November 2007 - openSUSE Security Announce

[security-announce] SUSE Security Announcement: pcre (SUSE-SA:2007:062)
by Ludwig Nussel 23 Nov '07

23 Nov '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: pcre Announcement ID: SUSE-SA:2007:062 Date: Fri, 23 Nov 2007 14:00:00 +0000 Affected Products: SUSE LINUX 10.0 SUSE LINUX 10.1 openSUSE 10.2 openSUSE 10.3 UnitedLinux 1.0 SuSE Linux Enterprise Server 8 SuSE Linux Openexchange Server 4 SuSE Linux Desktop 1.0 SuSE Linux Standard Server 8 SuSE Linux School Server SUSE LINUX Retail Solution 8 SUSE SLES 9 Novell Linux Desktop 9 Open Enterprise Server Novell Linux POS 9 SUSE Linux Enterprise Desktop 10 SP1 SLE SDK 10 SP1 SUSE Linux Enterprise Server 10 SP1 Vulnerability Type: remote code execution Severity (1-10): 6 SUSE Default Package: yes Cross-References: CVE-2005-4872, CVE-2006-7227, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-4766, CVE-2007-4767 Content of This Advisory: 1) Security Vulnerability Resolved: pcre vulnerabilities Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: - See SUSE Security Summary Report 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Specially crafted regular expressions could lead to buffer overflows in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code as the user running the application. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please close and restart all running programs that link libpcre after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/pcre-7.2-14.… 638bc8ea3b3049bf8f018cbe2c636c8c http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/pcre-devel-7… 2aba0cac3367280a938bf7d0e75b811c openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/pcre-6.7-25.i586.rpm aae587979521d9215fcedeba6ffdd5d3 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/pcre-devel-6.7-25.i586.rpm 67e29afb709d1f1d3270cd259afc3302 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/pcre-6.4-14.12.i586.rpm f23b3c0a085307189770ef6446ddf95e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/pcre-devel-6.4-14.12.i586.… 360c141d251b19d20bc87f02c014ca85 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/pcre-6.2-2.6.i586.rpm a6d52c75af7b87f5839c93ad765fc471 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/pcre-devel-6.2-2.6.i5… 3127d163cb29fe4023d9ce7de694992f Power PC Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/pcre-6.7-25.ppc.rpm 31efc0735941f2ba8e378c5282715a14 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/pcre-devel-6.7-25.ppc.rpm 10a13246ef2f68b9b59a33e80bb50a7d SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/pcre-6.4-14.12.ppc.rpm 44ddec7ac85dbf91cb34afb089357d4d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/pcre-devel-6.4-14.12.ppc.rpm e8e6d6c2f78904a886114f635bf184a9 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/pcre-6.2-2.6.ppc.rpm 61f6f3eda12cfa2daab879ab39169d22 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/pcre-devel-6.2-2.6.ppc… 0e4859e31522fb242ffab6a07aaf77fa openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/pcre-7.2-14.2… a54e3a3eddaabc9f89d6019bb12f2081 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/pcre-devel-7.… 9043d0181ba37fc0c86fae3429f1cda0 x86-64 Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/pcre-32bit-6.7-25.x86_64… b4a5e803fba79cce1dca2f60fbf5c72c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/pcre-6.7-25.x86_64.rpm cb81d1ee51a9ad918168e986f16e028f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/pcre-devel-6.7-25.x86_64… 322c88af597a52657e403a7268e752d0 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/pcre-32bit-6.4-14.12.x86… 527b30661fa36d99d80cbd6e3051d45a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/pcre-6.4-14.12.x86_64.rpm 347cf67ca766245983a736af5529cc0d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/pcre-devel-6.4-14.12.x86… c8a3ba1109569e7bc39331c1ada22d43 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/pcre-32bit-6.2-2.6.… 11bff919ac213631e0b10838de3e2e74 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/pcre-6.2-2.6.x86_64… dd475be9f1d852b35907d540d1e1afe9 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/pcre-devel-6.2-2.6.… 8a09951c95692f97ae5772594e5f7f44 openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/pcre-32bit… 6132117b7d5c9c22564384d8e16447c4 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/pcre-7.2-1… 411c7ab54802ff8bf2abc03cea0d0d39 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/pcre-devel… 7856ed6adf0fc2d38e95777b8f050ee0 Sources: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/pcre-6.7-25.src.rpm f5fbd77e5a2bb3ab5b4e2079eb66c9f8 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/pcre-6.4-14.12.src.rpm 605123a0c31cb6019d0a71cc8f998bb5 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/pcre-6.2-2.6.src.rpm edea2557792769392a29bebef2136ea9 openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/pcre-7.2-14.2… 3ad3dbb6ba1fe69dd2b0bf265191e267 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: UnitedLinux 1.0 http://support.novell.com/techcenter/psdb/206d9e9430eb6c86c8470f0497fc9219.… SuSE Linux Openexchange Server 4 http://support.novell.com/techcenter/psdb/206d9e9430eb6c86c8470f0497fc9219.… SuSE Linux Enterprise Server 8 http://support.novell.com/techcenter/psdb/206d9e9430eb6c86c8470f0497fc9219.… SuSE Linux Standard Server 8 http://support.novell.com/techcenter/psdb/206d9e9430eb6c86c8470f0497fc9219.… SuSE Linux School Server http://support.novell.com/techcenter/psdb/206d9e9430eb6c86c8470f0497fc9219.… SUSE LINUX Retail Solution 8 http://support.novell.com/techcenter/psdb/206d9e9430eb6c86c8470f0497fc9219.… SuSE Linux Desktop 1.0 http://support.novell.com/techcenter/psdb/206d9e9430eb6c86c8470f0497fc9219.… Open Enterprise Server http://support.novell.com/techcenter/psdb/9992478cea3704f6f2c2f7741f3e12e2.… Novell Linux POS 9 http://support.novell.com/techcenter/psdb/9992478cea3704f6f2c2f7741f3e12e2.… Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/9992478cea3704f6f2c2f7741f3e12e2.… SUSE SLES 9 http://support.novell.com/techcenter/psdb/9992478cea3704f6f2c2f7741f3e12e2.… SUSE Linux Enterprise Server 10 SP1 http://support.novell.com/techcenter/psdb/ed2f85edfa5f04634eda2d480d600b13.… SLE SDK 10 SP1 http://support.novell.com/techcenter/psdb/ed2f85edfa5f04634eda2d480d600b13.… SUSE Linux Enterprise Desktop 10 SP1 http://support.novell.com/techcenter/psdb/ed2f85edfa5f04634eda2d480d600b13.… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: - See SUSE Security Summary Report ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security(a)opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe(a)opensuse.org>. opensuse-security-announce(a)opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe(a)opensuse.org>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iQEVAwUBR0bMVHey5gA9JdPZAQLFJQf+NqCTiv4/pRtXyQ9Jvk6FY3vD1+YOKon/ QtKi5Ohz+PDeSKbI1qrUvAlp8cfSRMIO8q9qYIjm8V4xw58aYOwmVe2lyWhAcd8A H2gZM/4KRCOYIZeOyOVXDac5aYjRKVJfmIs8PtuhJ5vKprZ9YiiY37EL0T7cCJ89 Yer7Yr2IUbUZsZs44snxpJyszrN2KxEvx2r46z37whYwOUAP3qVo4STwmQgb28Co iks4EdFfQMZVI7QUL2f2P9qwSFR+xClF41PIO4evF8lsrlQItnoMxctSQQw+ZRz0 bBCwqymHiiYJU5M8uCyM921fTyYYZ0xKoeKDcbNqgcCkzvhBB/RkkA== =04Jf -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE Security Summary Report SUSE-SR:2007:024
by Marcus Meissner 22 Nov '07

22 Nov '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2007:024 Date: Thu, 22 Nov 2007 18:00:00 +0000 Cross-References: CVE-2007-2741, CVE-2007-2865, CVE-2007-3227 CVE-2007-3999, CVE-2007-5116, CVE-2007-5162 CVE-2007-5707, CVE-2007-5708, CVE-2007-5728 CVE-2007-5770, CVE-2007-6035 Content of this advisory: 1) Solved Security Vulnerabilities: - cacti SQL injection bug - openldap2 remote denial of service - phpPgAdmin XSS problems - ruby SSL certificate verification process - perl regular expression buffer overflow - rubygem-activesupport XSS problem - yast2-core modules loaded from current directory - librpcsecgss also affected by GSSAPI problems - liblcms ICC profile parsing problem 2) Pending Vulnerabilities, Solutions, and Work-Arounds: - SUSE Linux 10.0 going towards end of support - Kernel Updates 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for the following incidents are already available on our FTP server and via the YaST Online Update. - cacti SQL injection bug A SQL injection bug in cacti was fixed. The issue is tracked by Mitre CVE ID CVE-2007-6035 and was fixed for SUSE Linux 10.0,10.1, and openSUSE 10.2, and 10.3 - openldap2 remote denial of service Multiple flaws were fixed that could cause the OpenLDAP slapd to crash (CVE-2007-5707, CVE-2007-5708). - phpPgAdmin XSS problems Several flaws in phpPgAdmin were fixed that could be exploited by remote attackers to perform cross site scripting (XSS) attacks (CVE-2007-2865, CVE-2007-5728). phpPgAdmin was fixed for openSUSE 10.2. - ruby SSL certificate verification process ruby was updated to improve the SSL certificate verification process. (CVE-2007-5162, CVE-2007-5770) Prior to this update it was possible to intercept SSL traffic with a man-in-the-middle attack. Fixed ruby packages are available for all distributions with ruby SSL support. - perl regular expression buffer overflow A buffer overflow in perl's regex engine was fixed. The issue is tracked by the Mitre CVE ID CVE-2007-5116 and fixed perl packages have been released for all distributions. - rubygem-activesupport XSS problem A cross site scripting (XSS) bug in rubygem-activesupport allowed attackers to execute Javascript code in the context of other web sites (CVE-2007-3227). rubygem-activesupport packages were released for all affected distributions. - yast2-core modules loaded from current directory A security bug in yast2-core was fixed that allowed local attackers to provide malicious yast2 modules to yast2 that are executed with root privileges. To trigger this vulnerability root has to execute yast2 in an untrusted directory (i.e. /tmp), since modules were searched in the current working directory first. Thanks to Stefan Nordhausen for reporting this to us. - librpcsecgss also affected by GSSAPI problems A security problem was fixed in the librpcsecgss library used by NFSv4 also found in krb5. A invalid packet could underflow and potentially cause memory corruption and code execution. (CVE-2007-3999) It is unknown if the problematic code path is exploitable for this package. - liblcms ICC profile parsing problem Several security bugs were fixed in liblcms that occurred while parsing ICC profiles in JPEG images. (CVE-2007-2741) Remote attackers can exploit this bug to execute arbitrary commands or cause denial-of-service. liblcms was updated for all distributions. ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds - SUSE Linux 10.0 going towards end of support Starting this week we no longer open new bugs for SUSE Linux 10.0. We currently drain the queue of the security problems known before and so draw towards end of support in some weeks. We strongly recommend upgrading to a newer openSUSE version. - Kernel Updates We are currently preparing kernel updates for SUSE Linux 10.1, openSUSE 10.3 and SUSE Linux Enterprise 10 to fix various security problems and lots of bugs. ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and included at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security(a)opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe(a)opensuse.org>. opensuse-security-announce(a)opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe(a)opensuse.org>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iQEVAwUBR0W//ney5gA9JdPZAQLw1wf/dcUCibO1L1Yms5Ei5V9n7+2+taWFkE/u e1JaO+cA3KxpzkGBs1+CWRs8vU66hR1iBCmypmqTC7VQYuVeb1pH9IFcYJ8cb7Dy y2FQwgCBHM/yVUHUqk+XhDLHFUTGJmt1pZ6XlQ0PU4mEtS6nkix7074vECEFdDIs Ba3U4nT5UIAUy/WWF5crsYRC/dK9fYdI8tvSyKXw4rQ0K9E3vLvIWkT0ifWzibXH feRcao5ozzbZhXrwvAcYDoy086JfC8Ohb9dMDICIxMdfSDeOD4f+gS/EIQXYNQCi y/ap/E/1i/APfd4EI5sZxrwodviQFyggLMWk31uypW2uddwelSHGiw== =Ep9N -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE Security Announcement: Apache2 (SUSE-SA:2007:061)
by Marcus Meissner 19 Nov '07

19 Nov '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: apache2 Announcement ID: SUSE-SA:2007:061 Date: Mon, 19 Nov 2007 16:00:00 +0000 Affected Products: SUSE LINUX 10.0 SUSE LINUX 10.1 openSUSE 10.2 openSUSE 10.3 SUSE SLES 9 Novell Linux Desktop 9 SDK Novell Linux Desktop 9 Open Enterprise Server Novell Linux POS 9 SLE SDK 10 SP1 SUSE Linux Enterprise Server 10 SP1 Vulnerability Type: remote denial of service Severity (1-10): 5 SUSE Default Package: yes Cross-References: CVE-2006-5752, CVE-2007-1863, CVE-2007-3304 CVE-2007-3847, CVE-2007-4465 Content of This Advisory: 1) Security Vulnerability Resolved: Apache2 security update Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Several bugs were fixed in the Apache2 web server. The update includes fixes for the following security issues: - CVE-2006-5752: mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset "detection". - CVE-2007-1863: mod_cache: Prevent a segmentation fault if attributes are listed in a Cache-Control header without any value. - CVE-2007-3304: prefork, worker, event MPMs: Ensure that the parent process cannot be forced to kill processes outside its process group. - CVE-2007-3847: mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. - CVE-2007-4465: mod_autoindex: Add in ContentType and Charset options to IndexOptions directive. This allows the admin to explicitly set the Content-Type and Charset of the generated page. and the following non-security issues: - get_module_list: replace loadmodule.conf atomically - Fixed broken SSLVerifyClient directive handling when global none and location required is configured (httpd-2.0.x-bnc-309234-ssl-renegotiation.patch) - Use File::Temp to create good tmpdir in logresolve.pl2 (httpd-2.x.x-logresolve.patch) 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please restart all running instances of Apache2 after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/apache2-2.2.… 5c8c9df8021bd8a694aa42797e11276d http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/apache2-deve… f966c45eebc55f68428f01f41145dde5 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/apache2-doc-… 674af92d099d49aeb97da101a59b5a54 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/apache2-exam… a61818ad152ada1384586c8d6d682435 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/apache2-pref… 99b3855e656257d508f502791f95b737 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/apache2-util… 3e0ed251e97f71eb79de2b9f40b5ef6a http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/apache2-work… 7fb58d2f212a21ed477e02d88c133c02 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/apache2-2.2.3-22.i586.rpm 7235203ca8ac86874993062cb8055cec ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/apache2-devel-2.2.3-22.i58… 7027d0c2d50727db5dacd5f7f3bd1b51 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/apache2-doc-2.2.3-22.i586.… 63e24ca84d66368d07c38512e8d3e689 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/apache2-example-pages-2.2.… f68c8e478409a4d3106087261f492c31 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/apache2-prefork-2.2.3-22.i… 60d5cc7dd1b496a37786328c539fbba2 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/apache2-worker-2.2.3-22.i5… 82c77419ee0669618aa74032639787c4 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-2.2.3-16.15.i586.r… fa372f2030dafbc087f8e6904fc94199 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-devel-2.2.3-16.15.… 3953ae7620b440074e3d6bcda8542f9a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-doc-2.2.3-16.15.i5… 5d0943d16c518dbbfb70f7613c0f5285 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-example-pages-2.2.… ecc80113c4c6ffbf16a43a544875a52c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-prefork-2.2.3-16.1… d9a13510699569f31aa13837f13c0cce ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-worker-2.2.3-16.15… 6c4192a439c08b36c5086256e3cea7dc SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-2.0.54-10.11.… 091ef2913f972c577ca470804761991d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-devel-2.0.54-… 4b8b2fdf841dd78afb6ed66df806682f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-doc-2.0.54-10… c4285393bfae18c8a8aa76adc066f7f0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-example-pages… 575370d77a6aa474801dfe748be8dcaa ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-prefork-2.0.5… 2ac341ed0fd1efdeeaf94dbd4b41dcfd ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-worker-2.0.54… 721ef7b8c9b2936f0d5755e2ceb12d11 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/libapr0-2.0.54-10.11.… f93e09aa56d15844d3e0f3f2fef0b0a1 Power PC Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/apache2-2.2.4… 5822f3f4b03f3dfed2c47f3b03fb84ef http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/apache2-devel… c01580c3d3b18ee107f9af256da78168 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/apache2-doc-2… d2b986597ca1f729180b144537a8f384 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/apache2-examp… 2b87684a499caf59634a0dd705410240 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/apache2-prefo… b254b288bcb012569191f83bfbaa3592 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/apache2-utils… 3edf8b35299e6120393f65db3b944aac http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/apache2-worke… 3436cd8e7382d0188c88110efd9e29b8 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/apache2-2.2.3-22.ppc.rpm f8cc68762ce82bdcb2c503c4bd44e5b4 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/apache2-devel-2.2.3-22.ppc.… e77d1a6df4400a83b9d94d3865ec5000 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/apache2-doc-2.2.3-22.ppc.rpm c2a037c51ec1a587f8e02060be004270 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/apache2-example-pages-2.2.3… 38ef0303016221abc2a6170820092a04 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/apache2-prefork-2.2.3-22.pp… 7437326442ef49366e2011998f4883fb ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/apache2-worker-2.2.3-22.ppc… 67946e186bc9b438a2b99a6600e8249f SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-2.2.3-16.15.ppc.rpm e3203037c0e40c291a976eb2a8c0a005 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-devel-2.2.3-16.15.p… c23b86f650def766fc1b5dc88239c6df ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-doc-2.2.3-16.15.ppc… 2bb41c7028ee1add49177cdfbc2598a8 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-example-pages-2.2.3… 63a215cdafdd04c02bbd6da1785f1c66 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-prefork-2.2.3-16.15… 0ae7b9db2af93c003da131f1de5f0e3d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-worker-2.2.3-16.15.… e73bebd39194db63dc8ef1f3c9692308 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-2.0.54-10.11.p… d2f143e0f5f3c6dfd7f556f248d8a161 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-devel-2.0.54-1… e3a558c28149cce559208adc1e711f39 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-doc-2.0.54-10.… bae6cc5055e326bc7745dcffb4864fd7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-example-pages-… 5da1a633415cf4e6bebf6b1de83f9cec ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-prefork-2.0.54… cf8509f873923b790ee563107ab39443 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-worker-2.0.54-… 29a9cd7beaacdb62867cf28ecfb51c41 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/libapr0-2.0.54-10.11.p… 3b064bf25a2fd96bcbefee39d2051222 x86-64 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/apache2-2.… f00fde9a612199222553f75c46b850ae http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/apache2-de… bbdb5ba9b585421086e896c16a1c8663 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/apache2-do… 5aca72f438d6b547a8304a4ae3a2cec4 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/apache2-ex… 56b34273507c4fa248303800068496c2 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/apache2-pr… 69a44af6621a069c5676936e0e7d1c80 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/apache2-ut… d221a9761f20f765a8a881a8722d4f1d http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/apache2-wo… 0bed20cf1ffe0c1610a932e6feea70d5 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/apache2-2.2.3-22.x86_64.… e20e2592936b656acd9bc4e02285caad ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/apache2-devel-2.2.3-22.x… 4c3a9b57c25ba81796e07cea71220f23 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/apache2-doc-2.2.3-22.x86… 773c46dbf9f15f8a5097bdb082035662 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/apache2-example-pages-2.… 2f90053a8d558a1c75935c0d8f7d971f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/apache2-prefork-2.2.3-22… 1c23283c9c58772caabcff9bc9b8f593 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/apache2-worker-2.2.3-22.… 61fadfbea6df5edfa127926cb4241e34 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-2.2.3-16.15.x86_… bbafcc8e9b50d4e189ca5ccccb12bc2e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-devel-2.2.3-16.1… de73de4831742604320b4e3b408c809c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-doc-2.2.3-16.15.… 3db00fd2bc76346e2a0f4fdec67f5ff7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-example-pages-2.… 6a22882d9f7c48ad8b778af742421748 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-prefork-2.2.3-16… 9e4d9ea5af9d4652efeb9d406a3ea241 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-worker-2.2.3-16.… b67b1d33e9cf96dee630e56b68119297 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-2.0.54-10.1… d054853641a6b9bad1f6e0c80242e3b7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-devel-2.0.5… c749946f6e2b95774ae8c18196bbaee2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-doc-2.0.54-… f87b2120dee766f8ce4ed1862768bb5f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-example-pag… c378911bd84c77220584023f7cd51842 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-prefork-2.0… 24da3223abd67a891183d76119b88073 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-worker-2.0.… dacc28aab90e427a3d9cb76b68d8d85e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/libapr0-2.0.54-10.1… 521736b4330c1af50db74f9d907abc30 Sources: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/apache2-2.2.4… cbb3f1e68039dea2f714c8dbb088baab openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/apache2-2.2.3-22.src.rpm 8f04f16102c1277bce0cf40e74446086 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/apache2-2.2.3-16.15.src.rpm 5feff920ab2101297d651ddf3bd59223 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/apache2-2.0.54-10.11.s… 69d8901debc6e5d2b49e811ef72dad10 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE Linux Enterprise Server 10 SP1 http://support.novell.com/techcenter/psdb/37e6149ffa4539f63a70576decf83a8b.… SLE SDK 10 SP1 http://support.novell.com/techcenter/psdb/37e6149ffa4539f63a70576decf83a8b.… Open Enterprise Server http://support.novell.com/techcenter/psdb/a5b67777faf570a7e001c677784ac7c7.… Novell Linux POS 9 http://support.novell.com/techcenter/psdb/a5b67777faf570a7e001c677784ac7c7.… Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/a5b67777faf570a7e001c677784ac7c7.… Novell Linux Desktop 9 SDK http://support.novell.com/techcenter/psdb/a5b67777faf570a7e001c677784ac7c7.… SUSE SLES 9 http://support.novell.com/techcenter/psdb/a5b67777faf570a7e001c677784ac7c7.… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security(a)opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe(a)opensuse.org>. opensuse-security-announce(a)opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe(a)opensuse.org>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iQEVAwUBR0GbMney5gA9JdPZAQJ/kwf/ZIxeLVvih7l8ztSlQJFsuiV3mf5f/vEk sQ04GBLGnLMdosyy9BECSx+nZ1uvOpGkEcexlkXsGEBlKiM+b69FNf5s/IAECMPE vieIVazwALDVnWQivqxQ/QxHdXhaoEKVeg2nkrwUxOnjUhRgD+BXqWMzJLXypGvG TJNH3FCyyn0q3EPUgbsS6C63bXliGnzyNMrQADmQDolCrBRgGGBooa+in1HJtDUF JcgoRrZQBSu8ghk0x0qyxt4SJovyQxcwu5L+2a8xqA070mbZNt72StMDUzCgRgYQ +PcsS+ZNRWNud5ENAbcs0x20k8gKHgkdzzJVyGUtjNHH16M1cE6D3Q== =83SQ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE Security Announcement: xpdf and more (SUSE-SA:2007:060)
by Thomas Biege 14 Nov '07

14 Nov '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: xpdf, kdegraphics3-pdf, koffice, libextractor, poppler, gpdf, cups, pdf, pdftohtml Announcement ID: SUSE-SA:2007:060 Date: Wed, 14 Nov 2007 16:00:00 +0000 Affected Products: SUSE LINUX 10.0 SUSE LINUX 10.1 openSUSE 10.2 openSUSE 10.3 UnitedLinux 1.0 SuSE Linux Enterprise Server 8 SuSE Linux Openexchange Server 4 SuSE Linux Desktop 1.0 SuSE Linux Standard Server 8 SuSE Linux School Server SUSE LINUX Retail Solution 8 SUSE SLES 9 SLES SDK 9 Novell Linux Desktop 9 Open Enterprise Server Novell Linux POS 9 SUSE Linux Enterprise Desktop 10 SP1 SLE SDK 10 SP1 SUSE Linux Enterprise Server 10 SP1 Vulnerability Type: remote code execution Severity (1-10): 8 SUSE Default Package: yes Cross-References: CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 Content of This Advisory: 1) Security Vulnerability Resolved: various security vulnerabilities Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Secunia Research reported three security bugs in xpdf. The first problem occurs while indexing an array in DCTStream:: readProgressiveDataUnit() and is tracked by CVE-2007-4352. Another method in the same class named reset() is vulnerable to an integer overflow which leads to an overflow on the heap, CVE-2007-5392. The last bug also causes an overflow on the heap but this time in method lookChar() of class CCITTFaxStream, CVE-2007-5393. All three bugs can be exploited remotely with a crafted PDF file with user- assistance only. These bugs do not only affect xpdf but also the following packages: kdegraphics3-pdf, koffice, libextractor, poppler, gpdf, cups, pdf, pdftohtml 2) Solution or Work-Around There is no work-around kown. 3) Special Instructions and Notes none 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-1.6.… 345b9fc437ddccee7bbc7a118b7ce34a http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-data… 50cb911ced9c672be30ded05b48f3942 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-data… 101cd80120c456a3f8f5b7a85c30b18f http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-data… e3419ea2ab82b7470264191f2495ae50 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-deve… d9a61346fd1e9829c0e5b43146d8ab31 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-extr… 57226a84bdac539541acc6ef68f8e389 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-illu… aa8db92e6d395490e585a05f1b5175e6 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-plan… 59568e18669a24bb621caf1e8914ba1c http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-pres… 7dad8ded2f0fc1a7af8056363fa29915 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-pyth… ee923a963e94d50589e2d3580f2d2021 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-ruby… e3c1cec13c238717b4d92d10de8e26bb http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-spre… 3ee30976dd32e57681f4f05985be492f http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-word… 3ced3acab9e78323b7963e480778ce40 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-1.2.7-12.7.i586.rpm 3139b546a5890ddd3b60450e75dbc51d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-client-1.2.7-12.7.i58… fcd1e373d7f2654a7d556a7811ba6570 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-devel-1.2.7-12.7.i586… d4d7da3c37248cd8184b9512a5055e8d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-libs-1.2.7-12.7.i586.… 2110078d83fa5c00b958bb40653afe1f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/gpdf-2.10.0-82.4.i586.rpm d1c6798825679d94e59688df358f2815 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-1.6.0-0.5.i586.rpm f32587afe52d45eef469ce50785492eb ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-database-1.6.0-0.5… 0d6740e3e482616347d25dfe8e2cd727 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-database-mysql-1.6… 4ecf867cae679b33c1829b5f42a1b8dd ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-database-psql-1.6.… 64e32dd5635929acb99f036d9fa8d458 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-devel-1.6.0-0.5.i5… 7a2d7b8597926351c970d2d9890bd70b ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-extra-1.6.0-0.5.i5… 7f7ff0e224a3157ecd1cc423fd98ee7a ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-illustration-1.6.0… a947d5b0ade3d46e9842d15a61d6afb7 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-planning-1.6.0-0.5… 65e341c9e3525d2b36b78a384ec488ce ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-presentation-1.6.0… caf05a8c0c5bba94bbdcaf8f86105d19 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-python-1.6.0-0.5.i… ccae69f1be81b548fd89665c3626ab25 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-ruby-1.6.0-0.5.i58… 795a1a93bb8a716f7ab93a1dca0f9f94 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-spreadsheet-1.6.0-… 4c65c50ce7fd907ce28492f8066540b8 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-wordprocessing-1.6… a57e21dc972fe61bc6924d0e227a3425 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/poppler-0.5.4-33.5.i586.rpm 27efb92fdaab89d4d3de4f6872009e31 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/poppler-devel-0.5.4-33.5.i… 6ffcfc677db7c4ca71762afd5907b046 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/poppler-glib-0.5.4-33.5.i5… 1776d3fadabd20ad55eb82ed1f2fce35 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/poppler-qt-0.5.4-33.5.i586… 7fb670644aeaba11aa5e5923edbf5aa3 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/poppler-tools-0.5.4-33.5.i… 9b610714ee13690ba236dfd2c126ce6f SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-1.1.23-40.32.i586.rpm acc52ac714e5c1bce043bb9e2b89c276 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-client-1.1.23-40.32.i… fc46c124fe8f712fcdba9cd2da992d5e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-devel-1.1.23-40.32.i5… aa8f7abf0bf4a292fbb3e7bc178fffb6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-libs-1.1.23-40.32.i58… f1cd69f6de248738a1389ce3ea559d1e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/gpdf-2.10.0-40.5.i586.rpm dd9e10c9c6f0bab6cb60a18315022873 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kdegraphics3-pdf-3.5.1-23.… aeded6042f620f83783c79d5a83af525 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/koffice-1.4.2-25.6.i586.rpm 9c9377a4c69cdf024759ab1ca56f21c7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/koffice-database-1.4.2-25.… 5d1f25e3480abf5892ccc339794303fc ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/koffice-devel-1.4.2-25.6.i… d55259530f75913fc17894ab5707135a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/koffice-extra-1.4.2-25.6.i… 47c8fd6deb6d090bf82f552e4ba81ef4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/koffice-illustration-1.4.2… d57dd054ce1db3c69fcac150367148cf ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/koffice-presentation-1.4.2… 4fc3f45b42fb6caea31c19450289e368 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/koffice-spreadsheet-1.4.2-… 96ea40119ee3243a290b91eae7ffe920 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/koffice-wordprocessing-1.4… 0a416a5887076e9dc67ec3fb853dd2a1 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/libextractor-0.5.10-12.8.i… a0cdb8d10e8952f09bafabebdf9e4d19 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/libextractor-devel-0.5.10-… 8554647e4b637218cac489b09bba7439 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/pdftohtml-0.36-145.7.i586.… c9352dfbc8ba32999e95a65d5770f681 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/poppler-0.4.4-19.15.i586.r… c9b3f757d1ffed8586e5843fdd9147c5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/poppler-devel-0.4.4-19.15.… a70ea528c7f4eb50f74b0391b1a0bc9a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/poppler-glib-0.4.4-19.15.i… cea69a83fec658a060d4a52a1d23118c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/poppler-qt-0.4.4-19.15.i58… 18b41e6fe3dff5f7e0b0d640b78dc5c3 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xpdf-3.01-21.13.i586.rpm e3db10905926a4e1b481fd326b5bb936 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xpdf-tools-3.01-21.13.i586… b5eb8a910e907b55882a6a42ddad03a7 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/cups-1.1.23-21.16.i58… ec1243638ea76085bb5a8c9df73653d6 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/cups-client-1.1.23-21… 50b3c3943fe6a1eb1cb9e17593f748e7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/cups-devel-1.1.23-21.… 54234448b3d0db73667c1f6b276a299d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/cups-libs-1.1.23-21.1… 4d079d49dc9357cafb6a64fc5152cf8b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/gpdf-2.10.0-12.9.i586… 0a2d2f1f72064c62dc80413bfbdcf703 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kdegraphics3-pdf-3.4.… 258f139a71c8006ab43bb832d1a94f02 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/koffice-1.4.1-10.8.i5… cdb035a67d437fb3124f5e5f4cb784ae ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/koffice-database-1.4.… 401abda58adacdcfea54a390bd352d25 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/koffice-devel-1.4.1-1… be8b1a1e2db7f8a22992454426a916b9 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/koffice-extra-1.4.1-1… ad76cacc749f0367578fbb86ac7b6580 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/koffice-illustration-… 17b618dff98200999ab1ee58667c7669 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/koffice-presentation-… eb9b6c32f04c0f904862f7db580a483b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/koffice-spreadsheet-1… b4b403407509d4f245fd5f1ce8793bbe ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/koffice-wordprocessin… dc55d423ff5e533ba0377aab6624284d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/libextractor-0.5.2-3.… 5324ebbb6ef34cb7f7749d14c80750d3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/libextractor-devel-0.… e98744ef62f5051a8e2ec5539faa02d1 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/pdftohtml-0.36-130.9.… 543f9c5c34239002ad9dad084d8d9f26 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/poppler-0.4.2-3.11.i5… d147aa24d4e32d13a391389793bfe2ee ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/poppler-devel-0.4.2-3… a9662c695d63c7e00804f2e5e6a0657d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/poppler-glib-0.4.2-3.… 7015b890e0f3f8bc96b738d11cc9bb70 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/poppler-qt-0.4.2-3.11… 398829577f90994e24235b8aac2dadbf ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xpdf-3.00-92.12.i586.… 794dd52eb09eb61263522e76f8a07178 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xpdf-config-3.00-92.1… ff01c1e7443172660ed96cbdc70a2b66 openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-1.2.12-… 99d398454307d0bb9651c0556c266de4 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-client-… 8d536a802caff84a4c33674338ea8fd6 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-devel-1… 0b05322b98d735ed6fc53bc485a69ead http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-libs-1.… ab1d24c8dbc4e44b23eea492a242131c http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kdegraphics3… 7687e5851a60c6ddb8f33d453da32fee http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/poppler-0.5.… 4dfe3d217e5a3c129fa679d0c1d92aab http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/poppler-deve… d2ac0b9e41c016cabd627d05bf23dfb3 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/poppler-doc-… cfaf2f7373dc0dc68f84d994e687758e http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/poppler-glib… 424858b37212f907089cfad5de7b8cbe http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/poppler-qt-0… 48b88d5c628ab89767b0ceaf16367260 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/poppler-qt4-… a72b86398e4c8f924ee431258d940c04 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/poppler-tool… f9b8b34307fc8efb3ce486c5bb006d5e http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/xpdf-3.02-19… 017f59801300ee3a066fd83f43907d6f http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/xpdf-tools-3… fb0f438f2934cbbdc548da9047d142e7 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kdegraphics3-pdf-3.5.5-43.… 7caa4cbc1b91a3301485af57ddd9a5f8 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/xpdf-3.01-58.5.i586.rpm cc0d179e1e098251b6f8577329d492fe ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/xpdf-tools-3.01-58.5.i586.… b131f47b0b03c9505591b72297543a8a Power PC Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-1.2.12-2… 5c8d0dbba4d3a2c52f7470f6597f3b81 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-client-1… d28ac94ab2404bef67bc250c12f1ace0 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-devel-1.… 7207b43ed41c64a6941ac7871ede2815 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-libs-1.2… 99025b49ba5188fc436a28bf28e1f87c http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-1.6.3… c46465a6c06ed2d7ce140488a88de4ff http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-datab… 40c262c6077013fbee1379ff410dd249 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-datab… 6db4bcb3539d644647ed76f4510196c2 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-datab… 0acd4821a10cfa6fc1a6d8b71eeccb4a http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-devel… 6f42a00518e26ec797f941a5da29ae0b http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-extra… 5ac0338ccaa929ce4df4ca0f9c141db2 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-illus… bf5300f4b23b22b38c50d9140b6752ff http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-plann… b219c99a1e02fba5d99d34747fc87034 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-prese… c1d54781fa2fca722b7ba4c0120840d1 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-pytho… f49791ebbf58d06ba59ceaf7535b8918 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-ruby-… 8c68ff90e5e767694d7853ca3f91f512 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-sprea… c3a47f1f523d324796ded308875e9102 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-wordp… dceba5d8e3a6e0f2523d444709bdea7d http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/poppler-0.5.4… c2ddfca6d3c6c2cd3f69b1beb5b6c1a1 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/poppler-devel… 9685ec456b37268f0542cee48c0961bb http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/poppler-doc-0… ec2430fdf37d1bcac92ef41854881938 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/poppler-glib-… 4e53105307081af61ada3c8ff11c4314 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/poppler-qt-0.… 59002b39b03487d4e6e1804c683a2009 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/poppler-qt4-0… d8547453f912b2d985dcb53da6c4ad2c http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/poppler-tools… d163b43a6f16399a46dd043005afab01 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-1.2.7-12.7.ppc.rpm d5e9ddfbd7b811d9459cb5b671445c72 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-client-1.2.7-12.7.ppc.… 4e4c6596b6818b21a67b9134dd998f52 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-devel-1.2.7-12.7.ppc.r… a412d9097883f31b3ead2ba465e919c6 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-libs-1.2.7-12.7.ppc.rpm f3372a6cbb2daf7dada17c33ccf0369d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/gpdf-2.10.0-82.4.ppc.rpm b098ef0e828d63fc29ab6761483a1d6e ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-1.6.0-0.5.ppc.rpm 63108fb82cd68fcf23ce8b7ff8b860d3 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-database-1.6.0-0.5.… d7c7cddb69a5c92cc940277ff2e5d56b ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-database-mysql-1.6.… e4beed6482eec0738f02d452043113c7 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-database-psql-1.6.0… 4a99a6a186a78c0ef1aa79e0679c0382 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-devel-1.6.0-0.5.ppc… 07a6f2eb9b197aaddd88e9edec159038 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-extra-1.6.0-0.5.ppc… 5569e1a150c99cad4a7df8df361a396c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-illustration-1.6.0-… 60860d2df788879d48e1f947abc9dd5f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-planning-1.6.0-0.5.… 2077e22ee8bc7d703abdc9e88b523d96 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-presentation-1.6.0-… 1be3341d5fda66008931839fdda98af3 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-python-1.6.0-0.5.pp… 9566edb0c094cda6f0af378be4a0c36f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-ruby-1.6.0-0.5.ppc.… 7240eb79ed72808956b4573fd2e39339 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-spreadsheet-1.6.0-0… ab184afc3c1f44e118b429d41ddfd7bf ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-wordprocessing-1.6.… 9a3e056f40bb3a7cd879f3d2fffe473c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/poppler-0.5.4-33.5.ppc.rpm 6359866d5eb9c408a137c5923527390f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/poppler-devel-0.5.4-33.5.pp… 1742432730bdfe5b90f7af7044a9580c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/poppler-glib-0.5.4-33.5.ppc… 8ec8bcaeff1d902440cbd9d478145f04 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/poppler-qt-0.5.4-33.5.ppc.r… 8316086b76ef18ac20928dba213f72f3 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/poppler-tools-0.5.4-33.5.pp… c3110578c4bfd602d8614053cdaf4b98 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-1.1.23-40.32.ppc.rpm 7363adf91be7ab49e6e028e7029f0a42 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-client-1.1.23-40.32.pp… 93dc51b76235951ede9c87153bae69c7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-devel-1.1.23-40.32.ppc… 02a21da5bc70d9bd569042e97e6a9041 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-libs-1.1.23-40.32.ppc.… 427c8c6805a14d323afb3f55ae04b25f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/gpdf-2.10.0-40.5.ppc.rpm 315537180b1afcd128782c8fa854cdbc ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kdegraphics3-pdf-3.5.1-23.2… 15d828b0a6031d77cb748cb4921342f7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/koffice-1.4.2-25.6.ppc.rpm 562b0a10ceb94fb9938db3ad3ae4a3fc ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/koffice-database-1.4.2-25.6… 66f9f2878e8dd0228e7dc58b78a15244 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/koffice-devel-1.4.2-25.6.pp… 8774f090aabe1b14c59c238f38c5065d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/koffice-extra-1.4.2-25.6.pp… 1542de8f27bc354d5c735fe28823baf0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/koffice-illustration-1.4.2-… 09a89a49802166ab99b962732dd62f94 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/koffice-presentation-1.4.2-… 72d0d79050ecf0a753ddfa0beb9ce6d3 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/koffice-spreadsheet-1.4.2-2… c4d5afe8d133a2535446a57b176e07e8 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/koffice-wordprocessing-1.4.… b025facfba70989f0efa6138922884e0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/libextractor-0.5.10-12.8.pp… 8619679086227f968d1485fd033b484e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/libextractor-devel-0.5.10-1… d4916edec0a030bbc0223fbf5cfcbdca ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/pdftohtml-0.36-145.7.ppc.rpm ee1d30e1b85f7cee33d6af21c4d60a80 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/poppler-0.4.4-19.15.ppc.rpm f360d766c27159cd6f212402cc417cfa ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/poppler-devel-0.4.4-19.15.p… 9a8537efa773694807482f5bf7c6e2bf ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/poppler-glib-0.4.4-19.15.pp… 70085493e667dcb327c3deda95ddfd75 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/poppler-qt-0.4.4-19.15.ppc.… 1efee1dd0305d73167f4cf15e7783293 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/cups-1.1.23-21.16.ppc.… 05677554dcf20a5758fbb1662d082d2d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/cups-client-1.1.23-21.… 4af3fa5c4e0bb2a80f0c0964897feb8c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/cups-devel-1.1.23-21.1… 7d961b475bc91d967a6c6edcaae15dd5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/cups-libs-1.1.23-21.16… 34461478b8fd187c6112a992dbce876f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/gpdf-2.10.0-12.9.ppc.r… 45fa4ad637365ac731173fd2a4b4d8c1 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kdegraphics3-pdf-3.4.2… 89269b47fd6d8a74a60f311ebb0ea835 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/koffice-1.4.1-10.8.ppc… b3ed69719ba604f5b20d2bcfd7adaec8 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/koffice-database-1.4.1… 7ec038f545472372e59313808a2e78da ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/koffice-devel-1.4.1-10… fca8fae942254a0591a88a2b9f62eb9a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/koffice-extra-1.4.1-10… 0f8355e0fe510ec19fe3fa19b636a76f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/koffice-illustration-1… adfba4f8d72a64da177253bff466ea3a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/koffice-presentation-1… 21475173bf9a07d88fb0184c9e89ea21 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/koffice-spreadsheet-1.… 79ad94202a0f2241916eee6580a9eccd ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/koffice-wordprocessing… fd7cc066f74cda44d5b7145f4b8a4b46 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/libextractor-0.5.2-3.1… 1a1c97efdd3ca7e04317d99a3401f8a3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/libextractor-devel-0.5… c3dc77c02148efe46d421109164c1d67 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/pdftohtml-0.36-130.9.p… 2344badfe361a3c41c592920725b6c78 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/poppler-0.4.2-3.11.ppc… 4bf5a271da0bbdbddd5d0d3ad4979019 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/poppler-devel-0.4.2-3.… af40a5f133d6824411087253f9d96cdf ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/poppler-glib-0.4.2-3.1… 4b1e4b1b9f5c0dd7085a0bc569b3a6df ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/poppler-qt-0.4.2-3.11.… f2e44da24faf378422a335eb6e0df005 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/xpdf-3.00-92.12.ppc.rpm fdab1249222934637fa2931f158bdb7a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/xpdf-config-3.00-92.12… 3033cef279012f7bbf2f53206e83ee7a openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/kdegraphics3-… 1e02a1cc8671a69063cfc530b675041b http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/xpdf-3.02-19.… dfebfbc234ba66a95bf40cff16f178d8 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/xpdf-tools-3.… 53da3ccfbced79e1b7a6b84deb4e4940 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/kdegraphics3-pdf-3.5.5-43.5… fd4e86bac9ae4825b2c19a28e9284daa ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/xpdf-3.01-58.5.ppc.rpm abb5e0e9a1754d53090b505bd5ca6841 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/xpdf-tools-3.01-58.5.ppc.rpm b0497d057c554e32636a2a5c7e39dcd0 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/xpdf-3.01-21.13.ppc.rpm 88f1ffe14587e59cb8ed22a79e174243 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/xpdf-tools-3.01-21.13.ppc.r… 90a7aab0e4e85f7ed88d4035b6ad8898 x86-64 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-1.2.1… db798f54006e2bb020bda6e07c9c839b http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-clien… ac838addf8742811763a6ca9a156a3ad http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-devel… 8d98a1a715487edad88522bf34928654 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-1.… 398a5dc9b0d85d2b49bb3975ff3972fc http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-da… 2a65f5f77d47fd093da8043698e024c5 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-da… a121a01ebe8707005bca703502ccfd6b http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-da… c0f2c9b3f0d7bff89e9c125df460349d http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-de… f47dc181c4f1b8a0a5ef0fb4df91af2f http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-ex… 916ae3c8779baea3f289f5b0d2d03e0b http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-il… 13e3ee1370ddf9b6f1573c0a2fc1a5e9 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-pl… b8b79bd27c10cc419f6886551053fcda http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-pr… 1232ed85c7652686eaa8821c0fa61f89 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-py… 5ff33163c9240f61d7089c7ffe5419fd http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-ru… 92e225958f54aac2f81a04d95666f95b http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-sp… 5840ecb3814f985a877afa7d2c265489 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-wo… 1731a2674faeaa449ddc6c332e8b9ee2 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/poppler-0.… 2cb89c938690ed47b045053a3f961cdd http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/poppler-de… ff45ab8b1d1ddb865e20ba8bc630b4d3 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/poppler-do… 32ad24d04ce07cb6210967ef2a218684 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/poppler-gl… 4538948820df8743f0ac58d965eb89ca http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/poppler-qt… 7356af830c07c536cf8a05c0550d42c5 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/poppler-qt… f5d472588965beddeff08a26e5709ba1 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/poppler-to… 3c5ea3b1be3272a8eea1bce56ab97915 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-1.2.7-12.7.x86_64.r… c6530c1a47a3781e8b201e19d8f73cf4 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-client-1.2.7-12.7.x… a190861fc22ca4bb9c55acbb17646a10 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-devel-1.2.7-12.7.x8… 5161aa8c8ee4f731fe905163fa41f30d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-libs-1.2.7-12.7.x86… f0faf1e2eae3cc92b26825fbcc679dda ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-libs-32bit-1.2.7-12… cdba07de0aae5cc0a5a210f0ec0a5087 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/gpdf-2.10.0-82.4.x86_64.… d43a3f67bf12c3c07bbc4d505cb14ef5 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-1.6.0-0.5.x86_64… 448bb6c4b54dbc2719fed891a2e247ad ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-database-1.6.0-0… 3194461b81d15364991e3f8cbadeaa61 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-database-mysql-1… 0cfd1b2ff0014d74f835b039e5c08cc7 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-database-psql-1.… 5339ed7818f7eea91e71ccfb07cdfa29 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-devel-1.6.0-0.5.… 90f19fa4f580c705abb29a49453e8335 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-extra-1.6.0-0.5.… 556c1bc238604fdcef4b2270fc4e1b18 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-illustration-1.6… b79732151bc28fce8d8140dc9f875b42 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-planning-1.6.0-0… 819046c20baa05a9629ac92004d45a86 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-presentation-1.6… 52782b1fa018ff1f95daecc10c90c226 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-python-1.6.0-0.5… 856f1b14fae9203d2eeca6a496522cbc ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-ruby-1.6.0-0.5.x… 63c1ae8f04c1dbca5530734ea33fc66a ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-spreadsheet-1.6.… c93f2de4cb8720efdc15a1563309498c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-wordprocessing-1… 7c977dd4c44e9c93437c23b4a7931840 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/poppler-0.5.4-33.5.x86_6… d60a2d793c368afb9e9748f5447630aa ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/poppler-devel-0.5.4-33.5… 565745e389a6177bbc26283448da9265 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/poppler-glib-0.5.4-33.5.… befb55ffb32b8d0640113b44289619e0 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/poppler-qt-0.5.4-33.5.x8… b182da6a5a80834d76e36ff2d20f6653 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/poppler-tools-0.5.4-33.5… 966cfc1fe6e35bd0f2e28be91fc45ee7 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/xpdf-3.01-58.5.x86_64.rpm a84388b11e820296c767cb0f53bc480e ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/xpdf-tools-3.01-58.5.x86… a6b0b0947a08e8bcc95e4cde42cf3922 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-1.1.23-40.32.x86_64… c3d5548c7284ca04019cacee9acef068 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-client-1.1.23-40.32… c4b8d812d27128aaa08149c42e984c4e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-devel-1.1.23-40.32.… c43e8b65de1a6919ff8e4c74c7c68912 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-libs-1.1.23-40.32.x… 8b15abe03e7073b4f75fe2988c7e352f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-libs-32bit-1.1.23-4… 59c51697c429d177ddd84ca3fb17d04e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/gpdf-2.10.0-40.5.x86_64.… d800fa04c985320eba3715420839a58c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/koffice-1.4.2-25.6.x86_6… b20be621c4300e54730bde79bab0f09c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/koffice-database-1.4.2-2… 731f1946155e7faa78523cc14256580c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/koffice-devel-1.4.2-25.6… a140863bdc008e22198dff13b9d4cd71 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/koffice-extra-1.4.2-25.6… 3bfdc8323c47e15820fc8e7858e1bb56 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/koffice-illustration-1.4… 27232c5e29b27afeabe7f143afcccdf2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/koffice-presentation-1.4… 8998efaf089c5ae19c698195aca7d709 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/koffice-spreadsheet-1.4.… d1027549f41c395de67f8eb235cb84c5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/koffice-wordprocessing-1… 867884ed8eba9fbdcb2f43cf8fc39f7f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/pdftohtml-0.36-145.7.x86… 0bcb0872571c7cbf9c85fdcd3abb6c2f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/poppler-0.4.4-19.15.x86_… 6e6d08f95393b8743f790d487d9700df ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/poppler-devel-0.4.4-19.1… 6f42fa404dfe94522458255bcb2fe177 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/poppler-glib-0.4.4-19.15… 63840c1f2fc72b0e166c59363306a86f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/poppler-qt-0.4.4-19.15.x… c0fc539382c6131f222240a0cde10f52 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xpdf-3.01-21.13.x86_64.r… 99ce1d5dce4a5d467f449cae9411dec3 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xpdf-tools-3.01-21.13.x8… 6bc3803ef8a6203de0746e8e963a99b3 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/gpdf-2.10.0-12.9.x8… 4583bdcbf24da0aee5c6aad32a301c19 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kdegraphics3-pdf-3.… b697a094acc332ca97946e2c0e28d2ed ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/koffice-1.4.1-10.8.… ff2007650a6d8a476d8cc921742bac6d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/koffice-database-1.… 86230439e099ab7fd4bbc64ecd975519 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/koffice-devel-1.4.1… 3a31219897f8038bb3b5415fba847d7c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/koffice-extra-1.4.1… c87f63ad83caee0a6fcb439888525361 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/koffice-illustratio… f44487854f5db1ab28450fbba3369dc9 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/koffice-presentatio… f48709f2361458bf3f1e54abf2800a54 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/koffice-spreadsheet… 586b8a4e36d86def75efa82bc2c8080b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/koffice-wordprocess… 27d1ce251e15cc9ac54a6842c6822695 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/pdftohtml-0.36-130.… c9972c827561139a292a8b7281fc6260 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/poppler-0.4.2-3.11.… a626a70e69a78722654e2ff2d544dc06 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/poppler-devel-0.4.2… 67ef5d7d094b4c49cda53de59a1ff999 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/poppler-glib-0.4.2-… a0ac4c32905bc83cf217e33204634e1e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/poppler-qt-0.4.2-3.… 51cf1ceb6ac86752032a22e0099279eb openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-libs-… b788beaf2e2ae37361bdc5b420dfa075 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-libs-… ced7d6bd72465631ba01e75efc3145c8 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/kdegraphic… 9fbf877336127b6518eb8b1bb39bd50e http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/xpdf-3.02-… d51f6a35885be7ffe42c2f84e9e6fa29 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/xpdf-tools… c66872283fe775d18e7bb2dadeaa09cf openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/kdegraphics3-pdf-3.5.5-4… 427260240fdba45fc8df5c1e0be6bddf SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kdegraphics3-pdf-3.5.1-2… 281c836d80a8608a34bd863a5daefc67 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/libextractor-0.5.10-12.8… fdc62e80dbf5985ec926d7ee77adacaf ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/libextractor-devel-0.5.1… d9f97225b832a9a72e988cae6bf4cb7d SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/cups-1.1.23-21.16.x… d5a78603c1442bf65c2f208533cb9764 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/cups-client-1.1.23-… 99f705eba6147315d51c0533b2fb6e83 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/cups-devel-1.1.23-2… c09fadb67d9a0e6480e5bac1b9830523 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/cups-libs-1.1.23-21… 7291280656b0d5d3350d1b1220b2b9c0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/cups-libs-32bit-1.1… 3ee9c987513ab47c9b1a9874a72e6d2a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/libextractor-0.5.2-… b5fe187c730fdf3a70eeb48ccd095334 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/libextractor-devel-… 0e70401d95af40abf551c1951d08741a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xpdf-3.00-92.12.x86… 8ad7892c5583102078e0280ade50f761 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xpdf-config-3.00-92… 10dee48a17eacc8677efb10ca7edfba8 Sources: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/koffice-1.6.3… 16cdde69c54cb6e4c43fa90dee334acf http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/xpdf-3.02-19.… f673a5531c0b28d5a85babd208c133e0 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/gpdf-2.10.0-82.4.src.rpm b3f4d5fe9c6b97c99e6067e2fef89c07 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/koffice-1.6.0-0.5.src.rpm 7f352604cfc9c8a0b17b145fb1de5f64 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/poppler-0.5.4-33.5.src.rpm 2f9dafedeeeed6fd8939ca5c916d8eb5 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/xpdf-3.01-58.5.src.rpm 22c4bf37a00ec2db9d06dd903329652f SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/gpdf-2.10.0-40.5.src.rpm bc3d105f128fdee4689f3793b0ee2264 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/koffice-1.4.2-25.6.src.rpm 996eed216c8233d537c35a421b23f210 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/libextractor-0.5.10-12.8.sr… 055e78d4bc54cee074d5bf4e66a0783e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/pdftohtml-0.36-145.7.src.rpm 83a2c6366986951cc45b08c4aa1de787 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/poppler-0.4.4-19.15.src.rpm 3b383c32560ee43846ca821c3d601719 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/xpdf-3.01-21.13.src.rpm 6e32dc03d7230b35fa868187196fc4c1 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/cups-1.1.23-21.16.src.… 863cbf45b51218986fde130175997631 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/gpdf-2.10.0-12.9.src.r… 0dfd0683799e36e611f3d5cb6bbe99a3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/koffice-1.4.1-10.8.src… 016563ef574d633c7cbc1f4bd002c4c1 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/libextractor-0.5.2-3.1… d246a7e37d0bf061d003987bf8fb75be ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/pdftohtml-0.36-130.9.s… 443b872f66b3409564c5f1710e8111d4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/poppler-0.4.2-3.11.src… 764a22bd492efa02b9d8ee785a912078 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/xpdf-3.00-92.12.src.rpm 74e9c8db3aecad8e589fc526b5596c13 openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/cups-1.2.12-2… fe08192401ae80dff9ebdd0a55c301b7 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/poppler-0.5.4… e9044572d4467639b5b3a1c228943b8e openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/cups-1.2.7-12.7.src.rpm afd13575bdd1f91c36efe37cfcd430a9 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/cups-1.1.23-40.32.src.rpm 81e2fa96bf4264f16c99f71c0c3da776 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: UnitedLinux 1.0 http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… SuSE Linux Openexchange Server 4 http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… Open Enterprise Server http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… Novell Linux POS 9 http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… SuSE Linux Enterprise Server 8 http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… SuSE Linux Standard Server 8 http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… SuSE Linux School Server http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… SUSE LINUX Retail Solution 8 http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… SUSE SLES 9 http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… SLES SDK 9 http://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.… SUSE Linux Enterprise Server 10 SP1 http://support.novell.com/techcenter/psdb/43ad7b3569dba59e7ba07677edc01cad.… http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… http://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.… http://support.novell.com/techcenter/psdb/3867a5092daac43cd6a92e6107d9fbce.… SLE SDK 10 SP1 http://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.… http://support.novell.com/techcenter/psdb/3867a5092daac43cd6a92e6107d9fbce.… SUSE Linux Enterprise Desktop 10 SP1 http://support.novell.com/techcenter/psdb/43ad7b3569dba59e7ba07677edc01cad.… http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… http://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.… http://support.novell.com/techcenter/psdb/3867a5092daac43cd6a92e6107d9fbce.… SuSE Linux Desktop 1.0 http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… http://support.novell.com/techcenter/psdb/da3498f05433976cc548cc4eaf8349c8.… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: Please consult our weekly security summary report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security(a)opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe(a)opensuse.org>. opensuse-security-announce(a)opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe(a)opensuse.org>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBRzsYnney5gA9JdPZAQLdoQgAioiZyQ4JhB9oEBTXvvxR4yI+1c4CmfKe ev3BJUI5qUpD1Q70vOEXHEtDeVQPkgBJ+sBnKLHieL2OXm8DE2+vIRm0nw6BGBPa avxGaQhtwuQiSuJkQWVEBYlatueqNCwb00Gj0lIg1AY0lMDyz0Z9nzIla9BVvIEE blY3JhXacRbWDlneXjSyYKlKSvKUjvGYqFNuRSN4h4hukEPJQG0rydZX7ldkO5IC DkLnw95mDMCBaN6KSCnp7yfLYHHGuql4ZKgH2MICqh+Ofh6oIF1lOBOQToTGYlnc TTp36JWNYpl7NkVqhvDpWojcZx+3HhKuhrfnDXJGyK5JDGXdiTsZ7A== =VHaT -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:2007:059)
by Marcus Meissner 09 Nov '07

09 Nov '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: kernel Announcement ID: SUSE-SA:2007:059 Date: Fri, 09 Nov 2007 16:00:00 +0000 Affected Products: openSUSE 10.3 Vulnerability Type: remote denial of service Severity (1-10): 7 SUSE Default Package: yes Cross-References: CVE-2006-6058, CVE-2007-4997 Content of This Advisory: 1) Security Vulnerability Resolved: kernel update Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The Linux kernel on openSUSE 10.3 was updated to fix a critical locking problem in the reiserfs code which lead to process deadlocks. This kernel update also fixes the following two security problems: - CVE-2006-6058: A local denial of service when mounting MINIX filesystems was fixed. - CVE-2007-4997: A 2 byte buffer underflow in the ieee80211 stack was fixed, which might be used by attackers in the local WLAN reach to crash the machine. and the following non security bugs: - Kernel update to 2.6.22.12 including fixes for: genirq, x86_64, Infiniband, networking, hwmon, device removal bug [#332612] - patches.drivers/alsa-hdsp-zero-division: hdsp - Fix zero division (mainline: 2.6.24-rc1) - patches.drivers/libata-ata_piix-properly_terminate_DMI_system_list: Fix improperly terminated array - patches.rt/patch-2.6.22.1-rt4.openSUSE: updated existing patch (RT only) - patches.drivers/alsa-hda-robust-probe: hda-intel - Improve HD-audio codec probing robustness [#172330] - patches.drivers/alsa-hda-probe-blacklist: hda-intel - Add probe_mask blacklist [#172330] - patches.fixes/megaraid_mbox-dell-cerc-support: Dell CERC support for megaraid_mbox [#267134] - patches.suse/reiserfs-use-reiserfs_error.diff: updated existing patch [#299604] - patches.arch/acpi_gpe_suspend_cleanup-fix.patch: ACPI: Call acpi_enable_wakeup_device at power_off (updated) [#299882] - patches.suse/ocfs2-15-fix-heartbeat-write.diff: Fix heartbeat block writing [#300730] - patches.suse/ocfs2-14-fix-notifier-hang.diff: Fix kernel hang during cluster initialization [#300730] - patches.arch/acpi_autoload_bay.patch: updated existing patch [#302482] - patches.suse/zc0301_not_claim_logitech_quickcamera.diff: stop the zc0301 driver from claiming the Logitech QuickCam [#307055] - patches.fixes/aux-at_vector_size.patch: Fixed kernel auxv vector overflow in some binfmt_misc cases [#310037] - patches.fixes/nfs-name-len-limit: NFS: Fix an Oops in encode_lookup() [#325913] - patches.arch/acpi_lid-resume.patch: ACPI: button: send initial lid state after add and resume [#326814] - patches.fixes/remove-transparent-bridge-sizing: PCI: remove transparent bridge sizing [#331027] - patches.fixes/fat_optimize-count-freeclus.patch: Make scan of FAT table faster [#331600] - patches.suse/reiserfs-remove-first-zero-hint.diff: reiserfs: remove first_zero_hint (updated) [#331814] - patches.drivers/aic7xxx-add-suspend-resume-support: aic7xxx: Add suspend/resume support [#332048] - patches.drivers/alsa-emu10k1-spdif-mem-fix: emu10k1 - Fix memory corruption [#333314] - patches.drivers/alsa-hda-stac-avoid-zero-nid: Fix error probing with STAC codecs [#333320] - patches.arch/acpi_ec_fix_battery.patch: Fix battery/EC issues on Acer and Asus laptops [#334806] - patches.suse/reiserfs-make-per-inode-xattr-locking-more-fine-grained.diff: fixed a bad unlock in reiserfs_xattr_get() [#336669] - patches.fixes/ramdisk-2.6.23-corruption_fix.diff: rd: fix data corruption on memory pressure [#338643] - patches.drivers/add-wacom-pnp_devices.patch: wacom tablet pnp IDs to 8250_pnp.c [#339288] 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes If you are using the GRUB bootloader, please review the /boot/grub/menu.lst file after the update for correctness. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kernel-bigsm… 1a12e1aacec911f5c08279f5ef98847f http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kernel-debug… 4a53ab56b281fd86dd0d206d512731f7 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kernel-defau… 960032b6e3c89616bb12e2e92cb8aef6 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kernel-sourc… 390ad049b12300321fe35bcdb88b7c31 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kernel-syms-… 3056141e73f37a521c52bb55fcd76006 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kernel-xen-2… 89d63df290a8f2e2dc7ceb85f77d6533 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kernel-xenpa… 443f87738be5368e7bb28936157c6c01 Power PC Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/kernel-defaul… b776981525527e92dc461b20cd54a4e5 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/kernel-kdump-… 35391438b5df1eb49874929b41063b89 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/kernel-ppc64-… 3052960e883737aa3c29a9633e1e0ea8 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/kernel-source… e1aaee8d102ab448f1e2111b7c3bcb87 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/kernel-syms-2… f3a79e7be26c2ed4f4112cee14bb7a78 x86-64 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/kernel-deb… 867bdea7dfd4a643a424e46b82bbe912 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/kernel-def… 0df6d8269e9b2674c34fb609942fbf32 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/kernel-sou… 5cfd1c3745f1d7ad329eb94393df990e http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/kernel-sym… 5c368bbe01e6667f8234677a010d5764 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/kernel-xen… b5b3b7cb20914407296ec87e8437cf20 Sources: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-bigsmp… b6c70308122a82a656574d4198437ee0 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-debug-… f1bd6bd6399346959919679c15766bdd http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-defaul… 7fb25a4f00225b2430eb41221e09bacc http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-kdump-… f1941735af850af06c542469c6b16a3d http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-ppc64-… f89babffcbfc64cc8efbe16283ddfdca http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-source… a1c6fa14f08682419b8f4f5fc5e0b8a4 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-syms-2… 75c585e0a4276542dd6828080aa7f29c http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-xen-2.… cf5c174deb9b4588e3b7708236d9cb8c http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-xenpae… b7685baa4f3cabcbe5c9291edfde1c39 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security(a)opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe(a)opensuse.org>. opensuse-security-announce(a)opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe(a)opensuse.org>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iQEVAwUBRzR18ney5gA9JdPZAQLiHAf+NfKtRwQFfblmrIXE55s8/p7X2jfAdalY /1H3J/uBi4ols6a6hnvbeI+obuF7x3wxtv/fVWAsMCI/jAKJ8Jqm9Qtx9T88ARKX XFjrGrA4RGrF7XwCM5l8RAhsaMgujS3MvzU1M/tydu3f4BWIIkSwsrX3FZeq/3jr M65NPHgjx3m/vxuqPv4za7os8aiCe3EyBgydd4k/yvnOIbjSG1vNG7gFlteytxJp eM2N5pgz1gbw/Yi2NyUDLP5wVa5CXHBe90RBhRj7IT6w8eryxaKbbUQG1BJakik6 hUTgdH5cFyPII0h8aKJ2FvLlveEnhHuoCmbsa5VBLxcAPaZyesfVpQ== =65+4 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0