March 2007 - openSUSE Security Announce

SUSE Security Summary Report SUSE-SR:2007:005
by Marcus Meissner 30 Mar '07

30 Mar '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2007:005 Date: Fri, 30 Mar 2007 16:00:00 +0000 Cross-References: CVE-2007-0450, CVE-2007-0855, CVE-2007-1246 CVE-2007-1536, CVE-2007-1560 Content of this advisory: 1) Solved Security Vulnerabilities: - xine-lib overflow in w32 codec handling - tomcat directory traversal - unrar password handling stack overflow - squid remote denial of service - file integer underflow 2) Pending Vulnerabilities, Solutions, and Work-Arounds: - Month of PHP bugs 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for the following incidents are already available on our FTP server and via the YaST Online Update. - xine-lib overflow in w32 codec handling The DirectShow code in xine-libs Win32 interface uses wrong parameters in the memcpy function call which leads to a buffer overflow if it can be triggered by the codec. CVE-2007-1246 has been assigned to this issue and updates have been released for all SUSE Linux based products containing xine-lib. Note that if you do not have w32codecs installed you are not affected. - tomcat directory traversal Certain characters of the URL were not properly filtered in the Jakarta Tomcat server. This allowed directory reverse traversal attacks to access the web-root of tomcat. Updates were released for SLES 10 and SUSE Linux 9.3 up to 10.2, the updates for SLES 9 are still pending. This problem is tracked by the Mitre CVE ID CVE-2007-0450. - unrar password handling stack overflow A stack-based buffer overflow in unrar was fixed that can be exploited with user-assistance by sending a password-protected archive. This problem has been fixed for all affected products and is tracked by the Mitre CVE ID CVE-2007-0855. - squid remote denial of service A remote denial of service problem in Squid 2.6 was fixed which could be used by proxy users to crash a squid instance (which however immediately restarts). This problem has the Mitre CVE ID CVE-2007-1560 and was fixed for openSUSE 10.2. Older products are not affected by this problem since they contain Squid versions before 2.6. - file integer underflow An integer underflow within the ELF header parsing in "file" has been fixed which could lead to arbitrary code execution. CVE-2007-1536 has been assigned to this issue and updates were released for all SUSE Linux based products. The glibc heap checking code detects the corruption and terminates the program, so it is unclear if code execution is even theoretical possible. ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds - Month of PHP bugs We are following the Month of PHP bugs closely and collect the reported problems. Once the month of bugs is over, we will release updated PHP packages. ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and included at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security(a)opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe(a)opensuse.org>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBRg0frHey5gA9JdPZAQLMmQf9GYQJT80acgQwEcgb/gAyNZf+XsKN06cf cUjizhAkH3x8cRt4c7CFtGzpDIlruEP9KIn6GpPTly9Ru2El2QcaX6SQHra3H5jQ HYlVL6G/itKqBysVAC+ZtAjV0RJGXTkQOvFjUzNwiNioXpUiCfG4IdpGWfJnWUME xLyX5549gNHt+aipbtrzJieiZY05x7BEU81cRkYYXC/bSg3d9h26n9gMdOFk081Z T03SWnvlVZUY7AFNBL0tgYgeO5Xry9f6hkpAe5OiIpkRj67LG0EG8OZFV8tVL3f4 J6vHn/HzenilKvbcjjs6b0RtLsfNoR0/F5rwBeI3opjJpa2GK5VIJg== =sWoK -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: gpg (SUSE-SA:2007:024)
by Marcus Meissner 30 Mar '07

30 Mar '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: gpg Announcement ID: SUSE-SA:2007:024 Date: Fri, 30 Mar 2007 13:00:00 +0000 Affected Products: SUSE LINUX 9.3 SUSE LINUX 10.0 SUSE LINUX 10.1 openSUSE 10.2 UnitedLinux 1.0 SuSE Linux Enterprise Server 8 SuSE Linux Openexchange Server 4 SuSE Linux Desktop 1.0 SuSE Linux Standard Server 8 SuSE Linux School Server SUSE LINUX Retail Solution 8 SUSE SLES 9 Novell Linux Desktop 9 Open Enterprise Server Novell Linux POS 9 SUSE SLED 10 SUSE SLES 10 Vulnerability Type: signature bypassing Severity (1-10): 5 SUSE Default Package: yes Cross-References: CVE-2007-1263 Content of This Advisory: 1) Security Vulnerability Resolved: gpg signature bypassing Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion When printing a text stream with a GPG signature it was possible for an attacker to create a stream with "unsigned text, signed text" where both unsigned and signed text would be shown without distinction which one was signed and which part wasn't. This problem is tracked by the Mitre CVE ID CVE-2007-1263. The update introduces a new option --allow-multiple-messages to print out such messages in the future, by default it only prints and handles the first one. gpg2 and various clients using GPG to check digital signatures are affected too, but will be fixed separately. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes None. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/gpg-1.4.5-24.4.i586.rpm 7e8844844d89dec746bb0f2e6faecd4f SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/gpg-1.4.2-23.16.i586.rpm 0a26653f3fa65d46e4e192539c7ace01 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/gpg-1.4.2-5.14.i586.r… 758b8a3198153d484ec09a6b1d760fb2 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/gpg-1.4.0-4.14.i586.rpm 447e593b1328e0a8c0900c525be488f5 Power PC Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/gpg-1.4.5-24.4.ppc.rpm 2a709e1eb6a22ace9eeba678a771ccff SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/gpg-1.4.2-23.16.ppc.rpm 0258f25101194c8ed1d39511748baef5 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/gpg-1.4.2-5.14.ppc.rpm d8c8873e538881723d7b98cafc6402ea x86-64 Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/gpg-1.4.5-24.4.x86_64.rpm 2535c0dd40a972c7e028ac0d60d00aeb SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/gpg-1.4.2-23.16.x86_64.r… 88ab493766d181b2aeb85e9ba41d0f04 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/gpg-1.4.2-5.14.x86_… c8abc6fc65e284c64f4259d8d50dd1b8 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/gpg-1.4.0-4.14.x86_6… 0c5aa6ad775f5746256d7960adbeb86b Sources: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/gpg-1.4.5-24.4.src.rpm 3fd3ae52f6a004a24d2fd4d822a88d67 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/gpg-1.4.2-23.16.src.rpm b691ff4ff478979dfe5dc1e0f6534272 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/gpg-1.4.2-5.14.src.rpm e05305b96b232bef94eaa06249471c51 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/gpg-1.4.0-4.14.src.rpm 9bc52a7b1845bbeb23858b92696fe67b Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: UnitedLinux 1.0 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.… SuSE Linux Openexchange Server 4 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.… Open Enterprise Server http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.… Novell Linux POS 9 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.… Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.… SuSE Linux Enterprise Server 8 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.… SuSE Linux Standard Server 8 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.… SuSE Linux School Server http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.… SUSE LINUX Retail Solution 8 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.… SuSE Linux Desktop 1.0 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.… SUSE SLES 10 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.… SUSE SLED 10 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.… SUSE SLES 9 http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security(a)opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe(a)opensuse.org>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBRg0ZHXey5gA9JdPZAQL+xAf/fA9fdLf8gUOP3dd6zgy0GcAewFbmEpxg mk1hxDq9zlDLvwXb6fmW13lf70ptVjqmLuEOe5hOqaQCUrg0pJxhPAbJlL3UMHua 3aKnruZ3+OS1azG7+1ZPS6KmNOfK3nvtHMJKaT8NJkZFsPrXJ3oCSNr50MhH3Czp ZiUIoLQGw037KBDx8gtYZR01f170hARS12AG6kbgfh51NcVe4ULOT4Yf5OlYv+PV RijkxX1Lg1Ay/9iiGpG1Ip2dCER2LDQd65NvK4qkY3MCeng7ZEPnhvHBDlQSjFil DsZtrW4sW8+WoYIaWvFa6+QKwignGJ+6CQhbhBM6o8ddU9Q58pQFVQ== =3t2p -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: OpenOffice,libwpd security problems (SUSE-SA:2007:023)
by Marcus Meissner 21 Mar '07

21 Mar '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: OpenOffice_org,libwpd Announcement ID: SUSE-SA:2007:023 Date: Wed, 21 Mar 2007 11:00:00 +0000 Affected Products: SUSE LINUX 9.3 SUSE LINUX 10.0 SUSE LINUX 10.1 openSUSE 10.2 SuSE Linux Desktop 1.0 Novell Linux Desktop 9 SUSE SLED 10 SLE SDK 10 Vulnerability Type: remote code execution Severity (1-10): 6 SUSE Default Package: yes Cross-References: CVE-2007-0002, CVE-2007-0238, CVE-2007-0239 Content of This Advisory: 1) Security Vulnerability Resolved: libwpd and OpenOffice_org security problems Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Several security problems were fixed in the Wordperfect converter library libwpd and OpenOffice_org: For SUSE Linux 10.1 this aligns the version with the one shipped with SUSE Linux Enterprise Desktop 10. - CVE-2007-0002: Various problems were fixed in libwpd in OpenOffice_org which could be used by remote attackers to potentially execute code or crash OpenOffice_org. This library is shipped stand-alone in openSUSE 10.2, but included in OpenOffice_org packages in previous distributions. - CVE-2007-0238: A stack overflow in the StarCalc parser could be used by remote attackers to potentially execute code by supplying a crafted document. This was reported by NGS Software to the OpenOffice team. - CVE-2007-0239: A shell quoting problem when opening URLs was fixed which could be used by remote attackers to execute code by supplying a crafted document and making the user click on an embedded link. Also support for the ODF - OpenXML converter was added to the OpenOffice_org packages. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please close and restart all running instances of OpenOffice after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/OpenOffice_org-2.0.4-38.3.… 2a9af072e8368ed8c0e5db589c4a22d5 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/OpenOffice_org-gnome-2.0.4… 72f30dd775b281aa45fa19920d4d4497 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/OpenOffice_org-kde-2.0.4-3… babbf2585f90a0aae16807b288673504 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/OpenOffice_org-mono-2.0.4-… f2f5a4c9589fa575a9498044d1a49d03 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/OpenOffice_org-officebean-… ad1120bb3611148d4b4134b32e5c9eec ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/libwpd-0.8.8-4.1.i586.rpm cadf625739907eb685306dcb3d083ebf ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/libwpd-devel-0.8.8-4.1.i58… c02b7a5ea74d0baa7b12a3dd2eea6564 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-2.0.4-38.2.… d7533eb1aaa254395e0245a1b4019341 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-af-2.0.4-38… 009e2aebb099281672cb7f9b70c0db10 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ar-2.0.4-38… 78faa57a6fbf164fa65eb596ab3d0190 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-be-BY-2.0.4… cfaae9dbc18f87524066c63a25a5b3cb ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-bg-2.0.4-38… 1105dcd143adfbd090288ad27e9c8da2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ca-2.0.4-38… 56c40e9b6824ae3ca3d123f362a5a92f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-cs-2.0.4-38… 4d44008b5c2cc553548e334158220d0f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-cy-2.0.4-38… cc0dc168269a45ddd0c114965b9a6c56 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-da-2.0.4-38… cb72c893e4ea60968ce42ea8ef011bd7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-de-2.0.4-38… dfe22f36f4b3d7aff30c742393bd893d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-el-2.0.4-38… 321616c6a193027477056d5b417e1781 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-en-GB-2.0.4… d8605f1d8bcf592e59975194fec00142 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-es-2.0.4-38… c1d1a27021f26cb106b6376c89992522 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-et-2.0.4-38… 6b9f7fab3f4d1355b97698d582b95587 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-fi-2.0.4-38… c01561728f5d498d1b8ee5232b671fa5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-fr-2.0.4-38… c0c5b6dc7f5df2305c6dab0ed2ee4a0b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-galleries-2… 9f911d9257e8d4504a1fee9f3c1287b9 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-gnome-2.0.4… f241e376c47c9ce1adddfe52e572831d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-gu-IN-2.0.4… 7435d6499436d16c14b7237517c032ce ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-hi-IN-2.0.4… 8168a44c2ac4192a5c181d1fad0b7169 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-hr-2.0.4-38… e0202b13638f4acb8070ec2edb1e8189 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-hu-2.0.4-38… f09d99292b549a64461fd92cf33ff5f8 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-it-2.0.4-38… c245ee3672d79e4befb73e708b3e70b3 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ja-2.0.4-38… 0fd0cc2d7bc864f257d665d8473f3f4e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-kde-2.0.4-3… 61201fbb62e4e0f56ccb3b357f44cfca ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-km-2.0.4-38… 5663111aae630b36841310cba6db55f3 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ko-2.0.4-38… 8d5836c647bf78676c14414c123f4858 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-lt-2.0.4-38… 77553c865df0d7dca5d2e7ed0f82b3a0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-mk-2.0.4-38… e8d546844421eebffe58cdc645ab6bb2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-mono-2.0.4-… d2ffbeb6427890bec20f1176b9650467 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-nb-2.0.4-38… 58d48ddc4115b4f6ad29ab77f1cadba0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-nl-2.0.4-38… 267724851c91881fff125df8041f4cc4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-nn-2.0.4-38… 227d2c5991662871c31a6089d1fa01ec ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-officebean-… 05bbfed2edd6f0bd034f121e97282fd6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-pa-IN-2.0.4… 063f03b909b71017a33385c58a5bc40f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-pl-2.0.4-38… 27c022b107e2fad7aa4382c431b09335 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-pt-2.0.4-38… df85fbc2f61f45244328944860e90cfe ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-pt-BR-2.0.4… 0fd50ee5fe5180e3ab9e5a8863b1fe41 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ru-2.0.4-38… 585779050216d76d3fdc61dcb87756b6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-rw-2.0.4-38… 9948a3c6fe923d1b49c0c32a0945be6d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-sk-2.0.4-38… 9200ab125263a45b9d60fef03c55d5af ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-sl-2.0.4-38… c6407f6d58eab0882854740ac55277c5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-sr-CS-2.0.4… 5a3a13df49340458817b3730623dbdce ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-st-2.0.4-38… df5ae66ffe5e5108da697871156cbff5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-sv-2.0.4-38… df6b1fdcfbeadc187af969236ecb5635 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-tr-2.0.4-38… 60390c99d68d9e4bcb8721213582a5a4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ts-2.0.4-38… 2c1901b43de3d5ad13443ea6cf2de516 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-vi-2.0.4-38… bb7bf0ec0d243eb2d7726b472904f8be ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-xh-2.0.4-38… 07010f8ee28c3ed3fbc6b5c45eec37a4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-zh-CN-2.0.4… d7d1e73876c1f9ce41ff733e48dc8e1f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-zh-TW-2.0.4… 14e61b81f2da392d90f36e49e6331dbf ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-zu-2.0.4-38… 4fe4504f405ba6151ba3ac7ee49c3172 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/libwpd-0.8.8-4.1.i586.rpm 7e4dfeab50b23ed7a3113be7a6b156a8 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/libwpd-devel-0.8.8-4.1.i58… a44dae4a186a610827d8262064ecce5a SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-2.0.0-… daf50e3dcfcc21ef80ca59cd730e7733 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-af-2.0… 0908aeb25b6aa9638d44996f5837d875 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ar-2.0… d101a407afd4a19e5d2240475dc2974d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-be-BY-… fbeece1fad5a8832df4b1cd05465691e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-bg-2.0… 7954a771aae3a099b86a9c2c81a5a7ac ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ca-2.0… 446b15214a52bafcb16b70413ff76bfc ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-cs-2.0… a8bf434202af39cb2a54b6181caff6e4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-cy-2.0… be19917020061c7756c9deb97dc9a7aa ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-da-2.0… 4e8d908c40209290dc52a1f41e7735d2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-de-2.0… f75f652b606ee51a3aed06cc203a82ed ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-el-2.0… 67e142cbc8dc07719014c3344a3e43d0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-en-GB-… 7748ff91d45dd2a535193e9f80a5f9e5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-es-2.0… fe141d5f8240ce6b751f5d9c67337c27 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-et-2.0… f2f201a58434286598f0bf13d35e9839 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-fi-2.0… 0e3d3c2eca587d580bac44637d591a04 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-fr-2.0… ec7ce5153548779dbce4324cfc21b088 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-galler… 321df6d876e182ee003a2ebb6b43f965 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-gnome-… ef368c9d5b04a6461a27c633c14e66cd ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-gu-IN-… 560a4de9533dc4b00d3905641f51b814 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-hr-2.0… 857c76fb5d00238ba3a7571f31a44bcb ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-hu-2.0… a09830b7f91e6adc5dd2cc5c85ae2f62 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-hunspe… c40a52f2245c0d1b9c7e098b73d2241d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-it-2.0… e8a35dc8733c61ff82ba4c79434484b3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ja-2.0… aefa7eafd187f38548642c2d20264334 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-kde-2.… 3fb2f0ea676eacedd11819fffb33db54 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ko-2.0… b05e81f2d7500fd3c5b4044fbc1770e4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-mono-2… 507477f68fcf29a078759e3b4fa0b8ce ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-nb-2.0… dfad18ee128cf4e2ea8bef41787e6628 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-nl-2.0… 9920f20a0dd06e3ec66ab54f57ba3afa ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-nn-2.0… 10294b1e938a66ae2dd662c08d283b00 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-office… b96c74bffb0b88512c882afa8427fdca ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-pa-IN-… 3d95aee56fd4b8c2afd0222c8b2d9ed4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-pl-2.0… e477c6570f7d4b2221241eba60d447b0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-pt-2.0… a3b4db853adbc7dfb59320449f02cea4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-pt-BR-… ff427c1dbaa1bbc0946ed4bb9eab2411 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ru-2.0… 275b3b941540e373ac479cb43c539499 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-sk-2.0… 3b62e77eba1b15fe5a3abd66638d68fb ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-sl-2.0… b7655adeb11dc42fba851d9871c856b2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-sv-2.0… aa79318eec4efc5479c13600841071f7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-tr-2.0… 4eb75711c4504d9d63edc19baa57b51d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-vi-2.0… 93bcd0fa175cffda5f346bdfcd155d87 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-xh-2.0… 7fc2f100a4bba449582e5635af51cbc1 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-zh-CN-… 20d179d17303c2592ac0a8a746d3a2cd ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-zh-TW-… bda31e02fcf0b84ba8441c9c1dad6465 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-zu-2.0… e40724599c441056eac6242c50f6e184 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-2.0.0-1… 3d401f97c52bd951bf0f12dafd8a5f62 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ar-2.0.… 425d7fbb0026cefbd4a4c2e397d8190c ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ca-2.0.… 68bfa745291616fd868a0b7cbf95af99 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-cs-2.0.… 11adcd616dc3726ede3a5d3f6ef7193f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-da-2.0.… 7834b7c6e0e90b07fa4d6a7ad04ee0b8 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-de-2.0.… b095a9cd0b54197e04d88b0205aa62bf ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-el-2.0.… 434a14813a0d0c6bab5c4e453d7ebdba ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-es-2.0.… ca7590d2b273323c7709af49d065f563 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-et-2.0.… e3baf8b76558d18d6191db55e43a9401 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-fi-2.0.… 51968f4497bd27cea3d327197fd8dcad ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-fr-2.0.… 8fa92a6ee02cfdad5929ac90e5509a3f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-gnome-2… b59c72ebd799292c782d924988c86560 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-hu-2.0.… 780672721174087715431494136751f4 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-it-2.0.… fc3c1879bab3ea3191d174c829e98a09 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ja-2.0.… 50b4151fb4ffc14cfe4f37acbcbf072c ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-kde-2.0… d2f37ecce322145cc2af142a2b7acda9 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ko-2.0.… 66fc79960adb3709276a6e0be3453b4d ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-nl-2.0.… 76ed8d644f50ca1c33dc92e2b67ddbd7 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-pl-2.0.… 6dbc621e0abb92fa44127423fa41e239 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-pt-2.0.… d53a758cd57f36c21d7832cd5881be56 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ru-2.0.… 40fe55b170656b86f1d821402ace1d41 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-sk-2.0.… 58036435751b74b09baf2d6c870304c0 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-sl-2.0.… 602383dede3f9601ed5b0d2c3fe89d95 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-sv-2.0.… 36ac059a9aec6482f801e3662f1d1c01 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-tr-2.0.… 0cd3fc86ce54b960289fabda77e27439 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-zh-CN-2… 8fedf5c89cd730812041db3f62ae58f5 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-zh-TW-2… c4059951210c2e5510c0d0495a3cd58c ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-1.1.3-… 35ab4ffca257414aefddde8915301b05 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-ar-1.1… 1cd3ad97a081c87c69cead51dbdfcc37 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-ca-1.1… 97239440907e41e1c7beed973259927f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-cs-1.1… d326ede0a93c1039ddfee8740df82dee ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-da-1.1… 8f239372174c8e66e6e7d6847b65f53f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-de-1.1… 0c0469b3cef0fd6efe8bcd4b81b134de ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-el-1.1… 830adbe3c497b73238a635a679059f90 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-en-1.1… 986272514a78a2022ecf99fc7b613184 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-es-1.1… bdb6a5cf0e667e483716b5c7451f1a73 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-et-1.1… 431a8276a904305a4cc3b45cdd552500 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-fi-1.1… 48e11420aa6310f46c7ac1fb7a35df0b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-fr-1.1… a48ff519fb2cdf6bbf9c8e53a6df3b82 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-gnome-… dd3412152e46a9ad2c1e25a59a5398ac ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-hu-1.1… 59be3b63e52c4d608982b60678852e15 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-it-1.1… 66407d4150e0f751cba9ffbfb7ae380a ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-ja-1.1… 882c7fc9a442287eb86791874ad7c66e ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-kde-1.… 6944874f6901ee8e94596b4ec8651d89 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-ko-1.1… fbbac0a6f2534127c4fdfb2e88456f91 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-nl-1.1… 76465851513b3a266a7019ba538cbdb4 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-pl-1.1… 45ee4c5d3e366abf516fc3ae57ea055d ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-pt-1.1… 9933e1ea662526ab7d1948e7b3d49ce6 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-ru-1.1… 085b94c16b2c6d1907a5869a21b22d33 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-sk-1.1… aaf631eb0d279e065ccb30bcd2bd3bdf ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-sl-1.1… 6feb77e9d006ff2b310a874a06baf6e6 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-sv-1.1… c13f4b8f87ffae25ac1ab3fc86f2b008 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-tr-1.1… 676671efbe38fc213b2467e8fe27a39b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-zh-CN-… b1516b08ea4a43a5b7b740213eaa7c33 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-zh-TW-… 67f3cd1182a47d23229059e69d590009 Power PC Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/OpenOffice_org-2.0.4-38.3.p… ef5e7647c3119475615264b25837b560 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/OpenOffice_org-gnome-2.0.4-… 61651ed5645c144e3ce4c3e0ef3478e8 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/OpenOffice_org-kde-2.0.4-38… 0cb297ce08ff152a621e6a7be764f495 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/OpenOffice_org-mono-2.0.4-3… 50e08a0e07e9093a10c880c1756b0f44 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/OpenOffice_org-officebean-2… 55ef3359735578b9b9927a5473de38e7 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/libwpd-0.8.8-4.1.ppc.rpm ddaf3c1d9437a086e25d0996c2fb0b08 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/libwpd-devel-0.8.8-4.1.ppc.… 749edb6cf4293f983d16d3d08d268cd9 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-2.0.4-38.2.3… 9c6dce1f5d6249b3c3c4876c86c8a64b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-af-2.0.4-38.… a4217a26e9f2ac2210bea179f40fab7d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ar-2.0.4-38.… 09d36b66a917c76259bdaf6acfe515ad ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-be-BY-2.0.4-… 138e6fc1e5ddfaf706bca3ea8c5d42eb ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-bg-2.0.4-38.… 83d715467f9f7c8e6d3b8d81f56ff8f5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ca-2.0.4-38.… 9ceec70d0bced102b6f4534d37520aec ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-cs-2.0.4-38.… 03e84c9c2c6f00a04d5bc51dbc754c21 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-cy-2.0.4-38.… fab40d7cf44b9570dbac82920cff6c9f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-da-2.0.4-38.… 8cf1908adc5406aa6db821fe74ba6162 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-de-2.0.4-38.… cde1c323148a061a1b29a056b4c0260c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-el-2.0.4-38.… a2ca0d0d74589a277159de47bcc38292 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-en-GB-2.0.4-… a1fb699f2aa071d2bf93eba873b8dc75 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-es-2.0.4-38.… ac44d81e83fce7bce5c72e2ba3de194b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-et-2.0.4-38.… 2b86b2fc9f32ce1a09ec72be5e95f94b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-fi-2.0.4-38.… 4ddde7bcc75bda13cd97eadef989e56d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-fr-2.0.4-38.… 25efca68f27e58d486a1396fb6e01148 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-galleries-2.… 1a5ca9dcbd56b08588604b24ba9c3329 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-gnome-2.0.4-… 1d3e3fc5d1780a77440a92e23afd9c08 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-gu-IN-2.0.4-… 37512fa7bfae1f44077ede96253bbf9f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-hi-IN-2.0.4-… 7e5d29f310fed1e704f010ebf7fd4a94 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-hr-2.0.4-38.… fc0e46817a6ef18ec38ada0b71a45484 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-hu-2.0.4-38.… 6a90d4bc8caf09e0426f3aa3dcc19a80 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-it-2.0.4-38.… 1b34147033d27ac0ca5e6d9ea853a3f4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ja-2.0.4-38.… f0083fa3c922cb3571d08eeddfd0feee ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-kde-2.0.4-38… 4969acec66079bd018a0a8daa78a4066 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-km-2.0.4-38.… 4eb5d8b9e7000ce53eacc75eaeedec80 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ko-2.0.4-38.… 3008616363f4c20e239064b0e3fdf23b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-lt-2.0.4-38.… a078e38dbce4f5519a0872410d268b8d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-mk-2.0.4-38.… ff7982f5de6e0c4c8ab296777629a4bb ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-mono-2.0.4-3… bf61834d43d5633a90c7eb5a56984d7c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-nb-2.0.4-38.… 794df46f8566e1ca7f3540d5b5095756 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-nl-2.0.4-38.… 241a4b7d76e4caf9506230f15e240db3 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-nn-2.0.4-38.… eec36089c9417eb02e0be548dce33c14 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-officebean-2… 1ab457869109a0bee5b7998a642a0cd4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-pa-IN-2.0.4-… 37ca20d66a0600c6270997404d85988e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-pl-2.0.4-38.… c55e9a93ff9321c6a0fb809f4eadbe49 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-pt-2.0.4-38.… e98e5f1d0ee1feb79780e06479edc3e2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-pt-BR-2.0.4-… 769730f4c00958fcc4ee86520a3bc052 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ru-2.0.4-38.… 3cace3fc035a75ad17aaf84e919160f7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-rw-2.0.4-38.… 1372064aa3bfbd25c13b989a907ceed4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-sk-2.0.4-38.… c383e1cb41718a8ea7dd37c2e6e5eefa ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-sl-2.0.4-38.… dae756fac561e35434759a2c2082d364 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-sr-CS-2.0.4-… 60a949dae23eeedf21d1045ff2ef3d19 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-st-2.0.4-38.… 0ae537a3e6ff13f1aeaeab92b9a02405 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-sv-2.0.4-38.… 194510f325899490845c6f6825b78b93 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-tr-2.0.4-38.… 7ce3641365ffca0194828f85ece4ab88 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ts-2.0.4-38.… 9f5233575c5200aee3e79faede979ae7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-vi-2.0.4-38.… b7397aedb9abc1cca20eaa67bd2efca2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-xh-2.0.4-38.… 5ad29f565ce8065fa3962ba8d32edeaa ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-zh-CN-2.0.4-… b1cd36bdbb07ac8600385c71444219dd ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-zh-TW-2.0.4-… fdcab2ee3182504f06d4ff37a0e3d167 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-zu-2.0.4-38.… a531bd249ee57d928f1363b894e641ac ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/libwpd-0.8.8-4.1.ppc.rpm 9935289a9b010aca63423bfb144fa2eb ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/libwpd-devel-0.8.8-4.1.ppc.… 882e8c4febfb1e33d56e8e67b09c3a32 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-2.0.0-1… cecd47848f250ddd997db3129d27ada2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-af-2.0.… 373bf56d0fba544669124dc2a07a5890 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ar-2.0.… 33d3052f8566aa3b569ee09265d4f633 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-be-BY-2… 649011706f146e21d9449891c84b5bbf ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-bg-2.0.… 4e975a58995b37b7124c28c4043acc92 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ca-2.0.… 41c649dbaded150c9e2fd35e1db78839 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-cs-2.0.… 3975d6fb3ac15954a58428ed8b7e7186 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-cy-2.0.… 01d3561ebdd5bd35210ce936255b62aa ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-da-2.0.… cd3623f2e0c62b988acf475bffc81373 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-de-2.0.… 781d2c9487bd963533f6a0d089dea4a4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-el-2.0.… f23daff8d93fb7b05906a72f213c555f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-en-GB-2… 552ae155bf3c183ef02791e015facf03 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-es-2.0.… a4b8e0f3874c7788d5b62055bd51752b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-et-2.0.… 3c8c0d011356d77adf725cc751009502 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-fi-2.0.… e0a626b09ad3691a40cc43b9a66cdcfe ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-fr-2.0.… 632536d2f411b50ee53cfc75da77e066 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-galleri… 65555e2e265e7ef8f6786d21a0527f44 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-gnome-2… eed2177ac0f7540bcb5b33a8d8411079 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-gu-IN-2… 7aaffdd96fbc46715c02d20ed9a8ab4f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-hr-2.0.… b7a740d01f615ce4a4c1d9d31c22fac9 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-hu-2.0.… 45dde4c57a2cf6e873667bca54436218 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-hunspel… a2aeed78e10151cefa9b547cd74916b2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-it-2.0.… d6cbdfc83736feeb9beab1a3233b03b4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ja-2.0.… c7fbe3d045a8d0a69a246331d2cac9ea ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-kde-2.0… 59d89038a5d70847c39e635a6046836f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ko-2.0.… 3da570835e020b525ddefa4f1ca0f614 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-mono-2.… 051a8526c49a7b2b00911ea373edefdd ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-nb-2.0.… 691a72b95b7029728a545e4c4ba8ea40 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-nl-2.0.… 6dcb25c6aa639340d609f921307e9635 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-nn-2.0.… c5e6a24f7cbba8a950bce995aafb4c94 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-officeb… 8bef349eb7f559ed09774b3f1afc9b42 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-pa-IN-2… ce7ab69d3a44be22b87da9a64bd5a5db ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-pl-2.0.… 78bca75c7e8c48be2f29970b67e8ae91 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-pt-2.0.… 4b58b1b1fe0aa20673ce10a269eb0c77 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-pt-BR-2… 9891ce27f223d1dad6dc35b7bbc4c155 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ru-2.0.… 9c0eb597a9e5854c179bc071108ad756 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-sk-2.0.… 09a3b79866abce34b3322722f02dbb8f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-sl-2.0.… 08fa57ce52a06c090fbdefec35332d02 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-sv-2.0.… d1cd3bf8912d7c345e93d040971a9989 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-tr-2.0.… 12d7e0047ed4b7a96f76a29919789cb4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-vi-2.0.… f91dbabfd59b816f984f25ca6e2808af ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-xh-2.0.… ffbcc22a366fd8d0febcc5de81c9831b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-zh-CN-2… c93c58214854b7c815c225786338b247 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-zh-TW-2… 297c78087f9646dd5fafc108fa9a5113 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-zu-2.0.… 9af604a6e08ef5f3e271973460dbe3c6 x86-64 Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/libwpd-0.8.8-4.1.x86_64.… 98f259a61a96b389d78f5c2379935f2f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/libwpd-devel-0.8.8-4.1.x… e4940153d6b27bc542e0b19b6c095375 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/libwpd-0.8.8-4.1.x86_64.… 9283ee0bca8000ddfa4f65b5aaa63f06 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/libwpd-devel-0.8.8-4.1.x… 8b6d9df8b3125b6f79be1426e9abb716 Sources: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/OpenOffice_org-2.0.4-38.3.s… 9e366e55b7982da2bb9546ea6aafbd3e ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/libwpd-0.8.8-4.1.src.rpm 02859ccd6b23ef8abbffd3f2f2917ad6 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/OpenOffice_org-2.0.4-38.2.3… 48a2c08cc7c05cf03501add19de2f18d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/libwpd-0.8.8-4.1.src.rpm 86307019d42fd01fd791a49e936adae3 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/OpenOffice_org-2.0.0-1… 0c03bb57182d9a376b3ac180915ed118 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/OpenOffice_org-2.0.0-1.… 5a36ec0584911db7c58fd1530c0c15af ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/OpenOffice_org1-1.1.3-4… e9b9a54cf8ef922cc475e9f8fb12d038 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SLE SDK 10 http://support.novell.com/techcenter/psdb/45b2a4c2c1b2b8002e0b1a73efd03241.… SUSE SLED 10 http://support.novell.com/techcenter/psdb/45b2a4c2c1b2b8002e0b1a73efd03241.… Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/bf6a5b58f07ccb9ee5cb194c18620d9f.… SuSE Linux Desktop 1.0 http://support.novell.com/techcenter/psdb/bf6a5b58f07ccb9ee5cb194c18620d9f.… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security(a)opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe(a)opensuse.org>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBRgD7vney5gA9JdPZAQLr4Qf/Y27tMs47XKrbGMV81JD1VRKaZtWFtVTY RKc8ro0BUh10SK14QAW3hauSq+SatwOu6xGjzW8Xzb+q7IxccJRnVJpZPE/T/RLs 3iTnH9kM5aNTb4LEi09jOcKqZxJnVb6vHq/VIw+G5cKUmSAO6kqWtDbtUsyeCWpX Qogo0Jve4+TzZREny4CNK4+SApNzEda2+I05cdwLuUxuHXdPL6MCdduM5dhFnUwo 2pxZKLN5q1WztUHJ3XLo9qLKgecTSBF2bAPblXWeGRCRbwp4GUm9VoAyR6N/1jK9 fP5HenfraQcR1Czk4LWdwSg9g/gIvjhGbNGsQtiTaSDeQqPF6KtIZg== =xNg4 -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: Mozilla security problems (SUSE-SA:2007:022)
by Marcus Meissner 20 Mar '07

20 Mar '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: mozilla,MozillaThunderbird,seamonkey Announcement ID: SUSE-SA:2007:022 Date: Tue, 20 Mar 2007 11:00:00 +0000 Affected Products: SUSE LINUX 9.3 SUSE LINUX 10.0 SUSE LINUX 10.1 openSUSE 10.2 UnitedLinux 1.0 SuSE Linux Enterprise Server 8 SuSE Linux Openexchange Server 4 SuSE Linux Standard Server 8 SuSE Linux School Server SUSE LINUX Retail Solution 8 SUSE SLES 9 Novell Linux Desktop 9 Open Enterprise Server Novell Linux POS 9 Vulnerability Type: remote code execution Severity (1-10): 6 SUSE Default Package: no Cross-References: CVE-2006-6077, CVE-2007-0008, CVE-2007-0009 CVE-2007-0775, CVE-2007-0776, CVE-2007-0777 CVE-2007-0778, CVE-2007-0779, CVE-2007-0780 CVE-2007-0800, CVE-2007-0981, CVE-2007-0994 CVE-2007-0995, CVE-2007-0996, CVE-2007-1092 MFSA 2006-72, MFSA 2007-01, MFSA 2007-02 MFSA 2007-03, MFSA 2007-04, MFSA 2007-05 MFSA 2007-06, MFSA 2007-08, MFSA 2007-09 Content of This Advisory: 1) Security Vulnerability Resolved: Mozilla security update Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The mozilla browsers in old products and Mozilla Seamonkey in SUSE Linux 10.1 were brought to Mozilla Seamonkey to version 1.0.8 and Mozilla Thunderbird was brought to version 1.5.0.10 to fix various security issues. Note that Mozilla Firefox for all distributions and Mozilla seamonkey for openSUSE 10.2 was already released and announced in SUSE-SA:2007:019. Please also see http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details. The updates include fixes to the following security problems: - MFSA 2007-01: As part of the Firefox 2.0.0.2 and 1.5.0.10 update releases several bugs were fixed to improve the stability of the browser. Some of these were crashes that showed evidence of memory corruption and we presume that with enough effort at least some of these could be exploited to run arbitrary code. These fixes affected the layout engine (CVE-2007-0775), SVG renderer (CVE-2007-0776) and javascript engine (CVE-2007-0777). - MFSA 2007-02: Various enhancements were done to make XSS exploits against websites less effective. These included fixes for invalid trailing characters (CVE-2007-0995), child frame character set inheritance (CVE-2007-0996), password form injection (CVE-2006-6077), and the Adobe Reader universal XSS problem. - MFSA 2007-03/CVE-2007-0778: AAd reported a potential disk cache collision that could be exploited by remote attackers to steal confidential data or execute code. - MFSA 2007-04/CVE-2007-0779: David Eckel reported that browser UI elements--such as the host name and security indicators--could be spoofed by using a large, mostly transparent, custom cursor and adjusting the CSS3 hotspot property so that the visible part of the cursor floated outside the browser content area. - MFSA 2007-05: Manually opening blocked popups could be exploited by remote attackers to allow XSS attacks (CVE-2007-0780) or to execute code in local files (CVE-2007-0800). - MFSA 2007-06: Two buffer overflows were found in the NSS handling of Mozilla. CVE-2007-0008: SSL clients such as Firefox and Thunderbird can suffer a buffer overflow if a malicious server presents a certificate with a public key that is too small to encrypt the entire "Master Secret". Exploiting this overflow appears to be unreliable but possible if the SSLv2 protocol is enabled. CVE-2007-0009: Servers that use NSS for the SSLv2 protocol can be exploited by a client that presents a "Client Master Key" with invalid length values in any of several fields that are used without adequate error checking. This can lead to a buffer overflow that presumably could be exploitable. - MFSA 2007-06/CVE-2007-0981: Michal Zalewski demonstrated that setting location.hostname to a value with embedded null characters can confuse the browsers domain checks. Setting the value triggers a load, but the networking software reads the hostname only up to the null character while other checks for "parent domain" start at the right and so can have a completely different idea of what the current host is. - MFSA 2007-08/CVE-2007-1092: Michal Zalewski reported a memory corruption vulnerability in Firefox 2.0.0.1 involving mixing the onUnload event handler and self-modifying document.write() calls. This flaw was introduced in Firefox 2.0.0.1 and 1.5.0.9 and does not affect earlier versions; it is fixed in Firefox 2.0.0.2 and 1.5.0.10. - MFSA 2007-09/CVE-2007-0994: moz_bug_r_a4 reports that the fix for MFSA 2006-72 in Firefox 1.5.0.9 and Firefox 2.0.0.1 introduced a regression that allows scripts from web content to execute arbitrary code by setting the src attribute of an IMG tag to a specially crafted javascript: URI. The same regression also caused javascript: URIs in IMG tags to be executed even if JavaScript execution was disabled in the global preferences. This facet was noted by moz_bug_r_a4 and reported independently by Anbo Motohiko. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please close and restart all running instances of Mozilla after the update.. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaThunderbird-1.5.0.1… 547473641b1fc691203bef3db6d36c0d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaThunderbird-transla… af42f03d1887e418797e3690c69a1709 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/MozillaThunderbird-1.5.0.1… 272781028bb6a983e8e14c6b14c102e4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/MozillaThunderbird-transla… 3d49f23e615d183fe408d6891ea6c170 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-1.0.8-0.1.i586.r… eba37ae4180a8f04287df247f23c35b5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-calendar-1.0.8-0… 32e45f618cac250516cda65a66de4e3f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-dom-inspector-1.… 91fefaa5fc57c236ee708437bf3aa708 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-irc-1.0.8-0.1.i5… 81961a36d4f7d2fb248709651ea60a16 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-mail-1.0.8-0.1.i… b97b422453a0c1331814d48522e46f21 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-spellchecker-1.0… 3240234d66b6b64aa605183a6cd46a09 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-venkman-1.0.8-0.… 8fcd70d4809dd33687f594bb713ef701 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaThunderbird-1.… 104ceda0fbb7193a3f9d99f0a175287b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-1.8_seamonkey… d1562e72530fc68ad28ec3dadc0f6000 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-calendar-1.8_… ae59edd5df960ce7ca2811668ca4304a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-devel-1.8_sea… 80b8d1f6c86f76e9a4bd2a383662cc70 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-dom-inspector… e0ec1b099ab4669ff87c4c57025b6408 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-irc-1.8_seamo… 18ed94852710ea4da55d5e272c8f02ab ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-ko-1.75-3.2.i… 9a88799bc8165c52bf4368fa88fa8062 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-mail-1.8_seam… c7dfd3b86e181397f57eb96ac7add4ff ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-spellchecker-… 3218a9896df5b4165812dc426d785a79 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-venkman-1.8_s… 9deecf3e3f2db8bc933bcbc9b404b200 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-zh-CN-1.7-6.2… cdd4d321f1d0c77972147ae8e5711c8f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-zh-TW-1.7-6.2… 4b78297073c3fc7452bce2156fd27ce9 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaThunderbird-1.5… 09dc095c0c9ab026ac2ea39016563ee7 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/galeon-2.0.0-28.2.i586… 3bf2e04d77f5741b7e1e63fec2782ce3 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-1.8_seamonkey_… 8e6985968a4b4a20344eaeca82b20dd9 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-calendar-1.8_s… d7923262288dbc5e3dccb8c6e8c9be21 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-devel-1.8_seam… a95141a7ffd39d2dbf15f1806b1302b8 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-dom-inspector-… f840cc616b050f1f9110b646d92d9f89 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-irc-1.8_seamon… b15fb0401c3fe083504f785380837bf5 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-ko-1.72-4.2.i5… d47244baa6e176b382873de18e7f4d57 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-mail-1.8_seamo… 583b08c694d9e60b693d83091cc4bea1 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-spellchecker-1… 8a6c77ca9a5785f13da8bab1fd6559a7 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-venkman-1.8_se… 6eb27c5c993b8404b6b9b37fa9410000 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-zh-CN-1.7-4.2.… e4953be21c3190a0f977594475c6a644 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-zh-TW-1.7-4.2.… 889112f57c9909a3f579c934cb607890 Power PC Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/MozillaThunderbird-1.5.0.10… 5eb4d9bfb70541d73567e314b1221c4e ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/MozillaThunderbird-translat… cd2c7744d010199ad4eeb1e77cafc6a2 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/MozillaThunderbird-1.5.0.10… 0da2ff5b2660089c085d04c511c4a288 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/MozillaThunderbird-translat… 26108b5b6121892c87fc63f3b83fa738 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-1.0.8-0.1.ppc.rpm d28e98789cd7e5bf8489f613bef0a412 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-calendar-1.0.8-0.… 52bd066680ec0cd4be2274c5910b0575 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-dom-inspector-1.0… 4d6651cbeb0ba49af385fb79e0565e6f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-irc-1.0.8-0.1.ppc… 58d928a2ca8e210f678f1882ef197dbc ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-mail-1.0.8-0.1.pp… 5c312611eea1a5c66ad8d5642b6312f8 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-spellchecker-1.0.… 5df145c669c43232db30470031529386 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-venkman-1.0.8-0.1… 4eb4b2966b9ac81efa49119e4f8ddf7c SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/MozillaThunderbird-1.5… 9e76e2ef067375c853a4007c154f06fc ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-1.8_seamonkey_… 929df8d565c7cdbb80b2be5e2d36d1b8 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-calendar-1.8_s… 2b0f10ef23de1c4fe6e428119381ff13 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-devel-1.8_seam… 98f8f2e0e48b202ba137c50b96629f73 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-dom-inspector-… 2b53a2c3a84ad880efe167b9fbb82284 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-irc-1.8_seamon… a473278b9f8199ec24b6cc4b9e3f64de ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-ko-1.75-3.2.pp… eb221819f94a49db237d8e653477fa22 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-mail-1.8_seamo… 640abb44e274fc5f1422c5044c6f091d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-spellchecker-1… 56f73c7ad8e347c03cf268611e8482ea ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-venkman-1.8_se… 6222c60a8ea5912eb1bf95f89ed05133 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-zh-CN-1.7-6.2.… 40bad4acd306702420c7ae724a6c3483 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-zh-TW-1.7-6.2.… bdb9c3f6fc1b9e683a086439abcd634f x86-64 Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/MozillaThunderbird-1.5.0… 571480603ece2894c54437586e5f15ca ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/MozillaThunderbird-trans… ad3fe46c99995dae891742114b411348 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/MozillaThunderbird-1.5.0… b0b6f6317aa08e9ffdfd01bf78d6ab6c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/MozillaThunderbird-trans… 3b3593cc49a34959ddf109e73e229838 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-1.0.8-0.1.x86_… c62c306a9210d1380d0383756ef5a3b6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-calendar-1.0.8… dfec65a2c28ce970f716639416ad9c04 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-dom-inspector-… a0d1a056d3c9c9474c7ad922ed0510a5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-irc-1.0.8-0.1.… d9b8d64648f876404f9140f8712dc277 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-mail-1.0.8-0.1… 827be325fc09f3a3de8aa34c43d39d53 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-spellchecker-1… 8781deadb623e4e790f752e34e225023 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-venkman-1.0.8-… 8f5d5bbb19e5d7fd8ee7561ff0479366 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/MozillaThunderbird-… 50c9aa9444c5f3d3fbacdd0eeb793c00 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-1.8_seamonk… e62ef28727a06a0bd8d1178a21dc5110 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-calendar-1.… 8caefefc6a95b18fc7fffb26ae518fd1 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-devel-1.8_s… 1193ae59a5f9c047b61804c6f4573292 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-dom-inspect… f69a7642c1de7ff1d95267fd94fa1e52 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-irc-1.8_sea… 1ff8ba349799de175307a45975376690 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-ko-1.75-3.2… 0c3a3919968ff3944fec0b06492d2648 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-mail-1.8_se… 2d7dc7e6277a5e3b4e0f1502123d56c8 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-spellchecke… 9a7588c2679c2f20ae320d966007a52c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-venkman-1.8… a31af9e8c71814b3959fe798b02bce1c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-zh-CN-1.7-6… 24e379bc61ed056c0f0bb54221fa775b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-zh-TW-1.7-6… 558744070125f366ea371b8a74013740 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/MozillaThunderbird-1… fb45dc9c21efe5b80147007419fbf00c ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/galeon-2.0.0-28.2.x8… 78e0f0c0656bbd5d5e870ebb07d0da59 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-1.8_seamonke… a964c727aff74b4216616e1fc5c4e9e2 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-32bit-9.3-7.… b76b14cc243ca194ccf63eb90b2b7b18 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-calendar-1.8… 9f0c7439178321a8b63bd6e4082de183 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-devel-1.8_se… 4d18ea11bbe8cdec74485b0a28af3e0d ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-dom-inspecto… ed69936e7b237686d14e042a1ec89e76 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-irc-1.8_seam… 37fb7bb34b46c2fb8986b856b1e8bc80 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-ko-1.72-4.2.… 9793929ef938078b26f2f4820f987186 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-mail-1.8_sea… 539b0364484d1bcc83131e71dad07c6a ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-spellchecker… 169e8a933712659b6393a2259a800fb8 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-venkman-1.8_… 0205e7b8c7039713b25bae3eef4ef5a1 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-zh-CN-1.7-4.… ea9f1f7fb7ad5ad39e4e74518d50e5de ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-zh-TW-1.7-4.… ff169bc5b2c5ad54791eb44a19a0fa68 Sources: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/MozillaThunderbird-1.5.0.10… df76bca1b23849c6c4a4223cc4393ed6 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/MozillaThunderbird-1.5.0.10… a97490af5bd2facdd92b456f7bd9b48b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/seamonkey-1.0.8-0.1.src.rpm 4a09308ea09abe9efd161bfbae069389 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/MozillaThunderbird-1.5… 8fb26a705089600a0041147f143bb3d5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-1.8_seamonkey_… 7e7e925e6dc07f79a5e413301e0a1e2b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-ko-1.75-3.2.sr… 94f4bfac620e696e87ebeffc8a37f939 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-zh-CN-1.7-6.2.… 770f8c2ad133d2654a7decd39318d938 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-zh-TW-1.7-6.2.… f14d2b1c49c4be16c6d4eabf7a829846 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/MozillaThunderbird-1.5.… 7bf0a95e565d0b4e0b281de71d7b77ac ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/galeon-2.0.0-28.2.src.r… e8d4e6067036c64cdf8e7b6df0293e5d ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/mozilla-1.8_seamonkey_1… 36fb405238f66b32ffa3886a65179c09 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/mozilla-ko-1.72-4.2.src… a9a59a04691762400d9683d77373461f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/mozilla-zh-CN-1.7-4.2.s… 47fe021634a3e246e9c4a5a0c729d210 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/mozilla-zh-TW-1.7-4.2.s… 4778ee7e50fc457cb5a6fd36d409aefe Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: UnitedLinux 1.0 http://support.novell.com/techcenter/psdb/de9498ed8558262d3438fd1358e0a132.… SuSE Linux Openexchange Server 4 http://support.novell.com/techcenter/psdb/de9498ed8558262d3438fd1358e0a132.… SuSE Linux Enterprise Server 8 http://support.novell.com/techcenter/psdb/de9498ed8558262d3438fd1358e0a132.… SuSE Linux Standard Server 8 http://support.novell.com/techcenter/psdb/de9498ed8558262d3438fd1358e0a132.… SuSE Linux School Server http://support.novell.com/techcenter/psdb/de9498ed8558262d3438fd1358e0a132.… SUSE LINUX Retail Solution 8 http://support.novell.com/techcenter/psdb/de9498ed8558262d3438fd1358e0a132.… Open Enterprise Server http://support.novell.com/techcenter/psdb/adf5cccb9b0cfb2f9cb649652f793fdc.… Novell Linux POS 9 http://support.novell.com/techcenter/psdb/adf5cccb9b0cfb2f9cb649652f793fdc.… Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/adf5cccb9b0cfb2f9cb649652f793fdc.… SUSE SLES 9 http://support.novell.com/techcenter/psdb/adf5cccb9b0cfb2f9cb649652f793fdc.… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security(a)opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe(a)opensuse.org>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBRf+z43ey5gA9JdPZAQLjMggAnCvJW3FpEu8VB23xIRQqWdjwErzdn2lC x4T//Bp7d2woASoc6zaytr3IhOjeBAUNtMlmSdYd4HStmNR45VO75utyhqhucrps hymqDTAzmTuVo+pv1Tz1BficwOYAQsm2Le+k/OYWKMA+NFhvXaQVesrX5iCNaKg6 yJnEyEpQ8z8r+0/wIu3xNFUNa0jzPDPx9ibl7TltwakwdDeYB80pR6UfbACvsy4v 1L3Om1gZIbHiNW0EgRLc5JGhz3SHdG8ohtfURKG7q2VXB649pmsgzFkwb2LDeIXC IDi5GakSHRb2o2GYjMcFzgdBaw7iNfOxDUxvUdPMpo+HTSgYFa3K1g== =jF1d -----END PGP SIGNATURE-----

1 0

SUSE Security Summary Report SUSE-SR:2007:004
by Marcus Meissner 16 Mar '07

16 Mar '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2007:004 Date: Fri, 16 Mar 2007 15:00:00 +0000 Cross-References: CVE-2005-4348, CVE-2006-3126, CVE-2006-5867 CVE-2006-5974, CVE-2006-6142, CVE-2006-6303 CVE-2007-0469 Content of this advisory: 1) Solved Security Vulnerabilities: - fetchmail man in the middle attacks - capi4hylafax potential code execution - squirrelmail cross site scripting problems - rubygems file overwrite problem - ruby denial of service problem - clamav bugfix release 0.90.1 2) Pending Vulnerabilities, Solutions, and Work-Arounds: - Month of PHP Bugs 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for the following incidents are already available on our FTP server and via the YaST Online Update. - fetchmail man in the middle attacks Three security issues have been fixed in fetchmail: CVE-2005-4348: fetchmail when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers. CVE-2006-5867: fetchmail did not properly enforce TLS and may transmit clear-text passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks. CVE-2006-5974: fetchmail when refusing a message delivered via the mda option, allowed remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the ferror or fflush functions. All SUSE Linux versions containing fetchmail were affected. - capi4hylafax potential code execution In the capi4hylafax fax suite, by using shell meta characters in the sender number remote attackers could potentially execute arbitrary commands (CVE-2006-3126). It is not clear if this is exploitable at all. All SUSE Linux based products containing capi4hylafax were updated. - squirrelmail cross site scripting problems Multiple cross site scripting bugs in squirrelmail have been fixed (CVE-2006-6142). SUSE Linux 9.3 up to 10.1 and openSUSE 10.2 are affected by this problem. - rubygems file overwrite problem This update fixes a vulnerability in rubygems that allowed to overwrite files with root privileges. (CVE-2007-0469) SUSE Linux 10.0, 10.1 and openSUSE 10.2 are affected by this problem. - ruby denial of service problem The ruby package was updated to fix a denial of service problem in its CGI module when parsing multipart MIME messages. (CVE-2006-6303) All products containing ruby were affected by this problem. - clamav bugfix release 0.90.1 The virus scan engine clamav was brought to version 0.90.1. This was not a security, but only a bugfix release. The major version of libclamav.so was bumped, so we also released sylpheed-claws and klamav updates to provide consistency. ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds - Month of PHP Bugs We are following the Month of PHP bugs closely and collect the reported problems. Once the month of bugs is over, we will release updated PHP packages. ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and included at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security(a)opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe(a)opensuse.org>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBRfql8Xey5gA9JdPZAQKkDQf/WJ6Kl62OHh5vcx4vF6Bmic0dPtSykxv6 a7a0afhiokoF03ofbFaf+07ooABHSC3Z12GvKElNay584G2lFgQ6+NO8rAia4W9v 4IDcTAe7eV+YM/zAL4WUIYvI+LuxY/F0APWz+JUe+bKnR1dskkgy20cIeikwctdH JvvTFQCEe9pQj8Ro17IkvGBQqirqUIL7yuqHpomxIC/wAFycbemKMGCnAAZROJ4m bbsFM60FzNJwfa59RhW1mT1Y/wkm88JHIxmXfdconI7t5htazxsMcg41/m/Q1wQe 0UTaH6Pk1m1DxrYSNdDs97u0q7OLtda1SLGXJt+AmLRlXQvs7I7k6w== =LF1D -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: Linux kernel (SUSE-SA:2007:021)
by Marcus Meissner 16 Mar '07

16 Mar '07

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SUSE Security Announcement Package: kernel Announcement ID: SUSE-SA:2007:021 Date: Fri, 16 Mar 2007 13:00:00 +0000 Affected Products: SUSE LINUX 10.0 openSUSE 10.2 Vulnerability Type: remote denial of service Severity (1-10): 7 SUSE Default Package: yes Cross-References: CVE-2006-2936, CVE-2006-5749, CVE-2006-5751 CVE-2006-5753, CVE-2006-6106, CVE-2007-0006 CVE-2007-0772 Content of This Advisory: 1) Security Vulnerability Resolved: kernel security update Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The Linux kernel was updated to fix the security problems listed below. This advisory is for the bugs already announced for SUSE Linux Enterprise 10 and SUSE Linux 10.1 in SUSE-SA:2007:018. The packages associated with this update were already released 1 week ago. Please note that bootloader handling in openSUSE 10.2 has changed and now creates new entries for updated kernels and make those the default. We also had reports of the update breaking the bootloader configuration, and apologize for the inconveniences caused. We are investigating those problems and hope to release an update to fix the bootloader handling code. If you are manually adapting /boot/grub/menu.lst, please review this file after the update. - CVE-2006-2936: The ftdi_sio driver allowed local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued. This requires this driver to be loaded, which only happens if such a device is plugged in. - CVE-2006-5751: An integer overflow in the networking bridge ioctl starting with Kernel 2.6.7 could be used by local attackers to overflow kernel memory buffers and potentially escalate privileges. - CVE-2006-6106: Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel allowed remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via CAPI messages with a large value for the length of the (1) manu (manufacturer) or (2) serial (serial number) field. - CVE-2006-5749: The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux kernel does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash. - CVE-2006-5753: Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges. - CVE-2007-0006: The key serial number collision avoidance code in the key_alloc_serial function allows local users to cause a denial of service (crash) via vectors that trigger a null dereference. - CVE-2007-0772: A remote denial of service problem on NFSv2 mounts with ACL enabled was fixed. Furthermore, openSUSE 10.2 catches up to the mainline kernel, version 2.6.18.8, and contains a large number of additional fixes for non security bugs. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please reboot the system after installing the updated packages. Review the /boot/grub/menu.lst configuration file if you manually changed it. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/ivtv-kmp-bigsmp-0.8.0_2.6.… e82b0a67a4b0bbb0971bb969c8d9eb60 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/ivtv-kmp-debug-0.8.0_2.6.1… 60c6ce6820d3839ce9fbe2eb4bab356c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/ivtv-kmp-default-0.8.0_2.6… da0bf89980c93e0a475e37fa200e28b0 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/ivtv-kmp-xen-0.8.0_2.6.18.… 4bf99d7816ba585f0ed5593dc6fbb740 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/ivtv-kmp-xenpae-0.8.0_2.6.… 13bc3b2be8b6fd08ae1589f9cfd67be7 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-bigsmp-2.6.18.8-0.1… 08da4cbf6da45be1c0459580cb44749c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-default-2.6.18.8-0.… 112d3fcfbea319940262c0a306da85be ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-source-2.6.18.8-0.1… 3096d2eeb901ee592a06d68ca91982a9 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-syms-2.6.18.8-0.1.i… 9429c6f7042ebd28831298058467044a ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-xen-2.6.18.8-0.1.i5… d2cd5d41af38cf5489b9b7636546ce39 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-xenpae-2.6.18.8-0.1… 1c01b355d52b01f8cacbdfb06af0c171 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/lirc-kmp-bigsmp-0.8.0_2.6.… d402122d25eab3352c194a96a249cc20 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/lirc-kmp-default-0.8.0_2.6… 8798fe7a1d4ce2b2029bf4ee957efe08 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/lirc-kmp-xenpae-0.8.0_2.6.… dd3d8c1869f08c6c9d7821fd122d7b99 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/quickcam-kmp-bigsmp-0.6.4_… d1b16cbbc1445c7564bcdc8f009760a6 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/quickcam-kmp-default-0.6.4… ba2fbb5381abcfac608f6dfd9ccca71c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/usbvision-kmp-bigsmp-0.9.8… bda4e19bab973eace8b245b82a976610 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/usbvision-kmp-debug-0.9.8.… 3998dbfbad2955c876d3c6918e30775b ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/usbvision-kmp-default-0.9.… 20710daf7c1e1c7560387605e679e9ef ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/usbvision-kmp-xen-0.9.8.3_… 02dcd27ebad0f8b4eeaba2567ef79352 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/usbvision-kmp-xenpae-0.9.8… caea9f949b562b7fbe6cc1e5f7da4a4c SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/Intel-536ep-4.69-0.1.… 70a42a7f7742d66894bee17b3f388a5d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-bigsmp-2.6.13-… 16b76176c41ecc466f9fb46cdd230489 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-bigsmp-nongpl-… 062a8b04cb89e3989d305bef87dc0757 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-default-2.6.13… faf638689b69c1e80569bc46dbfe088b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-default-nongpl… 6049934f03e60aca2bc5d54012c0407d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-smp-2.6.13-15.… 6c1ac1600ee0f27e7464e0407405f9aa ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-smp-nongpl-2.6… 752faf01a1b41613c91f785e72895a55 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-source-2.6.13-… e5fe6448fddbc8fcefd8a90b36888db9 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-syms-2.6.13-15… e38e9ba4c63044e5bfbb285911c898a5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-um-2.6.13-15.1… 0944ef9eb3fe1634bf21121bf1f51fdc ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-um-nongpl-2.6.… 9e6bd3a6f743926b9270872fefb9b915 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-xen-2.6.13-15.… 9d49e4767426613e38573037776f26b0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-xen-nongpl-2.6… 8e5f25c2e2b85129f91c22c6868f0003 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/um-host-kernel-2.6.13… a38b42695a1f0700ac1ed8a71c79520c Power PC Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/kernel-default-2.6.18.8-0.1… 56d9d481c3c62f9627f8fdb5b3df782d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/kernel-iseries64-2.6.18.8-0… 109afa91f06beb989faa4ce3b5181ffa ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/kernel-ppc64-2.6.18.8-0.1.p… 1ce2d7597556be60d09b3cea3639af8a ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/kernel-source-2.6.18.8-0.1.… 84bd64a7f8d3de26f13536635983be23 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/kernel-syms-2.6.18.8-0.1.pp… 56e7429616a92898cbf83ee796ae45f7 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/lirc-kmp-default-0.8.0_2.6.… f79c0143fbf4ffd0cf14fa616968da58 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/quickcam-kmp-default-0.6.4_… 97ab79266d28d0b05c7fe715e054bce1 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-default-2.6.13-… 419939cc75cdf648342e2de9bda2c0e8 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-iseries64-2.6.1… 5147690fdc8e20d2456d9a2ad9566c15 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-ppc64-2.6.13-15… 29982397729967c8237643d59f0a300b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-source-2.6.13-1… 6cf3159d8cef06756309a58f3a007e29 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-syms-2.6.13-15.… d16442f15524102ab709419e8a56f6a7 x86-64 Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/ivtv-kmp-debug-0.8.0_2.6… c3841ced488b344daa86646138e1a050 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/ivtv-kmp-default-0.8.0_2… a35ed0949cc2fe69362069398621788d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/ivtv-kmp-xen-0.8.0_2.6.1… c884bd668d92648dddc440c931b44399 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/kernel-default-2.6.18.8-… 0aed77eee5442d9315f3d53c2da9f6f3 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/kernel-source-2.6.18.8-0… a37c3f4a169d9061af48d1430c04d05f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/kernel-syms-2.6.18.8-0.1… 0c2f6be06580c9ca0426243c73e3144e ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/kernel-xen-2.6.18.8-0.1.… 74d9189894b2ca61f495dc90023b279a ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/lirc-kmp-default-0.8.0_2… b0880efb1ff8ab29ea0ed752f692985d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/quickcam-kmp-default-0.6… 8df8f3c772f884481a122abbe264c45d SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-default-2.6.… 9bb317c036977483961d7d4ab2c3a123 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-default-nong… a57e4271abb5b607dcf24ccb7c75d3ea ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-smp-2.6.13-1… 7c0fd656bf08fa0a1dd9bce20ced8b2a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-smp-nongpl-2… a5f66edd202201ffb96eadeb03a7213c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-source-2.6.1… f195f6ebb24ef1b6ebf6859efe4e9658 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-syms-2.6.13-… 9b23bb08beccedecc5ce35e1b099ca2f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-xen-2.6.13-1… a34f4798ccf607f3e6e8c1db4ce6ab1c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-xen-nongpl-2… 3aa25da4d80b5687b0dd112ccbb980f2 Sources: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-bigsmp-2.6.18.8-0.1.… a6bb16929d315cf146675e75b3e14e97 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-default-2.6.18.8-0.1… d18038925c29a061a23fdbd3c410d362 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-iseries64-2.6.18.8-0… e579ee0834be9cc99f0f181f4eefc722 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-ppc64-2.6.18.8-0.1.n… 099041a3de7a607b414c5690dc870117 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-source-2.6.18.8-0.1.… 7f7c7fd1543e01c24c1b9e7f71fb73a1 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-syms-2.6.18.8-0.1.sr… 10d98ce9df7766e3a2268f103bea42d9 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-xen-2.6.18.8-0.1.nos… 058b58f8be113977a91e94ab94bf0182 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-xenpae-2.6.18.8-0.1.… 210b549a27e3eca6d7174ad1c3e4c858 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/Intel-536ep-4.69-0.1.s… e7669014790db2d2b9022d08307d7fba ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-bigsmp-2.6.13-1… a56233e08afeb0c3e7a7d47c4614fcc2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-default-2.6.13-… 6b84ee8f314841da371d89efe4406e47 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-iseries64-2.6.1… 28a33e95d59a0fbfa8d7ec10d8bb7d43 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-ppc64-2.6.13-15… f6e51f0333e0b8a571f6e7e070ac577d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-smp-2.6.13-15.1… fb5e7d691e697ae608e9964966060cdc ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-source-2.6.13-1… 0bb6955fcaf7079ec5dc84d0242d518a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-source-2.6.13-1… e4f1f529be352d96e39efd832bb1bd2b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-syms-2.6.13-15.… 44acc7bf9de3e6404876c72a264448d2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-um-2.6.13-15.15… 80a8dd4f5c4535c6f6cfc40b4d17591a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-xen-2.6.13-15.1… 1b20f3e5ee1bf0b081a50f26f811b47e ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security(a)opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe(a)opensuse.org>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iQEVAwUBRfqMp3ey5gA9JdPZAQHuSwf/e3FO1RcgSi0rE6L+qbACE2ylyGiyktMa vhG4VZXff2nkRd4dAg0DTP7rZv9DHdb/61QOqqTe71E29ecpqMP+tBBrcxuggELI OpSJfposZqyZxqVbv75mxfWs9SO744x0YTUUxPQYbHDun/ZW7UV3h3b5yq9Nkv7K 7ZCc3m4dqZgRyvaPQPmKry8AkSZVr7b60frS/qrGvpQC6Rt1+yIlTEXTtrMMmEKM rOd0VTIi5J8PWmtQpmXhTSD+uNp4oeqRBUDObZpU8ziLYaCVXSpHjjPOS+q5+WFm qg2BwQ0UPXCSi1ARsS0pamARM5xBIHp39gJZDmm6bZNFwnrBxZh41w== =BPjk -----END PGP SIGNATURE-----

1 0

SUSE Security Announcement: php security problems (SUSE-SA:2007:020)
by Marcus Meissner 15 Mar '07

15 Mar '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: php4,php5 Announcement ID: SUSE-SA:2007:020 Date: Thu, 15 Mar 2007 12:00:00 +0000 Affected Products: SUSE LINUX 9.3 SUSE LINUX 10.0 SUSE LINUX 10.1 openSUSE 10.2 UnitedLinux 1.0 SuSE Linux Enterprise Server 8 SuSE Linux Openexchange Server 4 SuSE Linux Standard Server 8 SuSE Linux School Server SUSE LINUX Retail Solution 8 SUSE SLES 9 Open Enterprise Server Novell Linux POS 9 SLE SDK 10 SUSE SLES 10 Vulnerability Type: remote code execution Severity (1-10): 5 SUSE Default Package: no Cross-References: CVE-2006-6383, CVE-2007-0906, CVE-2007-0907 CVE-2007-0908, CVE-2007-0909, CVE-2007-0910 CVE-2007-0911, CVE-2007-1380, CVE-2007-1399 Content of This Advisory: 1) Security Vulnerability Resolved: php5 and php4 security update Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Multiple bugs have been fixed in the PHP4 and PHP5 script interpreters. These include the following security related problems: CVE-2007-0906: Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. CVE-2007-0907: Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. CVE-2007-0908: The wddx extension in PHP before 5.2.1 allows remote attackers to obtain sensitive information via unspecified vectors. CVE-2007-0909: Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function. CVE-2007-0910: Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors. CVE-2007-0911: Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash). CVE-2006-6383: PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. This security update also fixes some bugs reported by the Month of PHP bugs project: MOPB-10-2007 / CVE-2007-1380: The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read. MOPB-16-2007 / CVE-2007-1399: Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback. Note that this problem is caught by the FORTIFY SOURCE extension in SUSE Linux 10.0 and newer products and just leads to a controlled abort of the PHP interpreter. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please close and restart all running instances of Apache after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/apache2-mod_php5-5.2.0-12.… f2f48e532fef257c6e7a9594b395bbbd ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-5.2.0-12.i586.rpm 503528c34dd46c11b626a1115e4e7acc ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-bcmath-5.2.0-12.i586.… f0d2552bdec0eeb3ab8bf2545ba3cddb ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-curl-5.2.0-12.i586.rpm bf3d450e2eb99b34a06daf7513983471 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-dba-5.2.0-12.i586.rpm f818ce63be457d9c1a1239cb4df43140 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-devel-5.2.0-12.i586.r… 21e05debffe309a6d726152c54f76051 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-dom-5.2.0-12.i586.rpm b0c379af470fca3c2f3f4c12182a4f7a ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-exif-5.2.0-12.i586.rpm cb7afff7393ef5e7fe9a40787decb6f9 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-fastcgi-5.2.0-12.i586… 0951fe02fb2f0c604dbcc8ac5eeaf16c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-ftp-5.2.0-12.i586.rpm 3dd7c25a21d2a484ca879904f3bee4a9 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-gd-5.2.0-12.i586.rpm 4a813bc9d22f5a9e7764f4ac6685609d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-iconv-5.2.0-12.i586.r… 098c31663c9da3e220773c7f02d0c0fd ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-imap-5.2.0-12.i586.rpm f439e2e8c687ce0dbd07b9575a4365f3 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-ldap-5.2.0-12.i586.rpm 02d86d4c8630df2a1c011a0b8b36bce3 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-mbstring-5.2.0-12.i58… 0ef98613fdd02136e71e41c8140172db ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-mhash-5.2.0-12.i586.r… fe27a4c38d1a60a263ee224759e3ac44 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-mysql-5.2.0-12.i586.r… 72593a052c560bf67e13b0023f3853cf ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-odbc-5.2.0-12.i586.rpm a28748136ac0c812336dbb526a640388 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-pear-5.2.0-12.i586.rpm a6fddefdd69e1cd16a2dbc05a00d307c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-pgsql-5.2.0-12.i586.r… e4fc9ceaf7f994f7d071984b27986cb5 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-soap-5.2.0-12.i586.rpm c1e3ca85fcf3eab7528c08d96d87b2ba ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-sysvmsg-5.2.0-12.i586… 93b3138e1440d984979131c4b6811c83 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-sysvshm-5.2.0-12.i586… 5130d3ba12debbce19e36104880dc379 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-wddx-5.2.0-12.i586.rpm f3328696c8419532be94f0c9a9e17b2d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-xmlrpc-5.2.0-12.i586.… ce718ed9e21a8ff508da8c27a270e703 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-zip-5.2.0-12.i586.rpm 7cdc2d0d8fa4848dac1f8fca234082c5 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-mod_php5-5.1.2-29.… 3927e0480ecf4c74be6b5a8cc1060eb0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-5.1.2-29.25.3.i586.rpm c4cedba0d109f6ceffaa13a6bf682e7e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-bcmath-5.1.2-29.25.3.… a8fd499fa084131487ec38812b64e8b1 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-curl-5.1.2-29.25.3.i5… e22cac0de384f810e51c2e677c0beded ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-dba-5.1.2-29.25.3.i58… ed084d4f73e420ac65bbb6478ea90d94 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-devel-5.1.2-29.25.3.i… 805c64b2bcd4acc30457292c4727c3cf ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-dom-5.1.2-29.25.3.i58… 632ab11aa56d0e845a32ecc08d8d0c2b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-exif-5.1.2-29.25.3.i5… 6253f962a8ea1edd629d9fafebca88d3 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-fastcgi-5.1.2-29.25.3… 00e6376b3ea3ed8eef975ded52a2652d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-ftp-5.1.2-29.25.3.i58… 369c20a57b8040440ff7d7e25b00206f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-gd-5.1.2-29.25.3.i586… b0932eb0d69a3416e507bd3f9f0c1c8d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-iconv-5.1.2-29.25.3.i… 039b6caa677523d29bcbfb4c7c28171b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-imap-5.1.2-29.25.3.i5… f94f405677516b60a1c5dffcd5d81aa7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-ldap-5.1.2-29.25.3.i5… 82927d40442d020d64798565dd0301a2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mbstring-5.1.2-29.25.… 3e420f4f25f7dfd4b8cd9c325c687569 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mhash-5.1.2-29.25.3.i… ffde7c9bb5717808234d366e1a0df80a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mysql-5.1.2-29.25.3.i… 70b78fcb59a61b121b72a4672b32426b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mysqli-5.1.2-29.25.3.… 77d1917ebfb039869b07dbd3f73463db ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-odbc-5.1.2-29.25.3.i5… 257ef91fab5b5ff97f7f2a3c641b852b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-pear-5.1.2-29.25.3.i5… 67fd6fbfe544bf149dad76a187949588 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-pgsql-5.1.2-29.25.3.i… 45f165b82620c8a7ec97da3ed835c825 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-soap-5.1.2-29.25.3.i5… 2841c3c4d8085801dbd078358e2d3120 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-sysvmsg-5.1.2-29.25.3… 2a0db72494fa3c9a3600897660b879f2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-sysvshm-5.1.2-29.25.3… b9a3634905d99004644396707d9dd12e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-wddx-5.1.2-29.25.3.i5… 88d1174b3880fc99aaf6f9ad0f639d2c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-xmlrpc-5.1.2-29.25.3.… 1932e85a7a064be2220e09a29b404227 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-mod_php4-4.4.… ce1d9363eb0efdeeedea70eae077659a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-mod_php5-5.0.… d928f472fa80d6c73723688297aaa32c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mod_php4-core-4.4.0-6… 707f34cea2252ae1d40f80bfbd7a2b65 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mod_php4-servlet-4.4.… 3aa9a918847df1f3a95e7501c28fdd0f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-4.4.0-6.25.i586.… b5e399b9ed76f9687b0691aeaf303989 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-devel-4.4.0-6.25… fcc4a39cc6f5c94ba268a02f13350c56 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-exif-4.4.0-6.25.… 0dcfff6ecd68539c58781c00e9874b53 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-fastcgi-4.4.0-6.… 8c3801ddfa4777f3b58f2385112bd1e3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-imap-4.4.0-6.25.… df7885a9a69c5bbb3866a30b31744a1f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-mhash-4.4.0-6.25… b2e7e4f2625f414546cfe099173d37f2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-mysql-4.4.0-6.25… 09f8fe0946bd6dcc6b41bbd1aaf00436 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-pear-4.4.0-6.25.… 33addc9de8ab5247f336211ef9c015d0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-servlet-4.4.0-6.… afe58d2b22065a51a81a9ee03bb177e4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-session-4.4.0-6.… 98ef5c8ee8c37debb35b4be7bd4795e0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-sysvshm-4.4.0-6.… 2159657aefb7e679864d794266a230ee ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-unixODBC-4.4.0-6… 2ac681c5b3c5f6dfbec713aa00a75df0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-wddx-4.4.0-6.25.… e3de03a595f64256ad9506e5bb05bae0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-5.0.4-9.25.i586.… 96751ce807d72d437018d97d63a82d54 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-bcmath-5.0.4-9.2… 707833a0c9377312de2eb3517fdb06c5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-curl-5.0.4-9.25.… f366c3f53d8d39a0ed258b6904b570f9 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-devel-5.0.4-9.25… 2690790d45e14b5309731b86f5ee88ad ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-dom-5.0.4-9.25.i… b991a6bb83d0e60552ac441c7f2b2ba7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-exif-5.0.4-9.25.… 1d3804bb3efe9e97cc9405c3c277ec02 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-fastcgi-5.0.4-9.… 1ced5441f663014c78796844a672ac99 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-ftp-5.0.4-9.25.i… abf2b770c25ce0f593b8cf5aa603d3f8 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-gd-5.0.4-9.25.i5… 84e4e07f2983d5f4f03731c3baaac83f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-iconv-5.0.4-9.25… d8cb2cc83f823e502ae6ca24ff65a9d8 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-imap-5.0.4-9.25.… 8536c90069d133cfef77f70647911d05 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-ldap-5.0.4-9.25.… e4363b38b9f803e5f7127240de2bcd55 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-mbstring-5.0.4-9… 2a4482240e2e4205973fcbd13023400a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-mhash-5.0.4-9.25… ef2978fa60e61107842ea4a9fba29a94 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-mysql-5.0.4-9.25… 9d9369aa0bf820fde4ec8beca7ed9a9c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-mysqli-5.0.4-9.2… 1f64e8ec3d4dc75fca197ed080c5ea58 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-odbc-5.0.4-9.25.… f2854c347f1df295c8665ed0c3cee408 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-pear-5.0.4-9.25.… 219f71b053b5adfdc10bc981a914840a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-pgsql-5.0.4-9.25… 94f545526d60f3d9791023dec171c4de ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-soap-5.0.4-9.25.… 175b6bee59231a8f0821de0ef3e62708 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-sysvmsg-5.0.4-9.… c3a909e0c962aea9294434c2ecd8f625 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-sysvshm-5.0.4-9.… f703e49dbf9f78f77b299cc0b2cef2d0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-wddx-5.0.4-9.25.… e7a7868d5f63a672fd7a87480dc6bb77 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-xmlrpc-5.0.4-9.2… ec6963d22bb68e0ec3024fb8d4b6cd40 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-mod_php4-4.3.1… b64d7ea34f122ff8e4ee5dc84c93b88f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-mod_php5-5.0.3… 76629e3c134e05c294d5ee117544acc2 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mod_php4-core-4.3.10-1… 9fb5247d927e2b32f79a434358082e33 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mod_php4-servlet-4.3.1… 1a6e808bc51cb4ba8c030c6dd3c5702c ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-4.3.10-14.35.i586… 83a2ec6069c1ee73be65ff7639111294 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-devel-4.3.10-14.3… b2f89a8fd833330d7181b370fa3aadf8 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-exif-4.3.10-14.35… c8fb2468da1145b1d3a0185bd5a966b0 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-fastcgi-4.3.10-14… 0b421bcafe05955dc6c36cfbfb43ee58 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-imap-4.3.10-14.35… 913d64b9b6cae70aa6052c995e44a226 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-mhash-4.3.10-14.3… 768f56aee0e7e87980b5fca599c00017 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-mysql-4.3.10-14.3… 5aeef12f372eb3c9dfc0e74bf59fbcca ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-pear-4.3.10-14.35… afa6ce46410733abef5979f8abfdeb04 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-servlet-4.3.10-14… 58ab5812623571cc7f9414a4e03949c9 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-session-4.3.10-14… a2d6221d6bded4e29c14b96da228e72d ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-sysvshm-4.3.10-14… d1166b80e8548e8f6e812191a2184505 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-unixODBC-4.3.10-1… 71990d9cf8819507c6bd69270335d50c ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-wddx-4.3.10-14.35… 71b45ae6fc694a409d3a75efe7996551 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-5.0.3-14.35.i586.… e311d27cc61cd047f2fb8ee5fd37fa5d ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-bcmath-5.0.3-14.3… 0ffdb01631d22f06cfea0c8b0010030b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-curl-5.0.3-14.35.… b37021436773bde8fb80fd1ce600cc2c ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-dba-5.0.3-14.35.i… 8e25e4d8a92e0b0000517dd29b3413e6 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-devel-5.0.3-14.35… cba8aef706c8a77bbbe1f635465ffcdb ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-dom-5.0.3-14.35.i… fe6738ae4f9f9e0f01b21ffac3b82f0c ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-exif-5.0.3-14.35.… 41935fd3c56d91600938ccc257428adc ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-fastcgi-5.0.3-14.… 7e610b3b503d663c46fc3e5649b729ec ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-ftp-5.0.3-14.35.i… 542df95c1575f41ff5fa41e205f4cbc3 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-gd-5.0.3-14.35.i5… 1e5916878e1b6878b48beb3c01a5acb3 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-iconv-5.0.3-14.35… 0262910f143b23d984ba50b2e08f2361 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-imap-5.0.3-14.35.… ff696b891fea9466a6e79d823870727b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-ldap-5.0.3-14.35.… 5a6d4ce953115979cc1d871b4db3e070 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-mbstring-5.0.3-14… 45da7460e75de58b6908dba002e0544b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-mhash-5.0.3-14.35… fbf8501fcabb5524d52c7f38f005d01a ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-mysql-5.0.3-14.35… 984403d4e005c35544e513c5652f3fff ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-mysqli-5.0.3-14.3… b7ba99118504fab1f9be54dec3bccb67 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-odbc-5.0.3-14.35.… 7e86de685685af5f0876a375a54a03de ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-pear-5.0.3-14.35.… ab74c1e6f503b99867a481e61f16d43f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-pgsql-5.0.3-14.35… 7605693d2583717f368a255944a27cb5 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-soap-5.0.3-14.35.… d1a33171f22821d2c0805544d5d6983a ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-sysvmsg-5.0.3-14.… 93c363acc0194d21d9f5c27585d833fc ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-sysvshm-5.0.3-14.… 3f17403906b03dd1ab8a4ddbff7f6bf8 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-wddx-5.0.3-14.35.… 63b9061a3c379a19b1225a03920f91fa ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-xmlrpc-5.0.3-14.3… 13fd64117d5407e7f6ca87ba22500049 Power PC Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/apache2-mod_php5-5.2.0-12.p… 49370a0dac0af9a5d35b9c3b28d766ad ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-5.2.0-12.ppc.rpm 91bdda88f54fc85e17b0e9f00a95518b ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-bcmath-5.2.0-12.ppc.rpm 4e7a334891c9e5049aee295b8a4c4b63 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-curl-5.2.0-12.ppc.rpm 5958c63254a663131ce88a052983638a ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-dba-5.2.0-12.ppc.rpm 09fb2c7747dd2f37e7cfced288d1e171 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-devel-5.2.0-12.ppc.rpm 3e22fb6fa31665f53a4b94bb12e7b18e ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-dom-5.2.0-12.ppc.rpm 9e3d96b8b3f86b7fa2460b6f7c7d82c5 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-exif-5.2.0-12.ppc.rpm c49f1ef80d881fd5c8e545ebaa7b00cd ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-fastcgi-5.2.0-12.ppc.r… e1d39a0fa46bbabe26e04885f35a5f28 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-ftp-5.2.0-12.ppc.rpm 90c6e1db4a5b488ccc7699eb22afdc88 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-gd-5.2.0-12.ppc.rpm c9f97777204d0a881a7c42e01bb16f04 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-iconv-5.2.0-12.ppc.rpm 6c8777fe96a505a132b223ac8b21056a ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-imap-5.2.0-12.ppc.rpm b7b9e653f01e0cbc0bbe485e53ad81f1 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-ldap-5.2.0-12.ppc.rpm 35065a9c2a2b857b2f00f7b1a3e73c0c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-mbstring-5.2.0-12.ppc.… 987da01184a438f28dc3c8f7cbc0b56c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-mhash-5.2.0-12.ppc.rpm 76c973da08f1d782a951374d474283f4 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-mysql-5.2.0-12.ppc.rpm fa821e797ecd0276bb88a0528d67405b ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-odbc-5.2.0-12.ppc.rpm 1cd3cfabdb8dd36b7c3e7ee15c8e0404 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-pear-5.2.0-12.ppc.rpm dfc209b1fee0fb75039bac84717a2370 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-pgsql-5.2.0-12.ppc.rpm ba18af0da3667f2dcc87aea49cb13073 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-soap-5.2.0-12.ppc.rpm 59d20f1fe24c3d70f5fea4a1233cfdf6 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-sysvmsg-5.2.0-12.ppc.r… 08f9b28ff19364d8eb4fd29642264038 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-sysvshm-5.2.0-12.ppc.r… 5fdb9372584b410de2501d7cd0908f8e ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-wddx-5.2.0-12.ppc.rpm e077f3a24ea9bab13f22065ac51abd9c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-xmlrpc-5.2.0-12.ppc.rpm fb14edcb82d13d48250488160fc96f2b ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-zip-5.2.0-12.ppc.rpm 27f8a733b70b5b3df9bcab5fd2e26605 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-mod_php5-5.1.2-29.2… 96a8765eb048051895047b98b14cef79 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-5.1.2-29.25.3.ppc.rpm 7f152ba79bf24394a3db4e1a4746fd9b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-bcmath-5.1.2-29.25.3.p… 8452c7f97658cc67fc7696b1cf5e2202 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-curl-5.1.2-29.25.3.ppc… 6d89109092b50b323f529251c5b8dfa9 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-dba-5.1.2-29.25.3.ppc.… 11e429790c8c3b273a8fe5d3de2a5730 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-devel-5.1.2-29.25.3.pp… de04a3a5aaf7794e9b62d1921f6ab19b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-dom-5.1.2-29.25.3.ppc.… a8849faaa13421176972ea3304e19aaf ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-exif-5.1.2-29.25.3.ppc… 8abedac9d65993b5505abb8bde861df9 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-fastcgi-5.1.2-29.25.3.… 1cf5ba89a4301274e0f6522fbf46786b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-ftp-5.1.2-29.25.3.ppc.… 9073d1860574d46aadfe11d3221e0f2c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-gd-5.1.2-29.25.3.ppc.r… fad3f6cd03fa37ea5bed275d9d802bcb ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-iconv-5.1.2-29.25.3.pp… e5a6b5b333829d8e479edb9c26b70e2a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-imap-5.1.2-29.25.3.ppc… 8a6b54dec45bbe4890c3bc6d221fbd22 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-ldap-5.1.2-29.25.3.ppc… 5a15f6184aed34830276f59a8d441e35 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mbstring-5.1.2-29.25.3… 7ff6fbf4934a09ba47d09f6fb1c992ae ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mhash-5.1.2-29.25.3.pp… 6978dbf06c3a6e8bd1c159ef3b84c46a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mysql-5.1.2-29.25.3.pp… cd5c52bb5d8864869fa0882687a4a40a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mysqli-5.1.2-29.25.3.p… 444322bafbe6c41f59320cdf08c3ee8e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-odbc-5.1.2-29.25.3.ppc… 726ec744656ac7100a0cd7d4b1d1a4fc ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-pear-5.1.2-29.25.3.ppc… 22559ce0e3c5c525f38f989238d1684b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-pgsql-5.1.2-29.25.3.pp… 55bb9238a9932d679206f329d0c209ac ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-soap-5.1.2-29.25.3.ppc… afac8eb1a744c9dd4613d19cf95f651c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-sysvmsg-5.1.2-29.25.3.… db6069e3f3e98706463eb73bdd7729f6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-sysvshm-5.1.2-29.25.3.… d7f0ec56d89508cdb6b02e1c9cce6cf5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-wddx-5.1.2-29.25.3.ppc… e194b94cc138f9765fb582afa9ef091f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-xmlrpc-5.1.2-29.25.3.p… a5c84f731f22831ee6ccbe4b13435247 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-mod_php4-4.4.0… 2e07d17e6a777b893c9526c9db744996 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-mod_php5-5.0.4… 760d7139a5d09b2d012112d32058a618 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mod_php4-core-4.4.0-6.… 1dfa7c78ff075809dff0a5471a1a88b6 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-4.4.0-6.25.ppc.rpm 32e9ad8b13d43b28335e567e5a48eed6 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-devel-4.4.0-6.25.… 40ff643bebdfd44a38af18554f29ab9e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-exif-4.4.0-6.25.p… 59d340c1856945f0165b04c1f2420e24 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-fastcgi-4.4.0-6.2… f3bff51a10bf47b8443b59947c9195c9 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-imap-4.4.0-6.25.p… e76e10edac3c6484152704068f9c0bb5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-mhash-4.4.0-6.25.… 7ae3436f4ee555608ac8c9e4aebe2b35 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-mysql-4.4.0-6.25.… d63bfae1763e0b3ad03f68ee8bb1de18 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-pear-4.4.0-6.25.p… 05e60500a1e87eaa1baac699682efeea ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-session-4.4.0-6.2… 63980ae15254d7394ed32bc954522295 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-sysvshm-4.4.0-6.2… 0c888a0c88659d4bf5471a3be5f0831a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-unixODBC-4.4.0-6.… 273438360f55e1207d096eb2156bdfe8 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-wddx-4.4.0-6.25.p… d99a9ad906511d7d11e19bb11da7284f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-5.0.4-9.25.ppc.rpm 2cfbfa4449c283f946c62053e28e47cb ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-bcmath-5.0.4-9.25… 1d7704379ba7118f307da5351a426ed5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-curl-5.0.4-9.25.p… 0681bfaa2b5e66a6c1f02acb262700f3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-devel-5.0.4-9.25.… 94481066b3a4c00263529fe7b5cdc696 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-dom-5.0.4-9.25.pp… 3d4c9be7f6bce2ee3b09b8d1ea1a3927 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-exif-5.0.4-9.25.p… 005a5b23fbd021818b4307c8a9509832 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-fastcgi-5.0.4-9.2… 75cc453f1128bce8513159bfb86fb1ff ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-ftp-5.0.4-9.25.pp… 05048c18601503c8ffdeab2b0a1635c1 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-gd-5.0.4-9.25.ppc… 5af7337aa8964eb2eadb0d22c40ecb79 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-iconv-5.0.4-9.25.… 45746aacd4d4beb608249d0fe7d18da2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-imap-5.0.4-9.25.p… 118b9ac1abf8b214938272bbde0bf38b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-ldap-5.0.4-9.25.p… dfe7ef4c738ea4506092c07d77889e61 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-mbstring-5.0.4-9.… f5490695fbaa5bde29f0b59c58622b0c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-mhash-5.0.4-9.25.… 7a4e24ba512e78dfecebc2f6ec1e436d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-mysql-5.0.4-9.25.… 2129bba97312f6c3071fbbdab99d07f7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-mysqli-5.0.4-9.25… 533ebb1bfe2af508654e4444cf94f591 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-odbc-5.0.4-9.25.p… c2c34c2c8d46416cb181f0dfac480cf9 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-pear-5.0.4-9.25.p… 059f696f5241cfad83f450f0022fd925 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-pgsql-5.0.4-9.25.… 657db304cbbe3ee7971495d1eb5191d2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-soap-5.0.4-9.25.p… 1657b02e4c593b193a26d1d1f34c5004 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-sysvmsg-5.0.4-9.2… cd53e8ea3ed08ac9be063cc5f742dcd8 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-sysvshm-5.0.4-9.2… 6e6b8cf312472043135f7b7a993c24e4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-wddx-5.0.4-9.25.p… 8670cdcffb49b9b611d117a52342bf84 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-xmlrpc-5.0.4-9.25… 26223d4dcd3942c504c9da98e12e5907 x86-64 Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/apache2-mod_php5-5.2.0-1… 6fc7baec7b5ec5ca6d3d07d74827aecc ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-5.2.0-12.x86_64.rpm c66d9af139ad3b400508853dfeda09fd ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-bcmath-5.2.0-12.x86… 8035f925c26a0d4fb06e91e54b8c6d05 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-curl-5.2.0-12.x86_6… 17dd2121b6710e9ba18210ef531bec1e ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-dba-5.2.0-12.x86_64… d95da72c9e77724d3b603ede1bb9c914 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-devel-5.2.0-12.x86_… 80ad1109a779bfab84da41ad3207ef71 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-dom-5.2.0-12.x86_64… 5c23b8279a5a7073de28c855983214b1 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-exif-5.2.0-12.x86_6… 9cb38772ebb7de686872c6d82d648ab0 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-fastcgi-5.2.0-12.x8… 99feebfe9a7630874a604af784f181f1 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-ftp-5.2.0-12.x86_64… 1df97f146a31b34de52bda12a845112a ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-gd-5.2.0-12.x86_64.… 0860a628bc53fb46d396e594e62cd3fd ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-iconv-5.2.0-12.x86_… 8b08709305f9a322df6de8e3f6bccf27 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-imap-5.2.0-12.x86_6… a82697ed69ed138c77213abbebfcf853 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-ldap-5.2.0-12.x86_6… 56376e6c7983e3232a786ce3b7be4aa7 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-mbstring-5.2.0-12.x… 68e744f409ece9e3ebb54e1635cbea81 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-mhash-5.2.0-12.x86_… 8ad060629c9e4ecee5f4e5b1bead92e6 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-mysql-5.2.0-12.x86_… bf08f399b780a8eefd9a1f573c780932 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-odbc-5.2.0-12.x86_6… e65570a8f2ea458189ff915928473b5b ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-pear-5.2.0-12.x86_6… db54468157f4a51fe8326c873b8d1549 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-pgsql-5.2.0-12.x86_… 00a8f2f1950d34746791d59261f5fb1a ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-soap-5.2.0-12.x86_6… 1530d575261ccd4b23c001d2312933f4 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-sysvmsg-5.2.0-12.x8… c4dbd19e34ab84061524cadbe7cd2c4e ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-sysvshm-5.2.0-12.x8… 192f1ff8ae9bb423185a62a28e521ad7 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-wddx-5.2.0-12.x86_6… 98e74d43115262bf5c2acba07f465fbe ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-xmlrpc-5.2.0-12.x86… b025401b4013248ec586278e3d1ce23b ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-zip-5.2.0-12.x86_64… 9cdcaee5b2f2e5c0c980e18168c321af SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-mod_php5-5.1.2-2… 4fd8d3fa9744edd5d7f83f95efde8dbf ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-5.1.2-29.25.3.x86_6… f0c2f62a61536c536fc7823604f535ae ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-bcmath-5.1.2-29.25.… af10d837432c9c73f1dba82d638cd3b2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-curl-5.1.2-29.25.3.… 3d16d559e804d068804c7309357ce14a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-dba-5.1.2-29.25.3.x… c2f82c5c554f2ff5fd94c427245f6075 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-devel-5.1.2-29.25.3… ada96bd2d11eefbae636d523f0a907fa ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-dom-5.1.2-29.25.3.x… aaf4d830ec47a2414d0549d8d2ec54d2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-exif-5.1.2-29.25.3.… f765f9ffc0227e75c5bed9da63a83b57 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-fastcgi-5.1.2-29.25… 3b2ea32c19c591563c7b190f250b7cea ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-ftp-5.1.2-29.25.3.x… ff5fc5fcc18190628c179273efcb0fc0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-gd-5.1.2-29.25.3.x8… 36e911e68dd41699ba5204709b77a92e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-iconv-5.1.2-29.25.3… c9ff817e3e3567ae57208f4741fae3a6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-imap-5.1.2-29.25.3.… 39c26262a603f6435621efb4bedcc466 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-ldap-5.1.2-29.25.3.… e281185be8f10044c02c8fd072c50f75 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mbstring-5.1.2-29.2… e1c9750409ed17ff024d6921d06f5eb2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mhash-5.1.2-29.25.3… bb2606332148cc2ccb43421e95364fa0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mysql-5.1.2-29.25.3… b75e42616ee017fa1af98ef0fb9abdfc ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mysqli-5.1.2-29.25.… aa3d99e202f326161d32a5492c95fd15 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-odbc-5.1.2-29.25.3.… 2c4e75b9d7bc4fc950e64caa9d8849f2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-pear-5.1.2-29.25.3.… 09042a4bb4fe75fe1d13910dc3b271be ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-pgsql-5.1.2-29.25.3… 3ec76fa30dce97bf39a38b30349487a0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-soap-5.1.2-29.25.3.… 0cb6f0ca7ca0d4ed78b60e99fc510b38 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-sysvmsg-5.1.2-29.25… 742992ef40458fa2b94c9d1405d92701 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-sysvshm-5.1.2-29.25… d1251f1b468f444e858b8be6c60e6a77 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-wddx-5.1.2-29.25.3.… 90c1320bbc5e7354ba9d189a152c4559 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-xmlrpc-5.1.2-29.25.… 1e79521e5a2febd20ccfa3b0573c3432 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-mod_php4-4.… 925516a11b920e10489c1cf5bdf871eb ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-mod_php5-5.… f6f15dc828084191ec5d2e2641638371 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mod_php4-core-4.4.0… d8285a7d9a4631a3b136e3df02905ac4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mod_php4-servlet-4.… d1dea83ebba87c93da8c0c10cc50518f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-32bit-4.4.0-6.… 7f8be06667f3be70c50fff464396bc00 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-4.4.0-6.25.x86… f326c18b79cb38ae322d6fa4d017fc33 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-devel-4.4.0-6.… 0eae16871bdded2a254141349320cdc3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-exif-4.4.0-6.2… e77f72fa9dcd5c221b95a72a7d28392f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-fastcgi-4.4.0-… a0a6b70c368de79f4dc67e08ba669d38 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-imap-4.4.0-6.2… 81f36a9101e13af4851cfd3352c970b8 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-mhash-4.4.0-6.… 6446a1e4eaa2d7491d7e6cf77bafc605 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-mysql-4.4.0-6.… 4b1dd084f492c2146461978c4b32e3f4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-pear-4.4.0-6.2… 2a376b42917264e6ca0272071394eca6 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-servlet-4.4.0-… a277896ba45191dfc4e8c1f227101aa3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-session-4.4.0-… 3a174a8827455f05f31cbcb64365c7ff ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-sysvshm-4.4.0-… de9be6eb9df1d511643e2556d8db3e15 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-unixODBC-4.4.0… 8de27ff48379f08e3432ca68796fe4fb ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-wddx-4.4.0-6.2… 302e716290d6d25fe5e2856d686e1e6d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-5.0.4-9.25.x86… 67c3765f4c290ec2374601cb37fb14dc ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-bcmath-5.0.4-9… 84e87d9548fdc8e58d25c21b32785d61 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-curl-5.0.4-9.2… 412ee31631d23f0ea69a49b6f3476855 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-devel-5.0.4-9.… 5d665cecdb179352d9daee78ae341d3c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-dom-5.0.4-9.25… 8e73ad5f45a549b415e2f0377de76a90 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-exif-5.0.4-9.2… 03a0a80e990d92e864d48bcd60c95677 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-fastcgi-5.0.4-… bc51d867ec17930815a177831072f623 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-ftp-5.0.4-9.25… 797ac418702fa602aae8954c9015d613 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-gd-5.0.4-9.25.… 00e4f452b244b388f992ce71e0877b2d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-iconv-5.0.4-9.… a30de85bf0749d4d2926b65d24234c4c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-imap-5.0.4-9.2… 063d3d4eb77d8c6d3fff329384f02c0a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-ldap-5.0.4-9.2… 70464454a2fceab33e4cea0b254d7e51 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-mbstring-5.0.4… df8ff7a4420eb8ba7033f333a87bae43 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-mhash-5.0.4-9.… d22609c830fe2374d836acd72396740f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-mysql-5.0.4-9.… 3c3c04769a76c72ecc861a2885e17ec7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-mysqli-5.0.4-9… 30d795b17a5466d9b084804558ad9752 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-odbc-5.0.4-9.2… df3ef7d2905ae6d7cf142b32f572aad6 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-pear-5.0.4-9.2… 4c7cc9ec050f864d7a59a7279cddeaa7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-pgsql-5.0.4-9.… 25c9dce3ae41bb304979a849e4053442 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-soap-5.0.4-9.2… d342f0ede7e2c551981c0c21da51e730 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-sysvmsg-5.0.4-… c7112ad40246f8266184ec7ef8b7d3fa ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-sysvshm-5.0.4-… dbf8bf0d818a3546bc6afb376c89b401 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-wddx-5.0.4-9.2… 87332ebcf13f46c8b5c688cab2866058 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-xmlrpc-5.0.4-9… f2c73bc637cd12522ae8c86f70a62ad1 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-mod_php4-4.3… 24c98fc36a7faedeb779ee3b4e7f73d5 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-mod_php5-5.0… f149fb043389b18f07636d5420d04859 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mod_php4-core-4.3.10… e4b857236ec89f4df684f395fe2a61f7 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mod_php4-servlet-4.3… 19beaafa8455cb98942d0f3d5b02040b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-32bit-9.3-7.15.… 020249f005fc4c83ddc82d93a9af555d ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-4.3.10-14.35.x8… b5f0f23719fee99f7be239f4626bfaf8 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-devel-4.3.10-14… c107e9024a50fa776cc86f1b92772b38 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-exif-4.3.10-14.… 32e519b534c9cb80317846887c72ed48 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-fastcgi-4.3.10-… 05364fe8e32876398df9969cdc3449d3 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-imap-4.3.10-14.… ec18bfb5c0951198107b689ebb10ad43 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-mhash-4.3.10-14… 1e16bdfb510fb7fa16d83f8b4cd0785f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-mysql-4.3.10-14… 2b55db2d8f7e96ede5620e0d8f7eae1f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-pear-4.3.10-14.… 1ba53024f74739ce15112572c2a4bda0 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-servlet-4.3.10-… 61a8c92d790f1c57de862ca0a9f4ecb4 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-session-4.3.10-… 5f29a4a5e1070e69392839babfc9d807 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-sysvshm-4.3.10-… df12f1e25c87c6759e9345e43b581aad ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-unixODBC-4.3.10… 0dd8c6e5334e71c05d9ca288d47d02cc ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-wddx-4.3.10-14.… 90c2e65ea424eec06c2bfa8f66e3723a ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-5.0.3-14.35.x86… 37037d199b1b98deaac852867a598c40 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-bcmath-5.0.3-14… 49e60a5c8a34eb49259d7715ec41997f ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-curl-5.0.3-14.3… ec2da88d11ffc3f4bd44e208b5a067fa ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-dba-5.0.3-14.35… 7d92a633ec5c977ec9a6a397c95f6b93 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-devel-5.0.3-14.… 3e8bd1deb04c3c43f6cb93c48f71aba8 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-dom-5.0.3-14.35… e7e43bd96742374b7ab5863b685a28b3 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-exif-5.0.3-14.3… d5b0ab6c51eed967c8349436bcfdff45 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-fastcgi-5.0.3-1… cdef9f778140ce0b1e1341c7825a44af ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-ftp-5.0.3-14.35… 591036b10c3fd895ec839670e2ed054d ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-gd-5.0.3-14.35.… d93d1069b2fa4d18c362ce32196b3e28 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-iconv-5.0.3-14.… 165d04fe427b8aa5156a5e25e382855b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-imap-5.0.3-14.3… dec99b3448519cc4de53ecc46de2d857 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-ldap-5.0.3-14.3… d59f0276ea7d364677954f97b4d75a34 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-mbstring-5.0.3-… 758be866ae6ac8579d2f35f061832b72 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-mhash-5.0.3-14.… aaff90fa07e919e693d28775d8bb9836 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-mysql-5.0.3-14.… d37113b54225deaf5429e0a500ab1bce ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-mysqli-5.0.3-14… 3b18b0e056a97101eaacdfb6ba0afb66 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-odbc-5.0.3-14.3… 5a2d02e6e6ee2d9f1d835084356598bb ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-pear-5.0.3-14.3… 1df56255aeaacdbb2f3cda07f4415bc0 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-pgsql-5.0.3-14.… 2d1022c22576ab61220752954d3d2c6b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-soap-5.0.3-14.3… 61ccceb26be012b279c3ad6c7caefd64 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-sysvmsg-5.0.3-1… 3a21ebb1f5044c1230b4951bb49b3108 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-sysvshm-5.0.3-1… 368d4b69de42fd1710c7e0d2578fe124 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-wddx-5.0.3-14.3… 8e19f2b753c8db27b07fb9fa19390e78 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-xmlrpc-5.0.3-14… 0ab3c2307a3acf9da9fda3f7b7fc58d1 Sources: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/php5-5.2.0-12.src.rpm a1df0dc4add87807ff937b0b03d3e2f1 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/php5-5.1.2-29.25.3.src.rpm 1d5a89b185eb0dd5a5b62f4b711dc2ac SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/php4-4.4.0-6.25.src.rpm bc4579898653534197b3203e5b2c8c17 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/php5-5.0.4-9.25.src.rpm 6993a1bafdb3a19e1a66e5eda2d862ef SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/php4-4.3.10-14.35.src.r… f87c049c55af281c456769dc620b0ee7 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/php5-5.0.3-14.35.src.rpm ce9e2f1c8500dbb0b8b1edead40d2550 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE SLES 10 http://support.novell.com/techcenter/psdb/f36e1cd46e4c288ce275fae334efd2b8.… SLE SDK 10 http://support.novell.com/techcenter/psdb/f36e1cd46e4c288ce275fae334efd2b8.… Open Enterprise Server http://support.novell.com/techcenter/psdb/9331ab8ca1a0615674f5dd979bd4b413.… Novell Linux POS 9 http://support.novell.com/techcenter/psdb/9331ab8ca1a0615674f5dd979bd4b413.… SUSE SLES 9 http://support.novell.com/techcenter/psdb/9331ab8ca1a0615674f5dd979bd4b413.… UnitedLinux 1.0 http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.… SuSE Linux Openexchange Server 4 http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.… SuSE Linux Enterprise Server 8 http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.… SuSE Linux Standard Server 8 http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.… SuSE Linux School Server http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.… SUSE LINUX Retail Solution 8 http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security(a)opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe(a)opensuse.org>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBRfka3Hey5gA9JdPZAQLKXgf/eRodO1QCZx6QsYAv71XKOQOlPR9Zz0WG pYkE3DHuo04u7Znf5DxcArLBYFDDnTzNPW6YDEZsbpnSWoj77BnF2Zr4CL6AO3GK cz/ZvHDE07lQi+Pj9yFol074Em96PtZIC0deTANBKvqQWReGIxgYFnvQHUro8rr4 3Izc9rlMRWAqlZ6nLFnhNSPEChqTBrZj2mlnNYn292HER9O21ultfe/og3w/Pxss cHs45KZ3NZ/7VuClbl6YkZDVeq1t1uod75xGcOYdXOmzpb1+X8PF27JXwkTIpvyF QA9tLKqbA0+d7NkSgZlVTYPiM/cyc7KTXXe/xmKcpEpynrkqt7U9CA== =qJrc -----END PGP SIGNATURE-----

1 0

SUSE Linux 9.3 security support discontinued soon
by Marcus Meissner 08 Mar '07

08 Mar '07

Dear suse-security-announce subscribers and SUSE Linux users, SUSE Security announces that SUSE Linux 9.3 will be discontinued soon. Having provided security-relevant fixes for more than two years, vulnerabilities found in SUSE Linux 9.3 after April 15th 2007 will not be fixed any more for this product. We expect to release the last updates around April 30th 2007. Please do not confuse SUSE Linux 9.3 with SUSE Linux Enterprise Server 9 Service Pack 3, these are two different products. As a consequence, the SUSE Linux 9.3 distribution directory on our ftp server ftp.suse.com will be moved from /pub/suse/i386/9.3/ to the /pub/suse/discontinued/ directory tree structure to free space on our mirror sites. The 9.3 directory in the update tree /pub/suse/update/9.3 will follow, as soon as all updates have been published. The discontinuation of SUSE Linux 9.3 enables us to focus on the SUSE Linux and openSUSE distributions of a newer release dates to ensure that our customers can continuously take advantage of the quality that they are used to with SUSE Linux products. This announcement holds true for SUSE Linux 9.3 only. As usual, SUSE will continue to provide update packages for the following products: SUSE Linux 10.0 SUSE Linux 10.1 and openSUSE 10.2 for a two-year period after the release of the respective distribution. Please note that the maintenance cycles of SUSE Linux Enterprise products and products based on the SUSE Linux Enterprise Server operating system are not affected by this announcement and have longer life cycles. Other products that will be discontinued this year: After 2 years of security support: * SUSE Linux 10.0 - October 31st 2007 After 5 years of maintenance and security support: * SUSE Linux Desktop 1.0 - November 30th 2007 * SUSE Linux Enterprise Server 8 - November 30th 2007 SUSE Linux Standard Server 8 SUSE Linux Retail Solution 8 SUSE Linux Openexchange Server 4.0 SUSE Linux Openexchange Server 4.1 United Linux 1.0 To learn more about SUSE Linux business products, please visit http://www.novell.com/linux/suse/ . For a detailed list of the life cycles of our Enterprise Products please visit http://support.novell.com/lifecycle/ and http://support.novell.com/lifecycle/lcSearchResults.jsp?sl=suse If you have any questions regarding this announcement, please do not hesitate to contact SUSE Security at <security(a)suse.de>.

1 0

SUSE Security Announcement: MozillaFirefox (SUSE-SA:2007:019)
by Marcus Meissner 06 Mar '07

06 Mar '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: MozillaFirefox,seamonkey Announcement ID: SUSE-SA:2007:019 Date: Tue, 06 Mar 2007 18:00:00 +0000 Affected Products: SUSE LINUX 9.3 SUSE LINUX 10.0 SUSE LINUX 10.1 openSUSE 10.2 Novell Linux Desktop 9 SUSE SLED 10 SUSE SLES 10 Vulnerability Type: remote code execution Severity (1-10): 6 SUSE Default Package: yes Cross-References: CVE-2006-6077, CVE-2007-0008, CVE-2007-0009 CVE-2007-0775, CVE-2007-0776, CVE-2007-0777 CVE-2007-0778, CVE-2007-0779, CVE-2007-0780 CVE-2007-0800, CVE-2007-0981, CVE-2007-0994 CVE-2007-0995, CVE-2007-0996, CVE-2007-1092 MFSA 2006-72, MFSA 2007-01, MFSA 2007-02 MFSA 2007-03, MFSA 2007-04, MFSA 2007-05 MFSA 2007-06, MFSA 2007-08, MFSA 2007-09 Content of This Advisory: 1) Security Vulnerability Resolved: Mozilla Firefox security release 1.5.0.10 / 2.0.0.2 Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The Mozilla Firefox web browser was updated to security update version 1.5.0.10 on older products and Mozilla Firefox to version 2.0.0.2 on openSUSE 10.2 to fix various security issues. Updates for the Mozilla seamonkey suite before 10.2, Mozilla Suite and Mozilla Thunderbird are still pending. Full details can be found on: http://www.mozilla.org/projects/security/known-vulnerabilities.html - MFSA 2007-01: As part of the Firefox 2.0.0.2 and 1.5.0.10 update releases several bugs were fixed to improve the stability of the browser. Some of these were crashes that showed evidence of memory corruption and we presume that with enough effort at least some of these could be exploited to run arbitrary code. These fixes affected the layout engine (CVE-2007-0775), SVG renderer (CVE-2007-0776) and javascript engine (CVE-2007-0777). - MFSA 2007-02: Various enhancements were done to make XSS exploits against websites less effective. These included fixes for invalid trailing characters (CVE-2007-0995), child frame character set inheritance (CVE-2007-0996), password form injection (CVE-2006-6077), and the Adobe Reader universal XSS problem. - MFSA 2007-03/CVE-2007-0778: AAd reported a potential disk cache collision that could be exploited by remote attackers to steal confidential data or execute code. - MFSA 2007-04/CVE-2007-0779: David Eckel reported that browser UI elements--such as the host name and security indicators--could be spoofed by using a large, mostly transparent, custom cursor and adjusting the CSS3 hot-spot property so that the visible part of the cursor floated outside the browser content area. - MFSA 2007-05: Manually opening blocked popups could be exploited by remote attackers to allow XSS attacks (CVE-2007-0780) or to execute code in local files (CVE-2007-0800). - MFSA 2007-06: Two buffer overflows were found in the NSS handling of Mozilla. CVE-2007-0008: SSL clients such as Firefox and Thunderbird can suffer a buffer overflow if a malicious server presents a certificate with a public key that is too small to encrypt the entire "Master Secret". Exploiting this overflow appears to be unreliable but possible if the SSLv2 protocol is enabled. CVE-2007-0009: Servers that use NSS for the SSLv2 protocol can be exploited by a client that presents a "Client Master Key" with invalid length values in any of several fields that are used without adequate error checking. This can lead to a buffer overflow that presumably could be exploitable. - MFSA 2007-06/CVE-2007-0981: Michal Zalewski demonstrated that setting location.hostname to a value with embedded null characters can confuse the browsers domain checks. Setting the value triggers a load, but the networking software reads the hostname only up to the null character while other checks for "parent domain" start at the right and so can have a completely different idea of what the current host is. - MFSA 2007-08/CVE-2007-1092: Michal Zalewski reported a memory corruption vulnerability in Firefox 2.0.0.1 involving mixing the onUnload event handler and self-modifying document.write() calls. This flaw was introduced in Firefox 2.0.0.1 and 1.5.0.9 and does not affect earlier versions; it is fixed in Firefox 2.0.0.2 and 1.5.0.10. - MFSA 2007-09/CVE-2007-0994: moz_bug_r_a4 reports that the fix for MFSA 2006-72 in Firefox 1.5.0.9 and Firefox 2.0.0.1 introduced a regression that allows scripts from web content to execute arbitrary code by setting the src attribute of an IMG tag to a specially crafted javascript: URI. The same regression also caused javascript: URIs in IMG tags to be executed even if JavaScript execution was disabled in the global preferences. This facet was noted by moz_bug_r_a4 and reported independently by Anbo Motohiko. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please close and restart all running instances of Firefox after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-2.0.0.2-1.1… 02e3d51d0b3420cc9397760f0e86d191 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-translation… 7b0f32ecd094d7eef87733b3e3476673 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-1.1.1-0.1.i586.r… 84df0ff9847008b5db52b4c1ae934210 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-dom-inspector-1.… f90f3afd0bff86b4da3dbb05a2c2335d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-irc-1.1.1-0.1.i5… 80ac7fdac2cc547c76b5eedd482bb082 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-mail-1.1.1-0.1.i… 91992945df0728e4260ae2ddfb7d3281 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-spellchecker-1.1… a4c38e8b67b32883b7d2a8c43672e762 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-venkman-1.1.1-0.… 907c12a9bb1662652126d643fe851fcc SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/MozillaFirefox-1.5.0.10-0.… 6e55236e3b80b3894969c655f9ebf2a4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/MozillaFirefox-translation… 6d61e4d6e1d6dbc9445cc3f6b6ed30e3 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaFirefox-1.5.0.… d94fa79fb7f0de31f8d9f90baa617ca1 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaFirefox-transl… 1d3fddf5349977a9caead4b47878e51d SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-1.5.0.1… f6e7cc76afc0fef155553f735fe653b7 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-transla… 9e7435497cd97dcd1f38105a6b080d8c Power PC Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/MozillaFirefox-2.0.0.2-1.1.… 5c6b5efd358c074106dcef14acb89f23 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/MozillaFirefox-translations… 1a6991caad9a490822710e4fcf838c9c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-1.1.1-0.1.ppc.rpm c0dc8bbb08a3d06b656258a86710bc45 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-dom-inspector-1.1… c834417d2d1db92f284a12c9f88f71d0 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-irc-1.1.1-0.1.ppc… 469a2f5b1968979582291477e83260dd ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-mail-1.1.1-0.1.pp… 21d9f56ac5b93d70f47eba112505e209 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-spellchecker-1.1.… c550ce638db6e7f8d7fb3f3e037de53a ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-venkman-1.1.1-0.1… 58c4aced409456293248113d32a00dbf SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/MozillaFirefox-1.5.0.10-0.2… 4140a6709fabce8a52a9ccaeaeb7bb1a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/MozillaFirefox-translations… ac0d3d387e2f1930f331fee0800e462b SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/MozillaFirefox-1.5.0.1… 76e3f52dd691ca5b652edce6c697070f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/MozillaFirefox-transla… 3652ee25f11e32a518294ad8b4314b23 x86-64 Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/MozillaFirefox-2.0.0.2-1… ae21afdc3451c6517c228b7cb012bbc7 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/MozillaFirefox-translati… 9ec91717a80c8ad5947d6d6e2fc99d01 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-1.1.1-0.1.x86_… aa9b1d5d7cf62fcc990aabcae84e7c39 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-dom-inspector-… d8ac0deb3f11edc0439ce11153a04fbe ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-irc-1.1.1-0.1.… 1554c4a8c75564ae02c720455f29775b ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-mail-1.1.1-0.1… 779e371deec7bf589bda6b3d6fdd4069 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-spellchecker-1… 2ffba2b0ea7bbaf5806e03c7ffe58ac4 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-venkman-1.1.1-… 3761ab7b9fc06cc114a609c322d18803 Sources: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/MozillaFirefox-2.0.0.2-1.1.… f77b9222e0a60e6638a3e0f343fea209 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/seamonkey-1.1.1-0.1.src.rpm ae42228f39110de8d0699694458ff88e SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/MozillaFirefox-1.5.0.10-0.2… 8f80ec015760d1fd3d25f30be2d5ef01 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/MozillaFirefox-1.5.0.1… 748849a36a1990fea5bdb75b3bd0bcf3 SUSE LINUX 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/MozillaFirefox-1.5.0.10… f7d79ad15eeed3798e91a31cace3022d Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/66969064f4a01b40dabf533d22cb76ee.… Novell Linux Desktop 9 for x86 http://support.novell.com/techcenter/psdb/66969064f4a01b40dabf533d22cb76ee.… SUSE SLES 10 http://support.novell.com/techcenter/psdb/1cbeadd626068e3518e641d88f149a11.… SUSE SLED 10 http://support.novell.com/techcenter/psdb/1cbeadd626068e3518e641d88f149a11.… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security(a)opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe(a)opensuse.org>. suse-security-announce(a)suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <suse-security-announce-subscribe(a)suse.com>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBRe2d5Xey5gA9JdPZAQIolQf/fUMZUfMhVUETAT0TDxs2sSBzkT138JLx xlcq0BAcSmQ6bh75XUKPj7W35nnjGPGlhGYinpgRJcTCPHcn4RGPiGJimEU2hxxH 7TlgkE8uAGEmLPRus9xpTdrvxs6BreZ+g+e347wDepQDLU8l7u8tNtZ73UxeP1BH uoqxdHIqUEVEBsLX/tSo954QMmuExcV0JoQZJu8KQhR3RCqT2NAsjv1VF8Uw8rTs nL3AAlSCZUopPGpKjzJruCQ0kppaBe8SrTMt2CWIUtdnUbDUHLANxMFk0FbaVoGY x53M03rgxeqbRTPIlTcGP0enUG/EYYDNvn5Vzu5Pd6ivDLhZ+Gm6Tw== =MvXE -----END PGP SIGNATURE-----

1 0