec4c7b05bf68fe257a914cf2711ef5c8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-da-2.0…
1e942a4ba31edd58f1545f0df035c6f3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-de-2.0…
19a16d84bb786add605f3ad611598d7c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-el-2.0…
711ce212e0d745a208844dbb42742ab5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-en-GB-…
5609ba537669f78b844434631c40c3c7
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-es-2.0…
10f730be1719398ebbc333a42e7bb8f7
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-et-2.0…
ae5ccd77c6250a093710011aaebd58b2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-fi-2.0…
825f37194b7791ba2b26d724050d430b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-fr-2.0…
e87717e887825ef26215f5e00234914e
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-galler…
a08767175cbc2cb92fd43bdc85847d32
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-gnome-…
23bc8ec9d9be1f6713f27c79ceacbb49
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-gu-IN-…
17af1071ce462563c17edadc195c070f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-hr-2.0…
bef07a2731af1b2c8ebc54bc274b9cb7
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-hu-2.0…
70498b4072c1d36e97907947744a65cd
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-hunspe…
abafcf2c00d0a339632a1e8f45380a7d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-it-2.0…
65bdb71368174c3f2f14942be4d66544
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ja-2.0…
f9af53897841b85754a2c228beee72e1
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-kde-2.…
f8ceceef6b26f932435537e8f5062eb7
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ko-2.0…
95f52980240c4904ae35dc3d34e59363
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-mono-2…
971ac59d5c5e7fb123d710dadbace416
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-nb-2.0…
ff3ad25a65a8c463ebb1797b2ba9175b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-nl-2.0…
b550d2826df4ef2b806e9e719055a05e
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-nn-2.0…
db460e9c304252e2b7c986c958476d9e
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-office…
89c4e4cee07eb4b200f82151176f9c7a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-pa-IN-…
21e44d9925f756ff1898af3a864a93d6
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-pl-2.0…
84330671533bd4c5808487280dee2f5b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-pt-2.0…
e3ec47019c925d90393c91a5ddf25124
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-pt-BR-…
5fe40d8ac239fe2fda04b7b536bc49c1
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ru-2.0…
d6434c0982660b35cc6817f40b5c1c94
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-sk-2.0…
10c350525d66fd482edd5714622a7b69
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-sl-2.0…
f9a347406c614908c53f7cff130a1d30
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-sv-2.0…
b9873b16314f7d2af4ba13f7920a9a4d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-tr-2.0…
3248cb2fdde4037305da28bb83b41250
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-vi-2.0…
1fbc7f91551db60b1ee0698b3558ec11
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-xh-2.0…
a3e9ce2da19dc3a8e60408099191c477
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-zh-CN-…
983421f7b45c6ccc3abcdd17d951e768
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-zh-TW-…
6f4a51458731a1d160e30d40d0bb5e5c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-zu-2.0…
4b2421c9d8408c70017b097459e9a25c
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-2.0.0-1…
26b4d9dbc015942ccb19d701acb328df
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ar-2.0.…
338dbc688a48f9db20087d544340a14f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ca-2.0.…
b6cde4d6483eb17f7a925cbf153f8b83
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-cs-2.0.…
270729a1ddb07753e2eba7327763f136
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-da-2.0.…
50e03a4624b3401afa756881616676da
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-de-2.0.…
09aba02d13551ecd5ec002f3794b9d68
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-el-2.0.…
49dcfc49c4b53bd825fdea5491bcaf95
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-es-2.0.…
c950792706b2a595166ed94cad4c13ce
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-et-2.0.…
2b9e239e2bfed188f38ace3f2e263a2a
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-fi-2.0.…
e436591bb58f036d6dbc9c563b36bc60
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-fr-2.0.…
cafed2dbe15aeb4ee30ea34748f2b3aa
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-gnome-2…
7da16da80c36abf50270ae764bdf60f8
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-hu-2.0.…
1446b0f9bedb86b9fb62ad769ca52379
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-it-2.0.…
44fac316ec36214a9f5f82c11eebe910
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ja-2.0.…
b4692f2c954216c3e149a7464cde5574
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-kde-2.0…
c929442e498729484723c476a8956eea
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ko-2.0.…
9261e230d4ee41317585f55f74e6b4bd
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-nl-2.0.…
1fdcc5d6d3c6dfb30d0060c53adfc0ca
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-pl-2.0.…
de4fe2b074eace927af5814cb8d5e4ac
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-pt-2.0.…
303cc03f4ca6f1d4fc316abe5e9e087a
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ru-2.0.…
8923c18240d104c19849f9a3b5b719ca
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-sk-2.0.…
ede0ae1a4cf6a960d8529bb3b82b18ed
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-sl-2.0.…
b5ae3309f069c95bad88b1a39e47c33e
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-sv-2.0.…
442a18ee93e2bcdff52f7e92122747c3
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-tr-2.0.…
cebf0930ab9475628c176dc833c87055
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-zh-CN-2…
46d852b7681131e640dec1d11d9b5d67
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-zh-TW-2…
9a388bab6e2af9d100e2964dd87b5e34
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-1.1.3-1…
3404ebdb749babddc0065120e351da8f
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ar-1.1.…
5a2ab250098d10f224a08e9f85eb5038
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ca-1.1.…
824b17f0444ff9bbe255999a26c4d079
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-cs-1.1.…
4f8bb4aa2df22a21ec8971e14189e19e
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-da-1.1.…
02d3606b13e6757ad889d8baadaab914
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-de-1.1.…
d316856e7d15e533f6c9d058534e1406
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-el-1.1.…
f2b4121b81fa40240f1930363bac4a54
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-en-1.1.…
bcbe1e06359210be24e1614242b65f3c
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-es-1.1.…
0f4d6a6283e92889e17540b3a819dea5
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-et-1.1.…
a5554ef59fa8498def24ddb860fdd672
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-fi-1.1.…
30535e484bd1e0de6ce7822fd58c7c47
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-fr-1.1.…
21fd9ea2f970870b5fdbd5ac282b01d7
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-gnome-1…
04cbf860584bbfe640075912810d85b6
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-hu-1.1.…
b7d2bd841d972a08f82c3a25b04cc985
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-it-1.1.…
9df2f98463db7e68095bf70194739f62
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ja-1.1.…
13f7e1fbba69c93d6f8618322c0653f7
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-kde-1.1…
d795619af7d8b78d3c378ce8f06c4a6e
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ko-1.1.…
9ae90d991758549494e457b418bd582b
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-nl-1.1.…
c4df7b850627a94d1d7c497716da4a69
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-pl-1.1.…
cb20f834ad2004159efe572007c8252c
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-pt-1.1.…
84182e2dec58664fb4356f797e8bdec6
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ru-1.1.…
265f6aa28cfd6499eab7e7e5860a6b44
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-sk-1.1.…
97560149c00f283860b372c67e3700ca
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-sl-1.1.…
6f2864c9361f66457d8882d83b14b5b8
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-sv-1.1.…
0591dfed4d88e1d400230eaa0392f479
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-tr-1.1.…
666edec0b1a397ad2413ad72ebc6b4c1
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-zh-CN-1…
689edd2066ecf91916a1d4c7ba23aa99
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-zh-TW-1…
06c44a641a1b617d7c6b501688972655
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-1.1.1-2…
53e8171e949bc12da39a29388a118d44
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-ar-1.1.…
11814b3f46dc0be180421f5e1a79d12a
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-cs-1.1.…
a8c9285df1bbdc320b4c5b5aee056559
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-da-1.1.…
ddd367fa5f6cbb427e9d148115b49c34
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-de-1.1.…
7eaca9d4205c29926684f20d3eababb3
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-el-1.1.…
bdecfc05bde7573b0eb153fb05396f33
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-en-1.1.…
693d371adf34246154c1c4f181cbd32a
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-es-1.1.…
f52dd53e16f0a21e9136d99867a4db82
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-et-1.1.…
bedf5c2c7496cbcfc2ccd2ca7f6db9ca
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-fr-1.1.…
b49ccc9ba19ea53fe35c8d4e8f1f276f
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-hu-1.1.…
67c337e0dbba37f5d81a60f47dfd1eb9
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-it-1.1.…
3a45967f359fae8fc4f3c701ad2231fc
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-ja-1.1.…
4a91baac0693a23bc477136c2131fe1b
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-ko-1.1.…
3880ef7ef1f60165d43a10cd6a746426
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-nl-1.1.…
a5d9a200ae1c078217c62ee7a8a78b6e
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-pl-1.1.…
508f34526e700e9ddf0234d5cd587aa4
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-pt-1.1.…
bc160723b53a3c651737aebb251833bc
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-ru-1.1.…
5630cdd456d7325a74071c0eefff2018
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-sk-1.1.…
596010219ffb37e3df8d0f2a4c25d5af
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-sl-1.1.…
b5610c4117a7914cc52d718be3d43878
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-sv-1.1.…
adcfa58f60e1b0c75db2ac7e7da4bd0b
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-tr-1.1.…
f7e2ee28b2d37369edd474d44e44e4bc
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-zh-CN-1…
1ad1791f5b01cf29c3506c03b62ffaa8
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-zh-TW-1…
97b11b36c15d44d8f7f751a13692bf68
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-1.1.1…
53e8171e949bc12da39a29388a118d44
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-ar-1.…
11814b3f46dc0be180421f5e1a79d12a
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-cs-1.…
a8c9285df1bbdc320b4c5b5aee056559
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-da-1.…
ddd367fa5f6cbb427e9d148115b49c34
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-de-1.…
7eaca9d4205c29926684f20d3eababb3
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-el-1.…
bdecfc05bde7573b0eb153fb05396f33
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-en-1.…
693d371adf34246154c1c4f181cbd32a
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-es-1.…
f52dd53e16f0a21e9136d99867a4db82
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-et-1.…
bedf5c2c7496cbcfc2ccd2ca7f6db9ca
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-fr-1.…
b49ccc9ba19ea53fe35c8d4e8f1f276f
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-hu-1.…
67c337e0dbba37f5d81a60f47dfd1eb9
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-it-1.…
3a45967f359fae8fc4f3c701ad2231fc
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-ja-1.…
4a91baac0693a23bc477136c2131fe1b
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-ko-1.…
3880ef7ef1f60165d43a10cd6a746426
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-nl-1.…
a5d9a200ae1c078217c62ee7a8a78b6e
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-pl-1.…
508f34526e700e9ddf0234d5cd587aa4
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-pt-1.…
bc160723b53a3c651737aebb251833bc
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-ru-1.…
5630cdd456d7325a74071c0eefff2018
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-sk-1.…
596010219ffb37e3df8d0f2a4c25d5af
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-sl-1.…
b5610c4117a7914cc52d718be3d43878
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-sv-1.…
adcfa58f60e1b0c75db2ac7e7da4bd0b
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-tr-1.…
f7e2ee28b2d37369edd474d44e44e4bc
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-zh-CN…
1ad1791f5b01cf29c3506c03b62ffaa8
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/OpenOffice_org-zh-TW…
97b11b36c15d44d8f7f751a13692bf68
Power PC Platform:
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-2.0.2-27.12.…
e21cad16a35adad9fd8e3d0e7e9ab498
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-af-2.0.2-27.…
876b500b3f18de7c0d58ce88e2df20ce
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ar-2.0.2-27.…
23cbab6c8716578bff90a9e02e743025
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-be-BY-2.0.2-…
5a903ee3eb25bcb32777f6aec9bd175e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-bg-2.0.2-27.…
b292d0d57426a337922c24905eb5d750
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ca-2.0.2-27.…
f00188672e300175eb73f97aefa764d3
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-cs-2.0.2-27.…
91120c3c2e6b9c76f9cff151d78b8cd6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-cy-2.0.2-27.…
4258ff54ce0dcb002fd22a315e9e9f75
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-da-2.0.2-27.…
a012edaed3561ac90cb35bcfbc8bfd3d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-de-2.0.2-27.…
5a0e25512a8913b63aa13d8216fa5925
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-el-2.0.2-27.…
20134831a9f76cd62cb28a5e6522bc8b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-en-GB-2.0.2-…
56cf83797527301f0856027ce5ae8b8e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-es-2.0.2-27.…
fab867572119eeb6e7a1fb9d201ca858
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-et-2.0.2-27.…
581316fc893fbc3c15937e070fea5458
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-fi-2.0.2-27.…
3c49f9e412fda548b694d8ceadefbf2c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-fr-2.0.2-27.…
7523ade7b3403b9134968537c342af7a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-galleries-2.…
94e609de323fd6f11ef227f72a986e65
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-gnome-2.0.2-…
d6675d798537c7383a36b33d3731f03e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-gu-IN-2.0.2-…
0f5ee2d05b9de160f44368d75ec203ad
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-hi-IN-2.0.2-…
a9655d354b6cdd2dc9a7f7e77556b4ff
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-hr-2.0.2-27.…
40b670c08df5a37aeb5a8f83c6d4b896
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-hu-2.0.2-27.…
6807e1c5f023d405539f8625413e14a3
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-it-2.0.2-27.…
02293cd1817b99f636c88df6d9fd52cc
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ja-2.0.2-27.…
5269f63982b7b68278da1b69df3f2d57
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-kde-2.0.2-27…
f853f2d32b1f4c0f7ff805a0541cd106
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-km-2.0.2-27.…
835afe1890f61dd8b0b3bc52e4906a70
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ko-2.0.2-27.…
037e3fa756caeec84ec7f0834fbd976a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-lt-2.0.2-27.…
33047e34386cad97b73e10aa6d5eeb2f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-mk-2.0.2-27.…
4b84f8a6088ef595746854511bb6b233
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-mono-2.0.2-2…
b3bb797798bb3425c5c74117c83ade07
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-nb-2.0.2-27.…
2960798993563198a0a82dfcba836054
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-nl-2.0.2-27.…
77fbf36aa00f7ec5852417aa20e12b6d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-nn-2.0.2-27.…
30582274e6f6a11b53a9d612da184fb1
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-officebean-2…
4d4664bad0185d33dcf04069094ddabe
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-pa-IN-2.0.2-…
f41533305958c65ad9b49e0f2b7ea49b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-pl-2.0.2-27.…
11099b4a2a05f50c64fe0becdf02a7d3
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-pt-2.0.2-27.…
3f8b8b3c6f78152cf9b76086cd4587e9
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-pt-BR-2.0.2-…
c79c91f6bf2ca7fd9d2f82f996b1e347
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ru-2.0.2-27.…
24e59b2661985f3734648c8439419108
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-rw-2.0.2-27.…
51b6ffbeeae68502a59883a5b0672fed
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-sk-2.0.2-27.…
a5b6d505578753737ef297ea51c3ad01
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-sl-2.0.2-27.…
6b477f4856b761eea4f661e59d055803
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-sr-CS-2.0.2-…
9e1251123ec54c499caf01f19c501bcb
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-st-2.0.2-27.…
fe44fe3998f9d7a30d9a9127c284eb92
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-sv-2.0.2-27.…
c82836cdfe99eaa4c2ba82f37f93d72d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-tr-2.0.2-27.…
1e2fcbaa9f47748b446e1cd043de22bf
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ts-2.0.2-27.…
20db8260798bf038a591f649678945d7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-vi-2.0.2-27.…
8ef1e82d5bd643fd80e1c8bea67027da
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-xh-2.0.2-27.…
e8659fe51475a2c8fdf758eaa307846c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-zh-CN-2.0.2-…
99b5e6854a5d4c9d48f363add47628e0
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-zh-TW-2.0.2-…
ac398efb31231d9c8aa4ec858a36e6c6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-zu-2.0.2-27.…
33e7011b6af2919f2a12baacf208a9e6
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-2.0.0-1…
61d9d5bc7aac7849cb4cbfb8790f37a6
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-af-2.0.…
da05207bba91da697c94c488e3156889
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ar-2.0.…
d1bc8359d869f1a4172eb51020b3326a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-be-BY-2…
74053d44c643c03ffa40a6de76aa027d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-bg-2.0.…
c1725913b432af8f3ec439f04a40c7a2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ca-2.0.…
414d67ef5587e8ac8603bf2c425562a5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-cs-2.0.…
b52cfc169e34ddd48ab924ef83260764
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-cy-2.0.…
8454d64c4b93e4446597d7906508bf3c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-da-2.0.…
d5912a847b4f5b5785c998992e588ca8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-de-2.0.…
a96be7030a4ec3caea6b0546cd6bf8c9
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-el-2.0.…
470ae19a03ea33aac71519f175597f43
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-en-GB-2…
12e1b829b543c4de8f5cd30d6e7a2b11
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-es-2.0.…
07fe62feda63bd45b37b00b289cf4eee
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-et-2.0.…
0062b22b187ef897b7ba868653dac095
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-fi-2.0.…
f6d38c40d984ae481482374a8eab6c65
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-fr-2.0.…
b946608cdf61b99da92e1f5a671c2ff2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-galleri…
b49d7ae870ee8c00d051c5449fdaa7b1
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-gnome-2…
6bbe65a7e920012e5595dd6bfdef48c5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-gu-IN-2…
29972433d06db409d3af4e9856921faa
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-hr-2.0.…
677c7f83e4ab91c6396a910e955ac0ea
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-hu-2.0.…
4d08a84837dfc2a0e6b2329f6c172d0b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-hunspel…
5e3465a80a21b7632b21a35b83d4ed2c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-it-2.0.…
b37e2abd09b9a1c385f9cfeefc7cb918
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ja-2.0.…
b399f2a47aa9fdc09c26b34ccead77d3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-kde-2.0…
8ff6cc73c265b253c870a7b622f045f0
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ko-2.0.…
324bdcbc6d2e67e397e4fe025332fceb
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-mono-2.…
96c3db3801bd35886c95e7af67bb6449
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-nb-2.0.…
20b832a3190837501871d65011e0f7df
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-nl-2.0.…
29735fa76ba9ecb3a794052ed1bb6cd6
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-nn-2.0.…
93c364471320695312ce4f0d7e441fce
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-officeb…
45b09d3f52fab3ef3abf682d610400f5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-pa-IN-2…
5430ae8cc447a0f9cfc5e56f594e9aa3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-pl-2.0.…
d38c63c6e62b5acd962bb89cec6e7bcc
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-pt-2.0.…
7b197b21ad3473745726cb5cd034c73b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-pt-BR-2…
e4f5917800a94a1c9a220db9b20472c0
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ru-2.0.…
29b7170afbd030a79e3e165de7e70f5a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-sk-2.0.…
eb0cecbaa8ee9f990a60af2439d87247
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-sl-2.0.…
478c2c8b3e40d94e629372f43bd0b2da
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-sv-2.0.…
ecb2ac813fecdbe1fe0a30bf2b49343e
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-tr-2.0.…
85a276e3fd03f0dba981f5a8f27043f3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-vi-2.0.…
3aad86d3301f6306c5ac40dcc8f680d4
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-xh-2.0.…
0d8866b667cc40caba33c67c21d413a6
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-zh-CN-2…
d7d069ad57a36f21fc07919566dcf38b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-zh-TW-2…
abce5f68f7398e6a2465cd489a826f8b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-zu-2.0.…
d9a220df58f6b192ee2a23271dc4bbe4
Sources:
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/OpenOffice_org-2.0.2-27.12.…
b125986f9b6951f506ccfa47ee725f9e
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/OpenOffice_org-2.0.0-1…
38a6066b04cd70cb3f0b5a110ed61161
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/OpenOffice_org-2.0.0-1.…
86d35626732e626bd123b526d45df374
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/OpenOffice_org-1.1.3-16…
c9983e539cbd07f2c7e260e955b1896b
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/OpenOffice_org-1.1.1-23…
a0c54aa34852c50994e32b1c688ffd8c
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/OpenOffice_org-1.1.1-…
a0c54aa34852c50994e32b1c688ffd8c
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
SuSE Linux Desktop 1.0
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/fd3768697ff2063…
Novell Linux Desktop 9 for x86
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/9c33c18a6978aef…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBRKk2vney5gA9JdPZAQLpBgf+Pd6QTLMO1ZNDqDdi4jvrUW5tBNamyktZ
DS9oSrq1Pd0NiiZa4O1cbDVhphrpyKK32SjJG7yDfcj3Nnf4kFzXC7l0GZ+/6R6l
1xbLi0i+u5EPgU0NgV25+c/f+FST3CVeEpkzBaFF++l2yXPk6nMIDhA7VyLL9RGk
X8zikmN2QA9/wP6HSo7RytOpqguKSaSc2LL4OUfjJtw6f/ijeAWmuFjIv/f4uQG3
Uagak5q79F8udJ+Y6gSW/ohT4EKY4iQjH3StpywxUg47Tw8tRo1V71rRYP+vAhDA
4PwFoFZXAbbfzyveoSJv04TmtMtbgMyrjjxD70CA6BfUV3nbA5QCdQ==
=aHre
-----END PGP SIGNATURE-----
1
0
SUSE Security Announcement: kdebase3-kdm information disclosure (SUSE-SA:2006:039)
by Marcus Meissner 03 Jul '06
by Marcus Meissner 03 Jul '06
03 Jul '06
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: kdebase3-kdm
Announcement ID: SUSE-SA:2006:039
Date: Mon, 03 Jul 2006 16:00:00 +0000
Affected Products: Novell Linux Desktop 9
SUSE LINUX 10.1
SUSE LINUX 10.0
SUSE LINUX 9.3
SUSE LINUX 9.2
SUSE LINUX 9.1
SUSE SLES 9
Vulnerability Type: local privilege escalation
Severity (1-10): 7
SUSE Default Package: yes
Cross-References: CVE-2006-2449
Content of This Advisory:
1) Security Vulnerability Resolved:
KDM local information exposure
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The KDE Display Manager KDM stores the type of the previously used
session in the user's home directory.
By using a symlink a local attacker could trick kdm into also storing
content of files that are normally not accessible by users, like for
instance /etc/shadow.
This problem is tracked by Mitre CVE ID CVE-2006-2449 and was
found by Ludwig Nussel of the SUSE Security Team.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please restart all running instances of kdm after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kdebase3-kdm-3.5.1-69.23.i…
6b51aa1795da71a71119cf6aa6820153
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kdebase3-kdm-3.4.2-27…
5b36c9bc7cee1cdde72d7ad70860d596
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/kdebase3-kdm-3.4.0-28.…
f5a7cc054bf5223057e36aeef4bb2e55
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/kdebase3-kdm-3.3.0-29.…
e3b919080e181d5854526410675e116e
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kdebase3-kdm-3.2.1-68.…
247b449b8b6142ff9ee413acbd4efc57
Power PC Platform:
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kdebase3-kdm-3.5.1-69.23.pp…
6db4614fe15867245801e17c72e9c8bd
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kdebase3-kdm-3.4.2-27.…
6366c0536eb41220bd1686513fe6e2c1
x86-64 Platform:
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kdebase3-kdm-3.5.1-69.23…
6c31f10bd18a53f585a1cc6ac45ccbe4
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kdebase3-kdm-3.4.2-…
f606da7a6561ec09fbbb70a467da1790
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/kdebase3-kdm-3.4.0-2…
fece9cedbe4033094c62124d85fe37cd
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/kdebase3-kdm-3.3.0-2…
421cfc9dcacc8d1a59009cc849182297
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kdebase3-kdm-3.2.1…
3456c10099c7c075ef2653e750f0ad72
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
Novell Linux Desktop 9
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/c43d8bdde8ba418…
SUSE SLES 9
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/292ea0b25bd919e…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBRKkhr3ey5gA9JdPZAQJwGAf+J5wt1zWBdHvVTXWeqfh0rfSznNNiLSPz
D7S5JTXG+SG2vKUiF/Vi/CeD5W86CrT3MpHQyVNxrK9P12L5b08Fm5U5hhMwub7V
SJNWC79agPuFMNh0wNqSOhqsfMB/vSwGSdLQ3TnQLHIdAyredmXu0wE52v2BfjPW
HxuOVBRl5Cp4yFwMxWfmTfvqwNIyWdjF7HLzu0xtmYLZw4Mh09MvfnrzyhC3TxNO
fTzxs38Eki2EYdrIIHknnA02GNVLCMDblms4+9q5gAe+tlrVHnS91FJ3zO/qkSZD
4Q6YhosCsnjFZLHTWtZI7dNBlQE9JbEblXs0JdvwFbi9o992lYOh5g==
=wahD
-----END PGP SIGNATURE-----
1
0
SUSE Security Announcement: Opera 9.0 security upgrade (SUSE-SA:2006:038)
by Marcus Meissner 03 Jul '06
by Marcus Meissner 03 Jul '06
03 Jul '06
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: opera
Announcement ID: SUSE-SA:2006:038
Date: Mon, 03 Jul 2006 16:00:00 +0000
Affected Products: SUSE LINUX 10.1
SUSE LINUX 10.0
SUSE LINUX 9.3
SUSE LINUX 9.2
Vulnerability Type: remote code execution
Severity (1-10): 6
SUSE Default Package: no
Cross-References: CVE-2006-3198, CVE-2006-3331
Content of This Advisory:
1) Security Vulnerability Resolved:
Opera security upgrade to version 9.0
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The web browser Opera has been upgraded to version 9.0 to add lots of
new features, and to fix the following security problem:
- CVE-2006-3198: An integer overflow vulnerability exists in the Opera
Web Browser due to the improper handling of JPEG files.
If excessively large height and width values are specified in
certain fields of a JPEG file, an integer overflow may cause Opera
to allocate insufficient memory for the image. This will lead to
a buffer overflow when the image is loaded into memory, which can
be exploited to execute arbitrary code.
- CVE-2006-3331: Opera did not reset the SSL security bar after
displaying a download dialog from an SSL-enabled website, which
allows remote attackers to spoof a trusted SSL certificate from an
untrusted website and facilitates phishing attacks.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please close and restart all running instances of Opera after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/opera-9.0-1.3.i586.rpm
dbe4f7ebdc8cf6c136f353be8e548954
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/opera-9.0-1.3.i586.rpm
dc16c7c133a5d9a479552b8940735bbd
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/opera-9.0-1.3.i586.rpm
1eada48d9a4ccba242d9d8ec92872065
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/opera-9.0-1.4.i586.rpm
03715655bbc24e45645937fde9c9927a
Power PC Platform:
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/opera-9.0-1.3.ppc.rpm
ff66785910294364e7c0d043b48889dc
x86-64 Platform:
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/opera-9.0-1.3.x86_64.rpm
a4e2435b110a28d29650998a2f08eb22
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/opera-9.0-1.3.x86_6…
94af3ffd12a53616ecd3b7ec572279f5
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/opera-9.0-1.3.x86_64…
4f55ed7caeaa590436c8ad0344a24353
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/opera-9.0-1.4.x86_64…
e03753b7a7a0448a66073f2d83c8f2d4
Sources:
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/opera-9.0-1.3.nosrc.rpm
7f74b7b8d4756a99070f0c9c566ef81d
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/opera-9.0-1.3.nosrc.rpm
e984adc5a788c1ad8d7fcced4a29e237
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/opera-9.0-1.3.nosrc.rpm
efcf570644020fbb33be81a647fe478f
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/opera-9.0-1.4.nosrc.rpm
0c1d68b31fcbd9d45a10805d2a3cc1fd
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBRKkeKXey5gA9JdPZAQLRGwf/YCDkTd3lnkrJDH1ZsEiAjeekee96EPfz
5FQcTRPivrCikSSUzXHLBXBnaGi9Q/it0SqXnPs/hdePr3QxY7IOWKLrePS05bAY
qGR0eCWRpnvG7v7Q8vVrNnzvop44UMJXqq48KBLj29ACsr6SMjML8UNLKUWchgPV
s0ExrtounnErvRxrlaqg/M18or8vMb8JmEQvFUJgUSP6rDbNu6lIo4KE925ZF8C7
De2KzIHTmF/ulLv+1OhtyvsGmJtPQE/vcf0DFp0VbBzT2LWq3FKP46mNJ8gGJjiY
1UEamXhiUEeywTzfJ7cTiqfLYFFsYfpf/YMc+2CPTHCFzqPcXhxilw==
=EXm9
-----END PGP SIGNATURE-----
1
0