openSUSE Security Announce
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
March 2007
- 1 participants
- 9 discussions
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2007:005
Date: Fri, 30 Mar 2007 16:00:00 +0000
Cross-References: CVE-2007-0450, CVE-2007-0855, CVE-2007-1246
CVE-2007-1536, CVE-2007-1560
Content of this advisory:
1) Solved Security Vulnerabilities:
- xine-lib overflow in w32 codec handling
- tomcat directory traversal
- unrar password handling stack overflow
- squid remote denial of service
- file integer underflow
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
- Month of PHP bugs
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for
minor issues, SUSE Security releases weekly summary reports for the
low profile vulnerability fixes. The SUSE Security Summary Reports do
not list md5 sums or download URLs like the SUSE Security Announcements
that are released for more severe vulnerabilities.
Fixed packages for the following incidents are already available on
our FTP server and via the YaST Online Update.
- xine-lib overflow in w32 codec handling
The DirectShow code in xine-libs Win32 interface uses wrong
parameters in the memcpy function call which leads to a buffer
overflow if it can be triggered by the codec.
CVE-2007-1246 has been assigned to this issue and updates have been
released for all SUSE Linux based products containing xine-lib.
Note that if you do not have w32codecs installed you are not
affected.
- tomcat directory traversal
Certain characters of the URL were not properly filtered in the
Jakarta Tomcat server. This allowed directory reverse traversal
attacks to access the web-root of tomcat.
Updates were released for SLES 10 and SUSE Linux 9.3 up to 10.2,
the updates for SLES 9 are still pending.
This problem is tracked by the Mitre CVE ID CVE-2007-0450.
- unrar password handling stack overflow
A stack-based buffer overflow in unrar was fixed that can be
exploited with user-assistance by sending a password-protected
archive.
This problem has been fixed for all affected products and is tracked
by the Mitre CVE ID CVE-2007-0855.
- squid remote denial of service
A remote denial of service problem in Squid 2.6 was fixed which
could be used by proxy users to crash a squid instance (which
however immediately restarts).
This problem has the Mitre CVE ID CVE-2007-1560 and was fixed for
openSUSE 10.2. Older products are not affected by this problem
since they contain Squid versions before 2.6.
- file integer underflow
An integer underflow within the ELF header parsing in "file" has
been fixed which could lead to arbitrary code execution.
CVE-2007-1536 has been assigned to this issue and updates were
released for all SUSE Linux based products.
The glibc heap checking code detects the corruption and terminates
the program, so it is unclear if code execution is even theoretical
possible.
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
- Month of PHP bugs
We are following the Month of PHP bugs closely and collect the
reported problems. Once the month of bugs is over, we will release
updated PHP packages.
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and integrity of a
package needs to be verified to ensure that it has not been tampered with.
The internal RPM package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on RPMv4-based
distributions) and the gpg key ring of 'root' during installation. You can
also find it on the first installation CD and included at the end of this
announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBRg0frHey5gA9JdPZAQLMmQf9GYQJT80acgQwEcgb/gAyNZf+XsKN06cf
cUjizhAkH3x8cRt4c7CFtGzpDIlruEP9KIn6GpPTly9Ru2El2QcaX6SQHra3H5jQ
HYlVL6G/itKqBysVAC+ZtAjV0RJGXTkQOvFjUzNwiNioXpUiCfG4IdpGWfJnWUME
xLyX5549gNHt+aipbtrzJieiZY05x7BEU81cRkYYXC/bSg3d9h26n9gMdOFk081Z
T03SWnvlVZUY7AFNBL0tgYgeO5Xry9f6hkpAe5OiIpkRj67LG0EG8OZFV8tVL3f4
J6vHn/HzenilKvbcjjs6b0RtLsfNoR0/F5rwBeI3opjJpa2GK5VIJg==
=sWoK
-----END PGP SIGNATURE-----
1
0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: gpg
Announcement ID: SUSE-SA:2007:024
Date: Fri, 30 Mar 2007 13:00:00 +0000
Affected Products: SUSE LINUX 9.3
SUSE LINUX 10.0
SUSE LINUX 10.1
openSUSE 10.2
UnitedLinux 1.0
SuSE Linux Enterprise Server 8
SuSE Linux Openexchange Server 4
SuSE Linux Desktop 1.0
SuSE Linux Standard Server 8
SuSE Linux School Server
SUSE LINUX Retail Solution 8
SUSE SLES 9
Novell Linux Desktop 9
Open Enterprise Server
Novell Linux POS 9
SUSE SLED 10
SUSE SLES 10
Vulnerability Type: signature bypassing
Severity (1-10): 5
SUSE Default Package: yes
Cross-References: CVE-2007-1263
Content of This Advisory:
1) Security Vulnerability Resolved:
gpg signature bypassing
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
When printing a text stream with a GPG signature it was possible
for an attacker to create a stream with "unsigned text, signed text"
where both unsigned and signed text would be shown without distinction
which one was signed and which part wasn't.
This problem is tracked by the Mitre CVE ID CVE-2007-1263.
The update introduces a new option --allow-multiple-messages to print
out such messages in the future, by default it only prints and handles
the first one.
gpg2 and various clients using GPG to check digital signatures are
affected too, but will be fixed separately.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
None.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/gpg-1.4.5-24.4.i586.rpm
7e8844844d89dec746bb0f2e6faecd4f
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/gpg-1.4.2-23.16.i586.rpm
0a26653f3fa65d46e4e192539c7ace01
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/gpg-1.4.2-5.14.i586.r…
758b8a3198153d484ec09a6b1d760fb2
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/gpg-1.4.0-4.14.i586.rpm
447e593b1328e0a8c0900c525be488f5
Power PC Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/gpg-1.4.5-24.4.ppc.rpm
2a709e1eb6a22ace9eeba678a771ccff
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/gpg-1.4.2-23.16.ppc.rpm
0258f25101194c8ed1d39511748baef5
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/gpg-1.4.2-5.14.ppc.rpm
d8c8873e538881723d7b98cafc6402ea
x86-64 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/gpg-1.4.5-24.4.x86_64.rpm
2535c0dd40a972c7e028ac0d60d00aeb
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/gpg-1.4.2-23.16.x86_64.r…
88ab493766d181b2aeb85e9ba41d0f04
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/gpg-1.4.2-5.14.x86_…
c8abc6fc65e284c64f4259d8d50dd1b8
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/gpg-1.4.0-4.14.x86_6…
0c5aa6ad775f5746256d7960adbeb86b
Sources:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/gpg-1.4.5-24.4.src.rpm
3fd3ae52f6a004a24d2fd4d822a88d67
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/gpg-1.4.2-23.16.src.rpm
b691ff4ff478979dfe5dc1e0f6534272
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/gpg-1.4.2-5.14.src.rpm
e05305b96b232bef94eaa06249471c51
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/gpg-1.4.0-4.14.src.rpm
9bc52a7b1845bbeb23858b92696fe67b
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
UnitedLinux 1.0
http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.…
SuSE Linux Openexchange Server 4
http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.…
Open Enterprise Server
http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.…
Novell Linux POS 9
http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.…
Novell Linux Desktop 9
http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.…
SuSE Linux Enterprise Server 8
http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.…
SuSE Linux Standard Server 8
http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.…
SuSE Linux School Server
http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.…
SUSE LINUX Retail Solution 8
http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.…
SuSE Linux Desktop 1.0
http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.…
SUSE SLES 10
http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.…
SUSE SLED 10
http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.…
SUSE SLES 9
http://support.novell.com/techcenter/psdb/3fafef103902137d0bea93863e650bdb.…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBRg0ZHXey5gA9JdPZAQL+xAf/fA9fdLf8gUOP3dd6zgy0GcAewFbmEpxg
mk1hxDq9zlDLvwXb6fmW13lf70ptVjqmLuEOe5hOqaQCUrg0pJxhPAbJlL3UMHua
3aKnruZ3+OS1azG7+1ZPS6KmNOfK3nvtHMJKaT8NJkZFsPrXJ3oCSNr50MhH3Czp
ZiUIoLQGw037KBDx8gtYZR01f170hARS12AG6kbgfh51NcVe4ULOT4Yf5OlYv+PV
RijkxX1Lg1Ay/9iiGpG1Ip2dCER2LDQd65NvK4qkY3MCeng7ZEPnhvHBDlQSjFil
DsZtrW4sW8+WoYIaWvFa6+QKwignGJ+6CQhbhBM6o8ddU9Q58pQFVQ==
=3t2p
-----END PGP SIGNATURE-----
1
0
SUSE Security Announcement: OpenOffice,libwpd security problems (SUSE-SA:2007:023)
by Marcus Meissner 21 Mar '07
by Marcus Meissner 21 Mar '07
21 Mar '07
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: OpenOffice_org,libwpd
Announcement ID: SUSE-SA:2007:023
Date: Wed, 21 Mar 2007 11:00:00 +0000
Affected Products: SUSE LINUX 9.3
SUSE LINUX 10.0
SUSE LINUX 10.1
openSUSE 10.2
SuSE Linux Desktop 1.0
Novell Linux Desktop 9
SUSE SLED 10
SLE SDK 10
Vulnerability Type: remote code execution
Severity (1-10): 6
SUSE Default Package: yes
Cross-References: CVE-2007-0002, CVE-2007-0238, CVE-2007-0239
Content of This Advisory:
1) Security Vulnerability Resolved:
libwpd and OpenOffice_org security problems
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
Several security problems were fixed in the Wordperfect converter library
libwpd and OpenOffice_org:
For SUSE Linux 10.1 this aligns the version with the one shipped with
SUSE Linux Enterprise Desktop 10.
- CVE-2007-0002: Various problems were fixed in libwpd in OpenOffice_org
which could be used by remote attackers to potentially execute code
or crash OpenOffice_org.
This library is shipped stand-alone in openSUSE 10.2, but included
in OpenOffice_org packages in previous distributions.
- CVE-2007-0238: A stack overflow in the StarCalc parser could be
used by remote attackers to potentially execute code by supplying
a crafted document. This was reported by NGS Software to the
OpenOffice team.
- CVE-2007-0239: A shell quoting problem when opening URLs was fixed
which could be used by remote attackers to execute code by supplying
a crafted document and making the user click on an embedded link.
Also support for the ODF - OpenXML converter was added to the
OpenOffice_org packages.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please close and restart all running instances of OpenOffice after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/OpenOffice_org-2.0.4-38.3.…
2a9af072e8368ed8c0e5db589c4a22d5
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/OpenOffice_org-gnome-2.0.4…
72f30dd775b281aa45fa19920d4d4497
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/OpenOffice_org-kde-2.0.4-3…
babbf2585f90a0aae16807b288673504
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/OpenOffice_org-mono-2.0.4-…
f2f5a4c9589fa575a9498044d1a49d03
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/OpenOffice_org-officebean-…
ad1120bb3611148d4b4134b32e5c9eec
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/libwpd-0.8.8-4.1.i586.rpm
cadf625739907eb685306dcb3d083ebf
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/libwpd-devel-0.8.8-4.1.i58…
c02b7a5ea74d0baa7b12a3dd2eea6564
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-2.0.4-38.2.…
d7533eb1aaa254395e0245a1b4019341
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-af-2.0.4-38…
009e2aebb099281672cb7f9b70c0db10
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ar-2.0.4-38…
78faa57a6fbf164fa65eb596ab3d0190
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-be-BY-2.0.4…
cfaae9dbc18f87524066c63a25a5b3cb
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-bg-2.0.4-38…
1105dcd143adfbd090288ad27e9c8da2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ca-2.0.4-38…
56c40e9b6824ae3ca3d123f362a5a92f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-cs-2.0.4-38…
4d44008b5c2cc553548e334158220d0f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-cy-2.0.4-38…
cc0dc168269a45ddd0c114965b9a6c56
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-da-2.0.4-38…
cb72c893e4ea60968ce42ea8ef011bd7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-de-2.0.4-38…
dfe22f36f4b3d7aff30c742393bd893d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-el-2.0.4-38…
321616c6a193027477056d5b417e1781
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-en-GB-2.0.4…
d8605f1d8bcf592e59975194fec00142
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-es-2.0.4-38…
c1d1a27021f26cb106b6376c89992522
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-et-2.0.4-38…
6b9f7fab3f4d1355b97698d582b95587
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-fi-2.0.4-38…
c01561728f5d498d1b8ee5232b671fa5
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-fr-2.0.4-38…
c0c5b6dc7f5df2305c6dab0ed2ee4a0b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-galleries-2…
9f911d9257e8d4504a1fee9f3c1287b9
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-gnome-2.0.4…
f241e376c47c9ce1adddfe52e572831d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-gu-IN-2.0.4…
7435d6499436d16c14b7237517c032ce
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-hi-IN-2.0.4…
8168a44c2ac4192a5c181d1fad0b7169
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-hr-2.0.4-38…
e0202b13638f4acb8070ec2edb1e8189
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-hu-2.0.4-38…
f09d99292b549a64461fd92cf33ff5f8
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-it-2.0.4-38…
c245ee3672d79e4befb73e708b3e70b3
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ja-2.0.4-38…
0fd0cc2d7bc864f257d665d8473f3f4e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-kde-2.0.4-3…
61201fbb62e4e0f56ccb3b357f44cfca
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-km-2.0.4-38…
5663111aae630b36841310cba6db55f3
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ko-2.0.4-38…
8d5836c647bf78676c14414c123f4858
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-lt-2.0.4-38…
77553c865df0d7dca5d2e7ed0f82b3a0
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-mk-2.0.4-38…
e8d546844421eebffe58cdc645ab6bb2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-mono-2.0.4-…
d2ffbeb6427890bec20f1176b9650467
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-nb-2.0.4-38…
58d48ddc4115b4f6ad29ab77f1cadba0
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-nl-2.0.4-38…
267724851c91881fff125df8041f4cc4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-nn-2.0.4-38…
227d2c5991662871c31a6089d1fa01ec
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-officebean-…
05bbfed2edd6f0bd034f121e97282fd6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-pa-IN-2.0.4…
063f03b909b71017a33385c58a5bc40f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-pl-2.0.4-38…
27c022b107e2fad7aa4382c431b09335
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-pt-2.0.4-38…
df85fbc2f61f45244328944860e90cfe
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-pt-BR-2.0.4…
0fd50ee5fe5180e3ab9e5a8863b1fe41
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ru-2.0.4-38…
585779050216d76d3fdc61dcb87756b6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-rw-2.0.4-38…
9948a3c6fe923d1b49c0c32a0945be6d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-sk-2.0.4-38…
9200ab125263a45b9d60fef03c55d5af
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-sl-2.0.4-38…
c6407f6d58eab0882854740ac55277c5
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-sr-CS-2.0.4…
5a3a13df49340458817b3730623dbdce
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-st-2.0.4-38…
df5ae66ffe5e5108da697871156cbff5
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-sv-2.0.4-38…
df6b1fdcfbeadc187af969236ecb5635
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-tr-2.0.4-38…
60390c99d68d9e4bcb8721213582a5a4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-ts-2.0.4-38…
2c1901b43de3d5ad13443ea6cf2de516
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-vi-2.0.4-38…
bb7bf0ec0d243eb2d7726b472904f8be
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-xh-2.0.4-38…
07010f8ee28c3ed3fbc6b5c45eec37a4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-zh-CN-2.0.4…
d7d1e73876c1f9ce41ff733e48dc8e1f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-zh-TW-2.0.4…
14e61b81f2da392d90f36e49e6331dbf
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-zu-2.0.4-38…
4fe4504f405ba6151ba3ac7ee49c3172
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/libwpd-0.8.8-4.1.i586.rpm
7e4dfeab50b23ed7a3113be7a6b156a8
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/libwpd-devel-0.8.8-4.1.i58…
a44dae4a186a610827d8262064ecce5a
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-2.0.0-…
daf50e3dcfcc21ef80ca59cd730e7733
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-af-2.0…
0908aeb25b6aa9638d44996f5837d875
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ar-2.0…
d101a407afd4a19e5d2240475dc2974d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-be-BY-…
fbeece1fad5a8832df4b1cd05465691e
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-bg-2.0…
7954a771aae3a099b86a9c2c81a5a7ac
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ca-2.0…
446b15214a52bafcb16b70413ff76bfc
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-cs-2.0…
a8bf434202af39cb2a54b6181caff6e4
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-cy-2.0…
be19917020061c7756c9deb97dc9a7aa
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-da-2.0…
4e8d908c40209290dc52a1f41e7735d2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-de-2.0…
f75f652b606ee51a3aed06cc203a82ed
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-el-2.0…
67e142cbc8dc07719014c3344a3e43d0
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-en-GB-…
7748ff91d45dd2a535193e9f80a5f9e5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-es-2.0…
fe141d5f8240ce6b751f5d9c67337c27
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-et-2.0…
f2f201a58434286598f0bf13d35e9839
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-fi-2.0…
0e3d3c2eca587d580bac44637d591a04
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-fr-2.0…
ec7ce5153548779dbce4324cfc21b088
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-galler…
321df6d876e182ee003a2ebb6b43f965
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-gnome-…
ef368c9d5b04a6461a27c633c14e66cd
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-gu-IN-…
560a4de9533dc4b00d3905641f51b814
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-hr-2.0…
857c76fb5d00238ba3a7571f31a44bcb
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-hu-2.0…
a09830b7f91e6adc5dd2cc5c85ae2f62
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-hunspe…
c40a52f2245c0d1b9c7e098b73d2241d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-it-2.0…
e8a35dc8733c61ff82ba4c79434484b3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ja-2.0…
aefa7eafd187f38548642c2d20264334
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-kde-2.…
3fb2f0ea676eacedd11819fffb33db54
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ko-2.0…
b05e81f2d7500fd3c5b4044fbc1770e4
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-mono-2…
507477f68fcf29a078759e3b4fa0b8ce
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-nb-2.0…
dfad18ee128cf4e2ea8bef41787e6628
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-nl-2.0…
9920f20a0dd06e3ec66ab54f57ba3afa
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-nn-2.0…
10294b1e938a66ae2dd662c08d283b00
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-office…
b96c74bffb0b88512c882afa8427fdca
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-pa-IN-…
3d95aee56fd4b8c2afd0222c8b2d9ed4
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-pl-2.0…
e477c6570f7d4b2221241eba60d447b0
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-pt-2.0…
a3b4db853adbc7dfb59320449f02cea4
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-pt-BR-…
ff427c1dbaa1bbc0946ed4bb9eab2411
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ru-2.0…
275b3b941540e373ac479cb43c539499
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-sk-2.0…
3b62e77eba1b15fe5a3abd66638d68fb
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-sl-2.0…
b7655adeb11dc42fba851d9871c856b2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-sv-2.0…
aa79318eec4efc5479c13600841071f7
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-tr-2.0…
4eb75711c4504d9d63edc19baa57b51d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-vi-2.0…
93bcd0fa175cffda5f346bdfcd155d87
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-xh-2.0…
7fc2f100a4bba449582e5635af51cbc1
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-zh-CN-…
20d179d17303c2592ac0a8a746d3a2cd
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-zh-TW-…
bda31e02fcf0b84ba8441c9c1dad6465
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-zu-2.0…
e40724599c441056eac6242c50f6e184
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-2.0.0-1…
3d401f97c52bd951bf0f12dafd8a5f62
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ar-2.0.…
425d7fbb0026cefbd4a4c2e397d8190c
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ca-2.0.…
68bfa745291616fd868a0b7cbf95af99
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-cs-2.0.…
11adcd616dc3726ede3a5d3f6ef7193f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-da-2.0.…
7834b7c6e0e90b07fa4d6a7ad04ee0b8
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-de-2.0.…
b095a9cd0b54197e04d88b0205aa62bf
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-el-2.0.…
434a14813a0d0c6bab5c4e453d7ebdba
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-es-2.0.…
ca7590d2b273323c7709af49d065f563
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-et-2.0.…
e3baf8b76558d18d6191db55e43a9401
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-fi-2.0.…
51968f4497bd27cea3d327197fd8dcad
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-fr-2.0.…
8fa92a6ee02cfdad5929ac90e5509a3f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-gnome-2…
b59c72ebd799292c782d924988c86560
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-hu-2.0.…
780672721174087715431494136751f4
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-it-2.0.…
fc3c1879bab3ea3191d174c829e98a09
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ja-2.0.…
50b4151fb4ffc14cfe4f37acbcbf072c
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-kde-2.0…
d2f37ecce322145cc2af142a2b7acda9
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ko-2.0.…
66fc79960adb3709276a6e0be3453b4d
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-nl-2.0.…
76ed8d644f50ca1c33dc92e2b67ddbd7
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-pl-2.0.…
6dbc621e0abb92fa44127423fa41e239
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-pt-2.0.…
d53a758cd57f36c21d7832cd5881be56
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ru-2.0.…
40fe55b170656b86f1d821402ace1d41
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-sk-2.0.…
58036435751b74b09baf2d6c870304c0
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-sl-2.0.…
602383dede3f9601ed5b0d2c3fe89d95
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-sv-2.0.…
36ac059a9aec6482f801e3662f1d1c01
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-tr-2.0.…
0cd3fc86ce54b960289fabda77e27439
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-zh-CN-2…
8fedf5c89cd730812041db3f62ae58f5
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-zh-TW-2…
c4059951210c2e5510c0d0495a3cd58c
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-1.1.3-…
35ab4ffca257414aefddde8915301b05
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-ar-1.1…
1cd3ad97a081c87c69cead51dbdfcc37
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-ca-1.1…
97239440907e41e1c7beed973259927f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-cs-1.1…
d326ede0a93c1039ddfee8740df82dee
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-da-1.1…
8f239372174c8e66e6e7d6847b65f53f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-de-1.1…
0c0469b3cef0fd6efe8bcd4b81b134de
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-el-1.1…
830adbe3c497b73238a635a679059f90
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-en-1.1…
986272514a78a2022ecf99fc7b613184
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-es-1.1…
bdb6a5cf0e667e483716b5c7451f1a73
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-et-1.1…
431a8276a904305a4cc3b45cdd552500
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-fi-1.1…
48e11420aa6310f46c7ac1fb7a35df0b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-fr-1.1…
a48ff519fb2cdf6bbf9c8e53a6df3b82
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-gnome-…
dd3412152e46a9ad2c1e25a59a5398ac
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-hu-1.1…
59be3b63e52c4d608982b60678852e15
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-it-1.1…
66407d4150e0f751cba9ffbfb7ae380a
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-ja-1.1…
882c7fc9a442287eb86791874ad7c66e
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-kde-1.…
6944874f6901ee8e94596b4ec8651d89
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-ko-1.1…
fbbac0a6f2534127c4fdfb2e88456f91
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-nl-1.1…
76465851513b3a266a7019ba538cbdb4
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-pl-1.1…
45ee4c5d3e366abf516fc3ae57ea055d
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-pt-1.1…
9933e1ea662526ab7d1948e7b3d49ce6
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-ru-1.1…
085b94c16b2c6d1907a5869a21b22d33
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-sk-1.1…
aaf631eb0d279e065ccb30bcd2bd3bdf
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-sl-1.1…
6feb77e9d006ff2b310a874a06baf6e6
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-sv-1.1…
c13f4b8f87ffae25ac1ab3fc86f2b008
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-tr-1.1…
676671efbe38fc213b2467e8fe27a39b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-zh-CN-…
b1516b08ea4a43a5b7b740213eaa7c33
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-zh-TW-…
67f3cd1182a47d23229059e69d590009
Power PC Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/OpenOffice_org-2.0.4-38.3.p…
ef5e7647c3119475615264b25837b560
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/OpenOffice_org-gnome-2.0.4-…
61651ed5645c144e3ce4c3e0ef3478e8
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/OpenOffice_org-kde-2.0.4-38…
0cb297ce08ff152a621e6a7be764f495
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/OpenOffice_org-mono-2.0.4-3…
50e08a0e07e9093a10c880c1756b0f44
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/OpenOffice_org-officebean-2…
55ef3359735578b9b9927a5473de38e7
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/libwpd-0.8.8-4.1.ppc.rpm
ddaf3c1d9437a086e25d0996c2fb0b08
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/libwpd-devel-0.8.8-4.1.ppc.…
749edb6cf4293f983d16d3d08d268cd9
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-2.0.4-38.2.3…
9c6dce1f5d6249b3c3c4876c86c8a64b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-af-2.0.4-38.…
a4217a26e9f2ac2210bea179f40fab7d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ar-2.0.4-38.…
09d36b66a917c76259bdaf6acfe515ad
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-be-BY-2.0.4-…
138e6fc1e5ddfaf706bca3ea8c5d42eb
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-bg-2.0.4-38.…
83d715467f9f7c8e6d3b8d81f56ff8f5
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ca-2.0.4-38.…
9ceec70d0bced102b6f4534d37520aec
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-cs-2.0.4-38.…
03e84c9c2c6f00a04d5bc51dbc754c21
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-cy-2.0.4-38.…
fab40d7cf44b9570dbac82920cff6c9f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-da-2.0.4-38.…
8cf1908adc5406aa6db821fe74ba6162
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-de-2.0.4-38.…
cde1c323148a061a1b29a056b4c0260c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-el-2.0.4-38.…
a2ca0d0d74589a277159de47bcc38292
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-en-GB-2.0.4-…
a1fb699f2aa071d2bf93eba873b8dc75
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-es-2.0.4-38.…
ac44d81e83fce7bce5c72e2ba3de194b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-et-2.0.4-38.…
2b86b2fc9f32ce1a09ec72be5e95f94b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-fi-2.0.4-38.…
4ddde7bcc75bda13cd97eadef989e56d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-fr-2.0.4-38.…
25efca68f27e58d486a1396fb6e01148
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-galleries-2.…
1a5ca9dcbd56b08588604b24ba9c3329
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-gnome-2.0.4-…
1d3e3fc5d1780a77440a92e23afd9c08
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-gu-IN-2.0.4-…
37512fa7bfae1f44077ede96253bbf9f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-hi-IN-2.0.4-…
7e5d29f310fed1e704f010ebf7fd4a94
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-hr-2.0.4-38.…
fc0e46817a6ef18ec38ada0b71a45484
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-hu-2.0.4-38.…
6a90d4bc8caf09e0426f3aa3dcc19a80
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-it-2.0.4-38.…
1b34147033d27ac0ca5e6d9ea853a3f4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ja-2.0.4-38.…
f0083fa3c922cb3571d08eeddfd0feee
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-kde-2.0.4-38…
4969acec66079bd018a0a8daa78a4066
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-km-2.0.4-38.…
4eb5d8b9e7000ce53eacc75eaeedec80
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ko-2.0.4-38.…
3008616363f4c20e239064b0e3fdf23b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-lt-2.0.4-38.…
a078e38dbce4f5519a0872410d268b8d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-mk-2.0.4-38.…
ff7982f5de6e0c4c8ab296777629a4bb
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-mono-2.0.4-3…
bf61834d43d5633a90c7eb5a56984d7c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-nb-2.0.4-38.…
794df46f8566e1ca7f3540d5b5095756
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-nl-2.0.4-38.…
241a4b7d76e4caf9506230f15e240db3
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-nn-2.0.4-38.…
eec36089c9417eb02e0be548dce33c14
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-officebean-2…
1ab457869109a0bee5b7998a642a0cd4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-pa-IN-2.0.4-…
37ca20d66a0600c6270997404d85988e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-pl-2.0.4-38.…
c55e9a93ff9321c6a0fb809f4eadbe49
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-pt-2.0.4-38.…
e98e5f1d0ee1feb79780e06479edc3e2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-pt-BR-2.0.4-…
769730f4c00958fcc4ee86520a3bc052
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ru-2.0.4-38.…
3cace3fc035a75ad17aaf84e919160f7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-rw-2.0.4-38.…
1372064aa3bfbd25c13b989a907ceed4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-sk-2.0.4-38.…
c383e1cb41718a8ea7dd37c2e6e5eefa
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-sl-2.0.4-38.…
dae756fac561e35434759a2c2082d364
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-sr-CS-2.0.4-…
60a949dae23eeedf21d1045ff2ef3d19
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-st-2.0.4-38.…
0ae537a3e6ff13f1aeaeab92b9a02405
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-sv-2.0.4-38.…
194510f325899490845c6f6825b78b93
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-tr-2.0.4-38.…
7ce3641365ffca0194828f85ece4ab88
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-ts-2.0.4-38.…
9f5233575c5200aee3e79faede979ae7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-vi-2.0.4-38.…
b7397aedb9abc1cca20eaa67bd2efca2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-xh-2.0.4-38.…
5ad29f565ce8065fa3962ba8d32edeaa
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-zh-CN-2.0.4-…
b1cd36bdbb07ac8600385c71444219dd
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-zh-TW-2.0.4-…
fdcab2ee3182504f06d4ff37a0e3d167
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-zu-2.0.4-38.…
a531bd249ee57d928f1363b894e641ac
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/libwpd-0.8.8-4.1.ppc.rpm
9935289a9b010aca63423bfb144fa2eb
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/libwpd-devel-0.8.8-4.1.ppc.…
882e8c4febfb1e33d56e8e67b09c3a32
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-2.0.0-1…
cecd47848f250ddd997db3129d27ada2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-af-2.0.…
373bf56d0fba544669124dc2a07a5890
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ar-2.0.…
33d3052f8566aa3b569ee09265d4f633
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-be-BY-2…
649011706f146e21d9449891c84b5bbf
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-bg-2.0.…
4e975a58995b37b7124c28c4043acc92
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ca-2.0.…
41c649dbaded150c9e2fd35e1db78839
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-cs-2.0.…
3975d6fb3ac15954a58428ed8b7e7186
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-cy-2.0.…
01d3561ebdd5bd35210ce936255b62aa
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-da-2.0.…
cd3623f2e0c62b988acf475bffc81373
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-de-2.0.…
781d2c9487bd963533f6a0d089dea4a4
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-el-2.0.…
f23daff8d93fb7b05906a72f213c555f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-en-GB-2…
552ae155bf3c183ef02791e015facf03
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-es-2.0.…
a4b8e0f3874c7788d5b62055bd51752b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-et-2.0.…
3c8c0d011356d77adf725cc751009502
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-fi-2.0.…
e0a626b09ad3691a40cc43b9a66cdcfe
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-fr-2.0.…
632536d2f411b50ee53cfc75da77e066
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-galleri…
65555e2e265e7ef8f6786d21a0527f44
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-gnome-2…
eed2177ac0f7540bcb5b33a8d8411079
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-gu-IN-2…
7aaffdd96fbc46715c02d20ed9a8ab4f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-hr-2.0.…
b7a740d01f615ce4a4c1d9d31c22fac9
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-hu-2.0.…
45dde4c57a2cf6e873667bca54436218
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-hunspel…
a2aeed78e10151cefa9b547cd74916b2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-it-2.0.…
d6cbdfc83736feeb9beab1a3233b03b4
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ja-2.0.…
c7fbe3d045a8d0a69a246331d2cac9ea
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-kde-2.0…
59d89038a5d70847c39e635a6046836f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ko-2.0.…
3da570835e020b525ddefa4f1ca0f614
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-mono-2.…
051a8526c49a7b2b00911ea373edefdd
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-nb-2.0.…
691a72b95b7029728a545e4c4ba8ea40
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-nl-2.0.…
6dcb25c6aa639340d609f921307e9635
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-nn-2.0.…
c5e6a24f7cbba8a950bce995aafb4c94
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-officeb…
8bef349eb7f559ed09774b3f1afc9b42
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-pa-IN-2…
ce7ab69d3a44be22b87da9a64bd5a5db
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-pl-2.0.…
78bca75c7e8c48be2f29970b67e8ae91
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-pt-2.0.…
4b58b1b1fe0aa20673ce10a269eb0c77
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-pt-BR-2…
9891ce27f223d1dad6dc35b7bbc4c155
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ru-2.0.…
9c0eb597a9e5854c179bc071108ad756
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-sk-2.0.…
09a3b79866abce34b3322722f02dbb8f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-sl-2.0.…
08fa57ce52a06c090fbdefec35332d02
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-sv-2.0.…
d1cd3bf8912d7c345e93d040971a9989
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-tr-2.0.…
12d7e0047ed4b7a96f76a29919789cb4
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-vi-2.0.…
f91dbabfd59b816f984f25ca6e2808af
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-xh-2.0.…
ffbcc22a366fd8d0febcc5de81c9831b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-zh-CN-2…
c93c58214854b7c815c225786338b247
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-zh-TW-2…
297c78087f9646dd5fafc108fa9a5113
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-zu-2.0.…
9af604a6e08ef5f3e271973460dbe3c6
x86-64 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/libwpd-0.8.8-4.1.x86_64.…
98f259a61a96b389d78f5c2379935f2f
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/libwpd-devel-0.8.8-4.1.x…
e4940153d6b27bc542e0b19b6c095375
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/libwpd-0.8.8-4.1.x86_64.…
9283ee0bca8000ddfa4f65b5aaa63f06
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/libwpd-devel-0.8.8-4.1.x…
8b6d9df8b3125b6f79be1426e9abb716
Sources:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/OpenOffice_org-2.0.4-38.3.s…
9e366e55b7982da2bb9546ea6aafbd3e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/libwpd-0.8.8-4.1.src.rpm
02859ccd6b23ef8abbffd3f2f2917ad6
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/OpenOffice_org-2.0.4-38.2.3…
48a2c08cc7c05cf03501add19de2f18d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/libwpd-0.8.8-4.1.src.rpm
86307019d42fd01fd791a49e936adae3
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/OpenOffice_org-2.0.0-1…
0c03bb57182d9a376b3ac180915ed118
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/OpenOffice_org-2.0.0-1.…
5a36ec0584911db7c58fd1530c0c15af
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/OpenOffice_org1-1.1.3-4…
e9b9a54cf8ef922cc475e9f8fb12d038
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
SLE SDK 10
http://support.novell.com/techcenter/psdb/45b2a4c2c1b2b8002e0b1a73efd03241.…
SUSE SLED 10
http://support.novell.com/techcenter/psdb/45b2a4c2c1b2b8002e0b1a73efd03241.…
Novell Linux Desktop 9
http://support.novell.com/techcenter/psdb/bf6a5b58f07ccb9ee5cb194c18620d9f.…
SuSE Linux Desktop 1.0
http://support.novell.com/techcenter/psdb/bf6a5b58f07ccb9ee5cb194c18620d9f.…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBRgD7vney5gA9JdPZAQLr4Qf/Y27tMs47XKrbGMV81JD1VRKaZtWFtVTY
RKc8ro0BUh10SK14QAW3hauSq+SatwOu6xGjzW8Xzb+q7IxccJRnVJpZPE/T/RLs
3iTnH9kM5aNTb4LEi09jOcKqZxJnVb6vHq/VIw+G5cKUmSAO6kqWtDbtUsyeCWpX
Qogo0Jve4+TzZREny4CNK4+SApNzEda2+I05cdwLuUxuHXdPL6MCdduM5dhFnUwo
2pxZKLN5q1WztUHJ3XLo9qLKgecTSBF2bAPblXWeGRCRbwp4GUm9VoAyR6N/1jK9
fP5HenfraQcR1Czk4LWdwSg9g/gIvjhGbNGsQtiTaSDeQqPF6KtIZg==
=xNg4
-----END PGP SIGNATURE-----
1
0
SUSE Security Announcement: Mozilla security problems (SUSE-SA:2007:022)
by Marcus Meissner 20 Mar '07
by Marcus Meissner 20 Mar '07
20 Mar '07
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: mozilla,MozillaThunderbird,seamonkey
Announcement ID: SUSE-SA:2007:022
Date: Tue, 20 Mar 2007 11:00:00 +0000
Affected Products: SUSE LINUX 9.3
SUSE LINUX 10.0
SUSE LINUX 10.1
openSUSE 10.2
UnitedLinux 1.0
SuSE Linux Enterprise Server 8
SuSE Linux Openexchange Server 4
SuSE Linux Standard Server 8
SuSE Linux School Server
SUSE LINUX Retail Solution 8
SUSE SLES 9
Novell Linux Desktop 9
Open Enterprise Server
Novell Linux POS 9
Vulnerability Type: remote code execution
Severity (1-10): 6
SUSE Default Package: no
Cross-References: CVE-2006-6077, CVE-2007-0008, CVE-2007-0009
CVE-2007-0775, CVE-2007-0776, CVE-2007-0777
CVE-2007-0778, CVE-2007-0779, CVE-2007-0780
CVE-2007-0800, CVE-2007-0981, CVE-2007-0994
CVE-2007-0995, CVE-2007-0996, CVE-2007-1092
MFSA 2006-72, MFSA 2007-01, MFSA 2007-02
MFSA 2007-03, MFSA 2007-04, MFSA 2007-05
MFSA 2007-06, MFSA 2007-08, MFSA 2007-09
Content of This Advisory:
1) Security Vulnerability Resolved:
Mozilla security update
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The mozilla browsers in old products and Mozilla Seamonkey in SUSE
Linux 10.1 were brought to Mozilla Seamonkey to version 1.0.8 and
Mozilla Thunderbird was brought to version 1.5.0.10 to fix various
security issues.
Note that Mozilla Firefox for all distributions and Mozilla
seamonkey for openSUSE 10.2 was already released and announced in
SUSE-SA:2007:019.
Please also see
http://www.mozilla.org/projects/security/known-vulnerabilities.html
for more details.
The updates include fixes to the following security problems:
- MFSA 2007-01: As part of the Firefox 2.0.0.2 and 1.5.0.10 update
releases several bugs were fixed to improve the stability of the
browser. Some of these were crashes that showed evidence of memory
corruption and we presume that with enough effort at least some of
these could be exploited to run arbitrary code. These fixes affected
the layout engine (CVE-2007-0775), SVG renderer (CVE-2007-0776)
and javascript engine (CVE-2007-0777).
- MFSA 2007-02: Various enhancements were done to make XSS exploits
against websites less effective. These included fixes for invalid
trailing characters (CVE-2007-0995), child frame character set
inheritance (CVE-2007-0996), password form injection (CVE-2006-6077),
and the Adobe Reader universal XSS problem.
- MFSA 2007-03/CVE-2007-0778: AAd reported a potential disk cache
collision that could be exploited by remote attackers to steal
confidential data or execute code.
- MFSA 2007-04/CVE-2007-0779: David Eckel reported that browser UI
elements--such as the host name and security indicators--could be
spoofed by using a large, mostly transparent, custom cursor and
adjusting the CSS3 hotspot property so that the visible part of
the cursor floated outside the browser content area.
- MFSA 2007-05: Manually opening blocked popups could be exploited by
remote attackers to allow XSS attacks (CVE-2007-0780) or to execute
code in local files (CVE-2007-0800).
- MFSA 2007-06:
Two buffer overflows were found in the NSS handling of Mozilla.
CVE-2007-0008: SSL clients such as Firefox and Thunderbird can suffer
a buffer overflow if a malicious server presents a certificate
with a public key that is too small to encrypt the entire "Master
Secret". Exploiting this overflow appears to be unreliable but
possible if the SSLv2 protocol is enabled.
CVE-2007-0009: Servers that use NSS for the SSLv2 protocol can
be exploited by a client that presents a "Client Master Key" with
invalid length values in any of several fields that are used without
adequate error checking. This can lead to a buffer overflow that
presumably could be exploitable.
- MFSA 2007-06/CVE-2007-0981: Michal Zalewski demonstrated that setting
location.hostname to a value with embedded null characters can
confuse the browsers domain checks. Setting the value triggers a
load, but the networking software reads the hostname only up to
the null character while other checks for "parent domain" start at
the right and so can have a completely different idea of what the
current host is.
- MFSA 2007-08/CVE-2007-1092: Michal Zalewski reported a memory
corruption vulnerability in Firefox 2.0.0.1 involving mixing
the onUnload event handler and self-modifying document.write()
calls. This flaw was introduced in Firefox 2.0.0.1 and 1.5.0.9 and
does not affect earlier versions; it is fixed in Firefox 2.0.0.2
and 1.5.0.10.
- MFSA 2007-09/CVE-2007-0994: moz_bug_r_a4 reports that the fix for
MFSA 2006-72 in Firefox 1.5.0.9 and Firefox 2.0.0.1 introduced
a regression that allows scripts from web content to execute
arbitrary code by setting the src attribute of an IMG tag to a
specially crafted javascript: URI. The same regression also caused
javascript: URIs in IMG tags to be executed even if JavaScript
execution was disabled in the global preferences. This facet was
noted by moz_bug_r_a4 and reported independently by Anbo Motohiko.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please close and restart all running instances of Mozilla after the update..
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaThunderbird-1.5.0.1…
547473641b1fc691203bef3db6d36c0d
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaThunderbird-transla…
af42f03d1887e418797e3690c69a1709
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/MozillaThunderbird-1.5.0.1…
272781028bb6a983e8e14c6b14c102e4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/MozillaThunderbird-transla…
3d49f23e615d183fe408d6891ea6c170
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-1.0.8-0.1.i586.r…
eba37ae4180a8f04287df247f23c35b5
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-calendar-1.0.8-0…
32e45f618cac250516cda65a66de4e3f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-dom-inspector-1.…
91fefaa5fc57c236ee708437bf3aa708
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-irc-1.0.8-0.1.i5…
81961a36d4f7d2fb248709651ea60a16
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-mail-1.0.8-0.1.i…
b97b422453a0c1331814d48522e46f21
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-spellchecker-1.0…
3240234d66b6b64aa605183a6cd46a09
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-venkman-1.0.8-0.…
8fcd70d4809dd33687f594bb713ef701
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaThunderbird-1.…
104ceda0fbb7193a3f9d99f0a175287b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-1.8_seamonkey…
d1562e72530fc68ad28ec3dadc0f6000
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-calendar-1.8_…
ae59edd5df960ce7ca2811668ca4304a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-devel-1.8_sea…
80b8d1f6c86f76e9a4bd2a383662cc70
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-dom-inspector…
e0ec1b099ab4669ff87c4c57025b6408
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-irc-1.8_seamo…
18ed94852710ea4da55d5e272c8f02ab
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-ko-1.75-3.2.i…
9a88799bc8165c52bf4368fa88fa8062
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-mail-1.8_seam…
c7dfd3b86e181397f57eb96ac7add4ff
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-spellchecker-…
3218a9896df5b4165812dc426d785a79
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-venkman-1.8_s…
9deecf3e3f2db8bc933bcbc9b404b200
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-zh-CN-1.7-6.2…
cdd4d321f1d0c77972147ae8e5711c8f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-zh-TW-1.7-6.2…
4b78297073c3fc7452bce2156fd27ce9
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaThunderbird-1.5…
09dc095c0c9ab026ac2ea39016563ee7
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/galeon-2.0.0-28.2.i586…
3bf2e04d77f5741b7e1e63fec2782ce3
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-1.8_seamonkey_…
8e6985968a4b4a20344eaeca82b20dd9
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-calendar-1.8_s…
d7923262288dbc5e3dccb8c6e8c9be21
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-devel-1.8_seam…
a95141a7ffd39d2dbf15f1806b1302b8
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-dom-inspector-…
f840cc616b050f1f9110b646d92d9f89
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-irc-1.8_seamon…
b15fb0401c3fe083504f785380837bf5
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-ko-1.72-4.2.i5…
d47244baa6e176b382873de18e7f4d57
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-mail-1.8_seamo…
583b08c694d9e60b693d83091cc4bea1
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-spellchecker-1…
8a6c77ca9a5785f13da8bab1fd6559a7
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-venkman-1.8_se…
6eb27c5c993b8404b6b9b37fa9410000
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-zh-CN-1.7-4.2.…
e4953be21c3190a0f977594475c6a644
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mozilla-zh-TW-1.7-4.2.…
889112f57c9909a3f579c934cb607890
Power PC Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/MozillaThunderbird-1.5.0.10…
5eb4d9bfb70541d73567e314b1221c4e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/MozillaThunderbird-translat…
cd2c7744d010199ad4eeb1e77cafc6a2
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/MozillaThunderbird-1.5.0.10…
0da2ff5b2660089c085d04c511c4a288
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/MozillaThunderbird-translat…
26108b5b6121892c87fc63f3b83fa738
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-1.0.8-0.1.ppc.rpm
d28e98789cd7e5bf8489f613bef0a412
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-calendar-1.0.8-0.…
52bd066680ec0cd4be2274c5910b0575
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-dom-inspector-1.0…
4d6651cbeb0ba49af385fb79e0565e6f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-irc-1.0.8-0.1.ppc…
58d928a2ca8e210f678f1882ef197dbc
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-mail-1.0.8-0.1.pp…
5c312611eea1a5c66ad8d5642b6312f8
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-spellchecker-1.0.…
5df145c669c43232db30470031529386
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-venkman-1.0.8-0.1…
4eb4b2966b9ac81efa49119e4f8ddf7c
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/MozillaThunderbird-1.5…
9e76e2ef067375c853a4007c154f06fc
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-1.8_seamonkey_…
929df8d565c7cdbb80b2be5e2d36d1b8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-calendar-1.8_s…
2b0f10ef23de1c4fe6e428119381ff13
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-devel-1.8_seam…
98f8f2e0e48b202ba137c50b96629f73
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-dom-inspector-…
2b53a2c3a84ad880efe167b9fbb82284
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-irc-1.8_seamon…
a473278b9f8199ec24b6cc4b9e3f64de
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-ko-1.75-3.2.pp…
eb221819f94a49db237d8e653477fa22
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-mail-1.8_seamo…
640abb44e274fc5f1422c5044c6f091d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-spellchecker-1…
56f73c7ad8e347c03cf268611e8482ea
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-venkman-1.8_se…
6222c60a8ea5912eb1bf95f89ed05133
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-zh-CN-1.7-6.2.…
40bad4acd306702420c7ae724a6c3483
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-zh-TW-1.7-6.2.…
bdb9c3f6fc1b9e683a086439abcd634f
x86-64 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/MozillaThunderbird-1.5.0…
571480603ece2894c54437586e5f15ca
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/MozillaThunderbird-trans…
ad3fe46c99995dae891742114b411348
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/MozillaThunderbird-1.5.0…
b0b6f6317aa08e9ffdfd01bf78d6ab6c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/MozillaThunderbird-trans…
3b3593cc49a34959ddf109e73e229838
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-1.0.8-0.1.x86_…
c62c306a9210d1380d0383756ef5a3b6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-calendar-1.0.8…
dfec65a2c28ce970f716639416ad9c04
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-dom-inspector-…
a0d1a056d3c9c9474c7ad922ed0510a5
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-irc-1.0.8-0.1.…
d9b8d64648f876404f9140f8712dc277
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-mail-1.0.8-0.1…
827be325fc09f3a3de8aa34c43d39d53
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-spellchecker-1…
8781deadb623e4e790f752e34e225023
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-venkman-1.0.8-…
8f5d5bbb19e5d7fd8ee7561ff0479366
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/MozillaThunderbird-…
50c9aa9444c5f3d3fbacdd0eeb793c00
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-1.8_seamonk…
e62ef28727a06a0bd8d1178a21dc5110
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-calendar-1.…
8caefefc6a95b18fc7fffb26ae518fd1
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-devel-1.8_s…
1193ae59a5f9c047b61804c6f4573292
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-dom-inspect…
f69a7642c1de7ff1d95267fd94fa1e52
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-irc-1.8_sea…
1ff8ba349799de175307a45975376690
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-ko-1.75-3.2…
0c3a3919968ff3944fec0b06492d2648
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-mail-1.8_se…
2d7dc7e6277a5e3b4e0f1502123d56c8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-spellchecke…
9a7588c2679c2f20ae320d966007a52c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-venkman-1.8…
a31af9e8c71814b3959fe798b02bce1c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-zh-CN-1.7-6…
24e379bc61ed056c0f0bb54221fa775b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-zh-TW-1.7-6…
558744070125f366ea371b8a74013740
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/MozillaThunderbird-1…
fb45dc9c21efe5b80147007419fbf00c
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/galeon-2.0.0-28.2.x8…
78e0f0c0656bbd5d5e870ebb07d0da59
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-1.8_seamonke…
a964c727aff74b4216616e1fc5c4e9e2
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-32bit-9.3-7.…
b76b14cc243ca194ccf63eb90b2b7b18
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-calendar-1.8…
9f0c7439178321a8b63bd6e4082de183
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-devel-1.8_se…
4d18ea11bbe8cdec74485b0a28af3e0d
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-dom-inspecto…
ed69936e7b237686d14e042a1ec89e76
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-irc-1.8_seam…
37fb7bb34b46c2fb8986b856b1e8bc80
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-ko-1.72-4.2.…
9793929ef938078b26f2f4820f987186
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-mail-1.8_sea…
539b0364484d1bcc83131e71dad07c6a
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-spellchecker…
169e8a933712659b6393a2259a800fb8
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-venkman-1.8_…
0205e7b8c7039713b25bae3eef4ef5a1
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-zh-CN-1.7-4.…
ea9f1f7fb7ad5ad39e4e74518d50e5de
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mozilla-zh-TW-1.7-4.…
ff169bc5b2c5ad54791eb44a19a0fa68
Sources:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/MozillaThunderbird-1.5.0.10…
df76bca1b23849c6c4a4223cc4393ed6
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/MozillaThunderbird-1.5.0.10…
a97490af5bd2facdd92b456f7bd9b48b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/seamonkey-1.0.8-0.1.src.rpm
4a09308ea09abe9efd161bfbae069389
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/MozillaThunderbird-1.5…
8fb26a705089600a0041147f143bb3d5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-1.8_seamonkey_…
7e7e925e6dc07f79a5e413301e0a1e2b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-ko-1.75-3.2.sr…
94f4bfac620e696e87ebeffc8a37f939
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-zh-CN-1.7-6.2.…
770f8c2ad133d2654a7decd39318d938
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-zh-TW-1.7-6.2.…
f14d2b1c49c4be16c6d4eabf7a829846
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/MozillaThunderbird-1.5.…
7bf0a95e565d0b4e0b281de71d7b77ac
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/galeon-2.0.0-28.2.src.r…
e8d4e6067036c64cdf8e7b6df0293e5d
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/mozilla-1.8_seamonkey_1…
36fb405238f66b32ffa3886a65179c09
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/mozilla-ko-1.72-4.2.src…
a9a59a04691762400d9683d77373461f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/mozilla-zh-CN-1.7-4.2.s…
47fe021634a3e246e9c4a5a0c729d210
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/mozilla-zh-TW-1.7-4.2.s…
4778ee7e50fc457cb5a6fd36d409aefe
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
UnitedLinux 1.0
http://support.novell.com/techcenter/psdb/de9498ed8558262d3438fd1358e0a132.…
SuSE Linux Openexchange Server 4
http://support.novell.com/techcenter/psdb/de9498ed8558262d3438fd1358e0a132.…
SuSE Linux Enterprise Server 8
http://support.novell.com/techcenter/psdb/de9498ed8558262d3438fd1358e0a132.…
SuSE Linux Standard Server 8
http://support.novell.com/techcenter/psdb/de9498ed8558262d3438fd1358e0a132.…
SuSE Linux School Server
http://support.novell.com/techcenter/psdb/de9498ed8558262d3438fd1358e0a132.…
SUSE LINUX Retail Solution 8
http://support.novell.com/techcenter/psdb/de9498ed8558262d3438fd1358e0a132.…
Open Enterprise Server
http://support.novell.com/techcenter/psdb/adf5cccb9b0cfb2f9cb649652f793fdc.…
Novell Linux POS 9
http://support.novell.com/techcenter/psdb/adf5cccb9b0cfb2f9cb649652f793fdc.…
Novell Linux Desktop 9
http://support.novell.com/techcenter/psdb/adf5cccb9b0cfb2f9cb649652f793fdc.…
SUSE SLES 9
http://support.novell.com/techcenter/psdb/adf5cccb9b0cfb2f9cb649652f793fdc.…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBRf+z43ey5gA9JdPZAQLjMggAnCvJW3FpEu8VB23xIRQqWdjwErzdn2lC
x4T//Bp7d2woASoc6zaytr3IhOjeBAUNtMlmSdYd4HStmNR45VO75utyhqhucrps
hymqDTAzmTuVo+pv1Tz1BficwOYAQsm2Le+k/OYWKMA+NFhvXaQVesrX5iCNaKg6
yJnEyEpQ8z8r+0/wIu3xNFUNa0jzPDPx9ibl7TltwakwdDeYB80pR6UfbACvsy4v
1L3Om1gZIbHiNW0EgRLc5JGhz3SHdG8ohtfURKG7q2VXB649pmsgzFkwb2LDeIXC
IDi5GakSHRb2o2GYjMcFzgdBaw7iNfOxDUxvUdPMpo+HTSgYFa3K1g==
=jF1d
-----END PGP SIGNATURE-----
1
0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2007:004
Date: Fri, 16 Mar 2007 15:00:00 +0000
Cross-References: CVE-2005-4348, CVE-2006-3126, CVE-2006-5867
CVE-2006-5974, CVE-2006-6142, CVE-2006-6303
CVE-2007-0469
Content of this advisory:
1) Solved Security Vulnerabilities:
- fetchmail man in the middle attacks
- capi4hylafax potential code execution
- squirrelmail cross site scripting problems
- rubygems file overwrite problem
- ruby denial of service problem
- clamav bugfix release 0.90.1
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
- Month of PHP Bugs
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for minor
issues, SUSE Security releases weekly summary reports for the low profile
vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums
or download URLs like the SUSE Security Announcements that are released for
more severe vulnerabilities.
Fixed packages for the following incidents are already available on
our FTP server and via the YaST Online Update.
- fetchmail man in the middle attacks
Three security issues have been fixed in fetchmail:
CVE-2005-4348: fetchmail when configured for multidrop mode, allows
remote attackers to cause a denial of service (application crash)
by sending messages without headers from upstream mail servers.
CVE-2006-5867: fetchmail did not properly enforce TLS and may
transmit clear-text passwords over unsecured links if certain
circumstances occur, which allows remote attackers to obtain
sensitive information via man-in-the-middle (MITM) attacks.
CVE-2006-5974: fetchmail when refusing a message delivered via the
mda option, allowed remote attackers to cause a denial of service
(crash) via unknown vectors that trigger a NULL pointer dereference
when calling the ferror or fflush functions.
All SUSE Linux versions containing fetchmail were affected.
- capi4hylafax potential code execution
In the capi4hylafax fax suite, by using shell meta characters in the
sender number remote attackers could potentially execute arbitrary
commands (CVE-2006-3126).
It is not clear if this is exploitable at all.
All SUSE Linux based products containing capi4hylafax were updated.
- squirrelmail cross site scripting problems
Multiple cross site scripting bugs in squirrelmail have been fixed
(CVE-2006-6142).
SUSE Linux 9.3 up to 10.1 and openSUSE 10.2 are affected by this
problem.
- rubygems file overwrite problem
This update fixes a vulnerability in rubygems that allowed to
overwrite files with root privileges. (CVE-2007-0469)
SUSE Linux 10.0, 10.1 and openSUSE 10.2 are affected by this problem.
- ruby denial of service problem
The ruby package was updated to fix a denial of service problem in
its CGI module when parsing multipart MIME messages. (CVE-2006-6303)
All products containing ruby were affected by this problem.
- clamav bugfix release 0.90.1
The virus scan engine clamav was brought to version 0.90.1.
This was not a security, but only a bugfix release. The major version
of libclamav.so was bumped, so we also released sylpheed-claws and
klamav updates to provide consistency.
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
- Month of PHP Bugs
We are following the Month of PHP bugs closely and collect the
reported problems. Once the month of bugs is over, we will release
updated PHP packages.
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and integrity of a
package needs to be verified to ensure that it has not been tampered with.
The internal RPM package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on RPMv4-based
distributions) and the gpg key ring of 'root' during installation. You can
also find it on the first installation CD and included at the end of this
announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBRfql8Xey5gA9JdPZAQKkDQf/WJ6Kl62OHh5vcx4vF6Bmic0dPtSykxv6
a7a0afhiokoF03ofbFaf+07ooABHSC3Z12GvKElNay584G2lFgQ6+NO8rAia4W9v
4IDcTAe7eV+YM/zAL4WUIYvI+LuxY/F0APWz+JUe+bKnR1dskkgy20cIeikwctdH
JvvTFQCEe9pQj8Ro17IkvGBQqirqUIL7yuqHpomxIC/wAFycbemKMGCnAAZROJ4m
bbsFM60FzNJwfa59RhW1mT1Y/wkm88JHIxmXfdconI7t5htazxsMcg41/m/Q1wQe
0UTaH6Pk1m1DxrYSNdDs97u0q7OLtda1SLGXJt+AmLRlXQvs7I7k6w==
=LF1D
-----END PGP SIGNATURE-----
1
0
16 Mar '07
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SUSE Security Announcement
Package: kernel
Announcement ID: SUSE-SA:2007:021
Date: Fri, 16 Mar 2007 13:00:00 +0000
Affected Products: SUSE LINUX 10.0
openSUSE 10.2
Vulnerability Type: remote denial of service
Severity (1-10): 7
SUSE Default Package: yes
Cross-References: CVE-2006-2936, CVE-2006-5749, CVE-2006-5751
CVE-2006-5753, CVE-2006-6106, CVE-2007-0006
CVE-2007-0772
Content of This Advisory:
1) Security Vulnerability Resolved:
kernel security update
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
none
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The Linux kernel was updated to fix the security problems listed below.
This advisory is for the bugs already announced for SUSE Linux
Enterprise 10 and SUSE Linux 10.1 in SUSE-SA:2007:018.
The packages associated with this update were already released 1
week ago.
Please note that bootloader handling in openSUSE 10.2 has changed and
now creates new entries for updated kernels and make those the default.
We also had reports of the update breaking the bootloader
configuration, and apologize for the inconveniences caused. We are
investigating those problems and hope to release an update to fix
the bootloader handling code.
If you are manually adapting /boot/grub/menu.lst, please review this
file after the update.
- CVE-2006-2936: The ftdi_sio driver allowed local users to cause a
denial of service (memory consumption) by writing more data to the
serial port than the hardware can handle, which causes the data
to be queued. This requires this driver to be loaded, which only
happens if such a device is plugged in.
- CVE-2006-5751: An integer overflow in the networking bridge ioctl
starting with Kernel 2.6.7 could be used by local attackers to
overflow kernel memory buffers and potentially escalate privileges.
- CVE-2006-6106: Multiple buffer overflows in the cmtp_recv_interopmsg
function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the
Linux kernel allowed remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via CAPI messages with
a large value for the length of the (1) manu (manufacturer) or (2)
serial (serial number) field.
- CVE-2006-5749: The isdn_ppp_ccp_reset_alloc_state function in
drivers/isdn/isdn_ppp.c in the Linux kernel does not call the
init_timer function for the ISDN PPP CCP reset state timer, which
has unknown attack vectors and results in a system crash.
- CVE-2006-5753: Unspecified vulnerability in the listxattr system
call in Linux kernel, when a "bad inode" is present, allows local
users to cause a denial of service (data corruption) and possibly
gain privileges.
- CVE-2007-0006: The key serial number collision avoidance code in
the key_alloc_serial function allows local users to cause a denial
of service (crash) via vectors that trigger a null dereference.
- CVE-2007-0772: A remote denial of service problem on NFSv2 mounts
with ACL enabled was fixed.
Furthermore, openSUSE 10.2 catches up to the mainline kernel, version
2.6.18.8, and contains a large number of additional fixes for non
security bugs.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please reboot the system after installing the updated packages.
Review the /boot/grub/menu.lst configuration file if you manually changed it.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/ivtv-kmp-bigsmp-0.8.0_2.6.…
e82b0a67a4b0bbb0971bb969c8d9eb60
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/ivtv-kmp-debug-0.8.0_2.6.1…
60c6ce6820d3839ce9fbe2eb4bab356c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/ivtv-kmp-default-0.8.0_2.6…
da0bf89980c93e0a475e37fa200e28b0
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/ivtv-kmp-xen-0.8.0_2.6.18.…
4bf99d7816ba585f0ed5593dc6fbb740
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/ivtv-kmp-xenpae-0.8.0_2.6.…
13bc3b2be8b6fd08ae1589f9cfd67be7
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-bigsmp-2.6.18.8-0.1…
08da4cbf6da45be1c0459580cb44749c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-default-2.6.18.8-0.…
112d3fcfbea319940262c0a306da85be
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-source-2.6.18.8-0.1…
3096d2eeb901ee592a06d68ca91982a9
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-syms-2.6.18.8-0.1.i…
9429c6f7042ebd28831298058467044a
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-xen-2.6.18.8-0.1.i5…
d2cd5d41af38cf5489b9b7636546ce39
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-xenpae-2.6.18.8-0.1…
1c01b355d52b01f8cacbdfb06af0c171
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/lirc-kmp-bigsmp-0.8.0_2.6.…
d402122d25eab3352c194a96a249cc20
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/lirc-kmp-default-0.8.0_2.6…
8798fe7a1d4ce2b2029bf4ee957efe08
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/lirc-kmp-xenpae-0.8.0_2.6.…
dd3d8c1869f08c6c9d7821fd122d7b99
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/quickcam-kmp-bigsmp-0.6.4_…
d1b16cbbc1445c7564bcdc8f009760a6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/quickcam-kmp-default-0.6.4…
ba2fbb5381abcfac608f6dfd9ccca71c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/usbvision-kmp-bigsmp-0.9.8…
bda4e19bab973eace8b245b82a976610
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/usbvision-kmp-debug-0.9.8.…
3998dbfbad2955c876d3c6918e30775b
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/usbvision-kmp-default-0.9.…
20710daf7c1e1c7560387605e679e9ef
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/usbvision-kmp-xen-0.9.8.3_…
02dcd27ebad0f8b4eeaba2567ef79352
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/usbvision-kmp-xenpae-0.9.8…
caea9f949b562b7fbe6cc1e5f7da4a4c
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/Intel-536ep-4.69-0.1.…
70a42a7f7742d66894bee17b3f388a5d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-bigsmp-2.6.13-…
16b76176c41ecc466f9fb46cdd230489
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-bigsmp-nongpl-…
062a8b04cb89e3989d305bef87dc0757
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-default-2.6.13…
faf638689b69c1e80569bc46dbfe088b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-default-nongpl…
6049934f03e60aca2bc5d54012c0407d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-smp-2.6.13-15.…
6c1ac1600ee0f27e7464e0407405f9aa
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-smp-nongpl-2.6…
752faf01a1b41613c91f785e72895a55
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-source-2.6.13-…
e5fe6448fddbc8fcefd8a90b36888db9
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-syms-2.6.13-15…
e38e9ba4c63044e5bfbb285911c898a5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-um-2.6.13-15.1…
0944ef9eb3fe1634bf21121bf1f51fdc
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-um-nongpl-2.6.…
9e6bd3a6f743926b9270872fefb9b915
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-xen-2.6.13-15.…
9d49e4767426613e38573037776f26b0
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-xen-nongpl-2.6…
8e5f25c2e2b85129f91c22c6868f0003
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/um-host-kernel-2.6.13…
a38b42695a1f0700ac1ed8a71c79520c
Power PC Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/kernel-default-2.6.18.8-0.1…
56d9d481c3c62f9627f8fdb5b3df782d
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/kernel-iseries64-2.6.18.8-0…
109afa91f06beb989faa4ce3b5181ffa
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/kernel-ppc64-2.6.18.8-0.1.p…
1ce2d7597556be60d09b3cea3639af8a
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/kernel-source-2.6.18.8-0.1.…
84bd64a7f8d3de26f13536635983be23
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/kernel-syms-2.6.18.8-0.1.pp…
56e7429616a92898cbf83ee796ae45f7
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/lirc-kmp-default-0.8.0_2.6.…
f79c0143fbf4ffd0cf14fa616968da58
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/quickcam-kmp-default-0.6.4_…
97ab79266d28d0b05c7fe715e054bce1
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-default-2.6.13-…
419939cc75cdf648342e2de9bda2c0e8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-iseries64-2.6.1…
5147690fdc8e20d2456d9a2ad9566c15
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-ppc64-2.6.13-15…
29982397729967c8237643d59f0a300b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-source-2.6.13-1…
6cf3159d8cef06756309a58f3a007e29
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-syms-2.6.13-15.…
d16442f15524102ab709419e8a56f6a7
x86-64 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/ivtv-kmp-debug-0.8.0_2.6…
c3841ced488b344daa86646138e1a050
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/ivtv-kmp-default-0.8.0_2…
a35ed0949cc2fe69362069398621788d
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/ivtv-kmp-xen-0.8.0_2.6.1…
c884bd668d92648dddc440c931b44399
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/kernel-default-2.6.18.8-…
0aed77eee5442d9315f3d53c2da9f6f3
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/kernel-source-2.6.18.8-0…
a37c3f4a169d9061af48d1430c04d05f
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/kernel-syms-2.6.18.8-0.1…
0c2f6be06580c9ca0426243c73e3144e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/kernel-xen-2.6.18.8-0.1.…
74d9189894b2ca61f495dc90023b279a
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/lirc-kmp-default-0.8.0_2…
b0880efb1ff8ab29ea0ed752f692985d
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/quickcam-kmp-default-0.6…
8df8f3c772f884481a122abbe264c45d
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-default-2.6.…
9bb317c036977483961d7d4ab2c3a123
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-default-nong…
a57e4271abb5b607dcf24ccb7c75d3ea
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-smp-2.6.13-1…
7c0fd656bf08fa0a1dd9bce20ced8b2a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-smp-nongpl-2…
a5f66edd202201ffb96eadeb03a7213c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-source-2.6.1…
f195f6ebb24ef1b6ebf6859efe4e9658
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-syms-2.6.13-…
9b23bb08beccedecc5ce35e1b099ca2f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-xen-2.6.13-1…
a34f4798ccf607f3e6e8c1db4ce6ab1c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-xen-nongpl-2…
3aa25da4d80b5687b0dd112ccbb980f2
Sources:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-bigsmp-2.6.18.8-0.1.…
a6bb16929d315cf146675e75b3e14e97
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-default-2.6.18.8-0.1…
d18038925c29a061a23fdbd3c410d362
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-iseries64-2.6.18.8-0…
e579ee0834be9cc99f0f181f4eefc722
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-ppc64-2.6.18.8-0.1.n…
099041a3de7a607b414c5690dc870117
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-source-2.6.18.8-0.1.…
7f7c7fd1543e01c24c1b9e7f71fb73a1
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-syms-2.6.18.8-0.1.sr…
10d98ce9df7766e3a2268f103bea42d9
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-xen-2.6.18.8-0.1.nos…
058b58f8be113977a91e94ab94bf0182
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-xenpae-2.6.18.8-0.1.…
210b549a27e3eca6d7174ad1c3e4c858
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/Intel-536ep-4.69-0.1.s…
e7669014790db2d2b9022d08307d7fba
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-bigsmp-2.6.13-1…
a56233e08afeb0c3e7a7d47c4614fcc2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-default-2.6.13-…
6b84ee8f314841da371d89efe4406e47
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-iseries64-2.6.1…
28a33e95d59a0fbfa8d7ec10d8bb7d43
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-ppc64-2.6.13-15…
f6e51f0333e0b8a571f6e7e070ac577d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-smp-2.6.13-15.1…
fb5e7d691e697ae608e9964966060cdc
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-source-2.6.13-1…
0bb6955fcaf7079ec5dc84d0242d518a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-source-2.6.13-1…
e4f1f529be352d96e39efd832bb1bd2b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-syms-2.6.13-15.…
44acc7bf9de3e6404876c72a264448d2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-um-2.6.13-15.15…
80a8dd4f5c4535c6f6cfc40b4d17591a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-xen-2.6.13-15.1…
1b20f3e5ee1bf0b081a50f26f811b47e
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
none
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iQEVAwUBRfqMp3ey5gA9JdPZAQHuSwf/e3FO1RcgSi0rE6L+qbACE2ylyGiyktMa
vhG4VZXff2nkRd4dAg0DTP7rZv9DHdb/61QOqqTe71E29ecpqMP+tBBrcxuggELI
OpSJfposZqyZxqVbv75mxfWs9SO744x0YTUUxPQYbHDun/ZW7UV3h3b5yq9Nkv7K
7ZCc3m4dqZgRyvaPQPmKry8AkSZVr7b60frS/qrGvpQC6Rt1+yIlTEXTtrMMmEKM
rOd0VTIi5J8PWmtQpmXhTSD+uNp4oeqRBUDObZpU8ziLYaCVXSpHjjPOS+q5+WFm
qg2BwQ0UPXCSi1ARsS0pamARM5xBIHp39gJZDmm6bZNFwnrBxZh41w==
=BPjk
-----END PGP SIGNATURE-----
1
0
15 Mar '07
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: php4,php5
Announcement ID: SUSE-SA:2007:020
Date: Thu, 15 Mar 2007 12:00:00 +0000
Affected Products: SUSE LINUX 9.3
SUSE LINUX 10.0
SUSE LINUX 10.1
openSUSE 10.2
UnitedLinux 1.0
SuSE Linux Enterprise Server 8
SuSE Linux Openexchange Server 4
SuSE Linux Standard Server 8
SuSE Linux School Server
SUSE LINUX Retail Solution 8
SUSE SLES 9
Open Enterprise Server
Novell Linux POS 9
SLE SDK 10
SUSE SLES 10
Vulnerability Type: remote code execution
Severity (1-10): 5
SUSE Default Package: no
Cross-References: CVE-2006-6383, CVE-2007-0906, CVE-2007-0907
CVE-2007-0908, CVE-2007-0909, CVE-2007-0910
CVE-2007-0911, CVE-2007-1380, CVE-2007-1399
Content of This Advisory:
1) Security Vulnerability Resolved:
php5 and php4 security update
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
Multiple bugs have been fixed in the PHP4 and PHP5 script interpreters.
These include the following security related problems:
CVE-2007-0906: Multiple buffer overflows in PHP before 5.2.1
allow attackers to cause a denial of service and possibly execute
arbitrary code via unspecified vectors in the (1) session, (2) zip,
(3) imap, and (4) sqlite extensions; (5) stream filters; and the (6)
str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user,
and (10) ibase_modify_user functions.
CVE-2007-0907: Buffer underflow in PHP before 5.2.1 allows attackers
to cause a denial of service via unspecified vectors involving the
sapi_header_op function.
CVE-2007-0908: The wddx extension in PHP before 5.2.1 allows remote
attackers to obtain sensitive information via unspecified vectors.
CVE-2007-0909: Multiple format string vulnerabilities in PHP before
5.2.1 might allow attackers to execute arbitrary code via format string
specifiers to (1) all of the *print functions on 64-bit systems, and
(2) the odbc_result_all function.
CVE-2007-0910: Unspecified vulnerability in PHP before 5.2.1 allows
attackers to "clobber" certain super-global variables via unspecified
vectors.
CVE-2007-0911: Off-by-one error in the str_ireplace function in PHP
5.2.1 might allow context-dependent attackers to cause a denial of
service (crash).
CVE-2006-6383: PHP 5.2.0 and 4.4 allows local users to bypass safe_mode
and open_basedir restrictions via a malicious path and a null byte
before a ";" in a session_save_path argument, followed by an allowed
path, which causes a parsing inconsistency in which PHP validates
the allowed path but sets session.save_path to the malicious path.
This security update also fixes some bugs reported by the Month of
PHP bugs project:
MOPB-10-2007 / CVE-2007-1380: The php_binary serialization handler
in the session extension in PHP before 4.4.5, and 5.x before 5.2.1,
allows context-dependent attackers to obtain sensitive information
(memory contents) via a serialized variable entry with a large length
value, which triggers a buffer over-read.
MOPB-16-2007 / CVE-2007-1399: Stack-based buffer overflow in the zip://
URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0
and 5.2.1, allows remote attackers to execute arbitrary code via a
long zip:// URL, as demonstrated by actively triggering URL access
from a remote PHP interpreter via avatar upload or blog pingback.
Note that this problem is caught by the FORTIFY SOURCE extension in
SUSE Linux 10.0 and newer products and just leads to a controlled
abort of the PHP interpreter.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please close and restart all running instances of Apache after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/apache2-mod_php5-5.2.0-12.…
f2f48e532fef257c6e7a9594b395bbbd
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-5.2.0-12.i586.rpm
503528c34dd46c11b626a1115e4e7acc
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-bcmath-5.2.0-12.i586.…
f0d2552bdec0eeb3ab8bf2545ba3cddb
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-curl-5.2.0-12.i586.rpm
bf3d450e2eb99b34a06daf7513983471
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-dba-5.2.0-12.i586.rpm
f818ce63be457d9c1a1239cb4df43140
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-devel-5.2.0-12.i586.r…
21e05debffe309a6d726152c54f76051
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-dom-5.2.0-12.i586.rpm
b0c379af470fca3c2f3f4c12182a4f7a
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-exif-5.2.0-12.i586.rpm
cb7afff7393ef5e7fe9a40787decb6f9
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-fastcgi-5.2.0-12.i586…
0951fe02fb2f0c604dbcc8ac5eeaf16c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-ftp-5.2.0-12.i586.rpm
3dd7c25a21d2a484ca879904f3bee4a9
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-gd-5.2.0-12.i586.rpm
4a813bc9d22f5a9e7764f4ac6685609d
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-iconv-5.2.0-12.i586.r…
098c31663c9da3e220773c7f02d0c0fd
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-imap-5.2.0-12.i586.rpm
f439e2e8c687ce0dbd07b9575a4365f3
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-ldap-5.2.0-12.i586.rpm
02d86d4c8630df2a1c011a0b8b36bce3
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-mbstring-5.2.0-12.i58…
0ef98613fdd02136e71e41c8140172db
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-mhash-5.2.0-12.i586.r…
fe27a4c38d1a60a263ee224759e3ac44
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-mysql-5.2.0-12.i586.r…
72593a052c560bf67e13b0023f3853cf
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-odbc-5.2.0-12.i586.rpm
a28748136ac0c812336dbb526a640388
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-pear-5.2.0-12.i586.rpm
a6fddefdd69e1cd16a2dbc05a00d307c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-pgsql-5.2.0-12.i586.r…
e4fc9ceaf7f994f7d071984b27986cb5
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-soap-5.2.0-12.i586.rpm
c1e3ca85fcf3eab7528c08d96d87b2ba
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-sysvmsg-5.2.0-12.i586…
93b3138e1440d984979131c4b6811c83
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-sysvshm-5.2.0-12.i586…
5130d3ba12debbce19e36104880dc379
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-wddx-5.2.0-12.i586.rpm
f3328696c8419532be94f0c9a9e17b2d
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-xmlrpc-5.2.0-12.i586.…
ce718ed9e21a8ff508da8c27a270e703
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-zip-5.2.0-12.i586.rpm
7cdc2d0d8fa4848dac1f8fca234082c5
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-mod_php5-5.1.2-29.…
3927e0480ecf4c74be6b5a8cc1060eb0
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-5.1.2-29.25.3.i586.rpm
c4cedba0d109f6ceffaa13a6bf682e7e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-bcmath-5.1.2-29.25.3.…
a8fd499fa084131487ec38812b64e8b1
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-curl-5.1.2-29.25.3.i5…
e22cac0de384f810e51c2e677c0beded
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-dba-5.1.2-29.25.3.i58…
ed084d4f73e420ac65bbb6478ea90d94
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-devel-5.1.2-29.25.3.i…
805c64b2bcd4acc30457292c4727c3cf
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-dom-5.1.2-29.25.3.i58…
632ab11aa56d0e845a32ecc08d8d0c2b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-exif-5.1.2-29.25.3.i5…
6253f962a8ea1edd629d9fafebca88d3
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-fastcgi-5.1.2-29.25.3…
00e6376b3ea3ed8eef975ded52a2652d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-ftp-5.1.2-29.25.3.i58…
369c20a57b8040440ff7d7e25b00206f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-gd-5.1.2-29.25.3.i586…
b0932eb0d69a3416e507bd3f9f0c1c8d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-iconv-5.1.2-29.25.3.i…
039b6caa677523d29bcbfb4c7c28171b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-imap-5.1.2-29.25.3.i5…
f94f405677516b60a1c5dffcd5d81aa7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-ldap-5.1.2-29.25.3.i5…
82927d40442d020d64798565dd0301a2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mbstring-5.1.2-29.25.…
3e420f4f25f7dfd4b8cd9c325c687569
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mhash-5.1.2-29.25.3.i…
ffde7c9bb5717808234d366e1a0df80a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mysql-5.1.2-29.25.3.i…
70b78fcb59a61b121b72a4672b32426b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mysqli-5.1.2-29.25.3.…
77d1917ebfb039869b07dbd3f73463db
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-odbc-5.1.2-29.25.3.i5…
257ef91fab5b5ff97f7f2a3c641b852b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-pear-5.1.2-29.25.3.i5…
67fd6fbfe544bf149dad76a187949588
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-pgsql-5.1.2-29.25.3.i…
45f165b82620c8a7ec97da3ed835c825
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-soap-5.1.2-29.25.3.i5…
2841c3c4d8085801dbd078358e2d3120
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-sysvmsg-5.1.2-29.25.3…
2a0db72494fa3c9a3600897660b879f2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-sysvshm-5.1.2-29.25.3…
b9a3634905d99004644396707d9dd12e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-wddx-5.1.2-29.25.3.i5…
88d1174b3880fc99aaf6f9ad0f639d2c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-xmlrpc-5.1.2-29.25.3.…
1932e85a7a064be2220e09a29b404227
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-mod_php4-4.4.…
ce1d9363eb0efdeeedea70eae077659a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-mod_php5-5.0.…
d928f472fa80d6c73723688297aaa32c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mod_php4-core-4.4.0-6…
707f34cea2252ae1d40f80bfbd7a2b65
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mod_php4-servlet-4.4.…
3aa9a918847df1f3a95e7501c28fdd0f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-4.4.0-6.25.i586.…
b5e399b9ed76f9687b0691aeaf303989
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-devel-4.4.0-6.25…
fcc4a39cc6f5c94ba268a02f13350c56
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-exif-4.4.0-6.25.…
0dcfff6ecd68539c58781c00e9874b53
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-fastcgi-4.4.0-6.…
8c3801ddfa4777f3b58f2385112bd1e3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-imap-4.4.0-6.25.…
df7885a9a69c5bbb3866a30b31744a1f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-mhash-4.4.0-6.25…
b2e7e4f2625f414546cfe099173d37f2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-mysql-4.4.0-6.25…
09f8fe0946bd6dcc6b41bbd1aaf00436
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-pear-4.4.0-6.25.…
33addc9de8ab5247f336211ef9c015d0
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-servlet-4.4.0-6.…
afe58d2b22065a51a81a9ee03bb177e4
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-session-4.4.0-6.…
98ef5c8ee8c37debb35b4be7bd4795e0
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-sysvshm-4.4.0-6.…
2159657aefb7e679864d794266a230ee
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-unixODBC-4.4.0-6…
2ac681c5b3c5f6dfbec713aa00a75df0
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-wddx-4.4.0-6.25.…
e3de03a595f64256ad9506e5bb05bae0
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-5.0.4-9.25.i586.…
96751ce807d72d437018d97d63a82d54
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-bcmath-5.0.4-9.2…
707833a0c9377312de2eb3517fdb06c5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-curl-5.0.4-9.25.…
f366c3f53d8d39a0ed258b6904b570f9
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-devel-5.0.4-9.25…
2690790d45e14b5309731b86f5ee88ad
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-dom-5.0.4-9.25.i…
b991a6bb83d0e60552ac441c7f2b2ba7
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-exif-5.0.4-9.25.…
1d3804bb3efe9e97cc9405c3c277ec02
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-fastcgi-5.0.4-9.…
1ced5441f663014c78796844a672ac99
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-ftp-5.0.4-9.25.i…
abf2b770c25ce0f593b8cf5aa603d3f8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-gd-5.0.4-9.25.i5…
84e4e07f2983d5f4f03731c3baaac83f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-iconv-5.0.4-9.25…
d8cb2cc83f823e502ae6ca24ff65a9d8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-imap-5.0.4-9.25.…
8536c90069d133cfef77f70647911d05
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-ldap-5.0.4-9.25.…
e4363b38b9f803e5f7127240de2bcd55
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-mbstring-5.0.4-9…
2a4482240e2e4205973fcbd13023400a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-mhash-5.0.4-9.25…
ef2978fa60e61107842ea4a9fba29a94
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-mysql-5.0.4-9.25…
9d9369aa0bf820fde4ec8beca7ed9a9c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-mysqli-5.0.4-9.2…
1f64e8ec3d4dc75fca197ed080c5ea58
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-odbc-5.0.4-9.25.…
f2854c347f1df295c8665ed0c3cee408
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-pear-5.0.4-9.25.…
219f71b053b5adfdc10bc981a914840a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-pgsql-5.0.4-9.25…
94f545526d60f3d9791023dec171c4de
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-soap-5.0.4-9.25.…
175b6bee59231a8f0821de0ef3e62708
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-sysvmsg-5.0.4-9.…
c3a909e0c962aea9294434c2ecd8f625
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-sysvshm-5.0.4-9.…
f703e49dbf9f78f77b299cc0b2cef2d0
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-wddx-5.0.4-9.25.…
e7a7868d5f63a672fd7a87480dc6bb77
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-xmlrpc-5.0.4-9.2…
ec6963d22bb68e0ec3024fb8d4b6cd40
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-mod_php4-4.3.1…
b64d7ea34f122ff8e4ee5dc84c93b88f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-mod_php5-5.0.3…
76629e3c134e05c294d5ee117544acc2
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mod_php4-core-4.3.10-1…
9fb5247d927e2b32f79a434358082e33
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mod_php4-servlet-4.3.1…
1a6e808bc51cb4ba8c030c6dd3c5702c
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-4.3.10-14.35.i586…
83a2ec6069c1ee73be65ff7639111294
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-devel-4.3.10-14.3…
b2f89a8fd833330d7181b370fa3aadf8
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-exif-4.3.10-14.35…
c8fb2468da1145b1d3a0185bd5a966b0
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-fastcgi-4.3.10-14…
0b421bcafe05955dc6c36cfbfb43ee58
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-imap-4.3.10-14.35…
913d64b9b6cae70aa6052c995e44a226
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-mhash-4.3.10-14.3…
768f56aee0e7e87980b5fca599c00017
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-mysql-4.3.10-14.3…
5aeef12f372eb3c9dfc0e74bf59fbcca
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-pear-4.3.10-14.35…
afa6ce46410733abef5979f8abfdeb04
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-servlet-4.3.10-14…
58ab5812623571cc7f9414a4e03949c9
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-session-4.3.10-14…
a2d6221d6bded4e29c14b96da228e72d
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-sysvshm-4.3.10-14…
d1166b80e8548e8f6e812191a2184505
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-unixODBC-4.3.10-1…
71990d9cf8819507c6bd69270335d50c
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-wddx-4.3.10-14.35…
71b45ae6fc694a409d3a75efe7996551
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-5.0.3-14.35.i586.…
e311d27cc61cd047f2fb8ee5fd37fa5d
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-bcmath-5.0.3-14.3…
0ffdb01631d22f06cfea0c8b0010030b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-curl-5.0.3-14.35.…
b37021436773bde8fb80fd1ce600cc2c
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-dba-5.0.3-14.35.i…
8e25e4d8a92e0b0000517dd29b3413e6
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-devel-5.0.3-14.35…
cba8aef706c8a77bbbe1f635465ffcdb
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-dom-5.0.3-14.35.i…
fe6738ae4f9f9e0f01b21ffac3b82f0c
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-exif-5.0.3-14.35.…
41935fd3c56d91600938ccc257428adc
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-fastcgi-5.0.3-14.…
7e610b3b503d663c46fc3e5649b729ec
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-ftp-5.0.3-14.35.i…
542df95c1575f41ff5fa41e205f4cbc3
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-gd-5.0.3-14.35.i5…
1e5916878e1b6878b48beb3c01a5acb3
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-iconv-5.0.3-14.35…
0262910f143b23d984ba50b2e08f2361
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-imap-5.0.3-14.35.…
ff696b891fea9466a6e79d823870727b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-ldap-5.0.3-14.35.…
5a6d4ce953115979cc1d871b4db3e070
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-mbstring-5.0.3-14…
45da7460e75de58b6908dba002e0544b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-mhash-5.0.3-14.35…
fbf8501fcabb5524d52c7f38f005d01a
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-mysql-5.0.3-14.35…
984403d4e005c35544e513c5652f3fff
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-mysqli-5.0.3-14.3…
b7ba99118504fab1f9be54dec3bccb67
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-odbc-5.0.3-14.35.…
7e86de685685af5f0876a375a54a03de
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-pear-5.0.3-14.35.…
ab74c1e6f503b99867a481e61f16d43f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-pgsql-5.0.3-14.35…
7605693d2583717f368a255944a27cb5
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-soap-5.0.3-14.35.…
d1a33171f22821d2c0805544d5d6983a
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-sysvmsg-5.0.3-14.…
93c363acc0194d21d9f5c27585d833fc
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-sysvshm-5.0.3-14.…
3f17403906b03dd1ab8a4ddbff7f6bf8
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-wddx-5.0.3-14.35.…
63b9061a3c379a19b1225a03920f91fa
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-xmlrpc-5.0.3-14.3…
13fd64117d5407e7f6ca87ba22500049
Power PC Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/apache2-mod_php5-5.2.0-12.p…
49370a0dac0af9a5d35b9c3b28d766ad
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-5.2.0-12.ppc.rpm
91bdda88f54fc85e17b0e9f00a95518b
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-bcmath-5.2.0-12.ppc.rpm
4e7a334891c9e5049aee295b8a4c4b63
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-curl-5.2.0-12.ppc.rpm
5958c63254a663131ce88a052983638a
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-dba-5.2.0-12.ppc.rpm
09fb2c7747dd2f37e7cfced288d1e171
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-devel-5.2.0-12.ppc.rpm
3e22fb6fa31665f53a4b94bb12e7b18e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-dom-5.2.0-12.ppc.rpm
9e3d96b8b3f86b7fa2460b6f7c7d82c5
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-exif-5.2.0-12.ppc.rpm
c49f1ef80d881fd5c8e545ebaa7b00cd
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-fastcgi-5.2.0-12.ppc.r…
e1d39a0fa46bbabe26e04885f35a5f28
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-ftp-5.2.0-12.ppc.rpm
90c6e1db4a5b488ccc7699eb22afdc88
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-gd-5.2.0-12.ppc.rpm
c9f97777204d0a881a7c42e01bb16f04
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-iconv-5.2.0-12.ppc.rpm
6c8777fe96a505a132b223ac8b21056a
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-imap-5.2.0-12.ppc.rpm
b7b9e653f01e0cbc0bbe485e53ad81f1
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-ldap-5.2.0-12.ppc.rpm
35065a9c2a2b857b2f00f7b1a3e73c0c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-mbstring-5.2.0-12.ppc.…
987da01184a438f28dc3c8f7cbc0b56c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-mhash-5.2.0-12.ppc.rpm
76c973da08f1d782a951374d474283f4
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-mysql-5.2.0-12.ppc.rpm
fa821e797ecd0276bb88a0528d67405b
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-odbc-5.2.0-12.ppc.rpm
1cd3cfabdb8dd36b7c3e7ee15c8e0404
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-pear-5.2.0-12.ppc.rpm
dfc209b1fee0fb75039bac84717a2370
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-pgsql-5.2.0-12.ppc.rpm
ba18af0da3667f2dcc87aea49cb13073
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-soap-5.2.0-12.ppc.rpm
59d20f1fe24c3d70f5fea4a1233cfdf6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-sysvmsg-5.2.0-12.ppc.r…
08f9b28ff19364d8eb4fd29642264038
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-sysvshm-5.2.0-12.ppc.r…
5fdb9372584b410de2501d7cd0908f8e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-wddx-5.2.0-12.ppc.rpm
e077f3a24ea9bab13f22065ac51abd9c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-xmlrpc-5.2.0-12.ppc.rpm
fb14edcb82d13d48250488160fc96f2b
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-zip-5.2.0-12.ppc.rpm
27f8a733b70b5b3df9bcab5fd2e26605
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-mod_php5-5.1.2-29.2…
96a8765eb048051895047b98b14cef79
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-5.1.2-29.25.3.ppc.rpm
7f152ba79bf24394a3db4e1a4746fd9b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-bcmath-5.1.2-29.25.3.p…
8452c7f97658cc67fc7696b1cf5e2202
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-curl-5.1.2-29.25.3.ppc…
6d89109092b50b323f529251c5b8dfa9
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-dba-5.1.2-29.25.3.ppc.…
11e429790c8c3b273a8fe5d3de2a5730
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-devel-5.1.2-29.25.3.pp…
de04a3a5aaf7794e9b62d1921f6ab19b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-dom-5.1.2-29.25.3.ppc.…
a8849faaa13421176972ea3304e19aaf
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-exif-5.1.2-29.25.3.ppc…
8abedac9d65993b5505abb8bde861df9
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-fastcgi-5.1.2-29.25.3.…
1cf5ba89a4301274e0f6522fbf46786b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-ftp-5.1.2-29.25.3.ppc.…
9073d1860574d46aadfe11d3221e0f2c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-gd-5.1.2-29.25.3.ppc.r…
fad3f6cd03fa37ea5bed275d9d802bcb
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-iconv-5.1.2-29.25.3.pp…
e5a6b5b333829d8e479edb9c26b70e2a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-imap-5.1.2-29.25.3.ppc…
8a6b54dec45bbe4890c3bc6d221fbd22
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-ldap-5.1.2-29.25.3.ppc…
5a15f6184aed34830276f59a8d441e35
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mbstring-5.1.2-29.25.3…
7ff6fbf4934a09ba47d09f6fb1c992ae
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mhash-5.1.2-29.25.3.pp…
6978dbf06c3a6e8bd1c159ef3b84c46a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mysql-5.1.2-29.25.3.pp…
cd5c52bb5d8864869fa0882687a4a40a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mysqli-5.1.2-29.25.3.p…
444322bafbe6c41f59320cdf08c3ee8e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-odbc-5.1.2-29.25.3.ppc…
726ec744656ac7100a0cd7d4b1d1a4fc
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-pear-5.1.2-29.25.3.ppc…
22559ce0e3c5c525f38f989238d1684b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-pgsql-5.1.2-29.25.3.pp…
55bb9238a9932d679206f329d0c209ac
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-soap-5.1.2-29.25.3.ppc…
afac8eb1a744c9dd4613d19cf95f651c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-sysvmsg-5.1.2-29.25.3.…
db6069e3f3e98706463eb73bdd7729f6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-sysvshm-5.1.2-29.25.3.…
d7f0ec56d89508cdb6b02e1c9cce6cf5
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-wddx-5.1.2-29.25.3.ppc…
e194b94cc138f9765fb582afa9ef091f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-xmlrpc-5.1.2-29.25.3.p…
a5c84f731f22831ee6ccbe4b13435247
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-mod_php4-4.4.0…
2e07d17e6a777b893c9526c9db744996
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-mod_php5-5.0.4…
760d7139a5d09b2d012112d32058a618
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mod_php4-core-4.4.0-6.…
1dfa7c78ff075809dff0a5471a1a88b6
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-4.4.0-6.25.ppc.rpm
32e9ad8b13d43b28335e567e5a48eed6
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-devel-4.4.0-6.25.…
40ff643bebdfd44a38af18554f29ab9e
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-exif-4.4.0-6.25.p…
59d340c1856945f0165b04c1f2420e24
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-fastcgi-4.4.0-6.2…
f3bff51a10bf47b8443b59947c9195c9
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-imap-4.4.0-6.25.p…
e76e10edac3c6484152704068f9c0bb5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-mhash-4.4.0-6.25.…
7ae3436f4ee555608ac8c9e4aebe2b35
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-mysql-4.4.0-6.25.…
d63bfae1763e0b3ad03f68ee8bb1de18
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-pear-4.4.0-6.25.p…
05e60500a1e87eaa1baac699682efeea
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-session-4.4.0-6.2…
63980ae15254d7394ed32bc954522295
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-sysvshm-4.4.0-6.2…
0c888a0c88659d4bf5471a3be5f0831a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-unixODBC-4.4.0-6.…
273438360f55e1207d096eb2156bdfe8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-wddx-4.4.0-6.25.p…
d99a9ad906511d7d11e19bb11da7284f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-5.0.4-9.25.ppc.rpm
2cfbfa4449c283f946c62053e28e47cb
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-bcmath-5.0.4-9.25…
1d7704379ba7118f307da5351a426ed5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-curl-5.0.4-9.25.p…
0681bfaa2b5e66a6c1f02acb262700f3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-devel-5.0.4-9.25.…
94481066b3a4c00263529fe7b5cdc696
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-dom-5.0.4-9.25.pp…
3d4c9be7f6bce2ee3b09b8d1ea1a3927
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-exif-5.0.4-9.25.p…
005a5b23fbd021818b4307c8a9509832
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-fastcgi-5.0.4-9.2…
75cc453f1128bce8513159bfb86fb1ff
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-ftp-5.0.4-9.25.pp…
05048c18601503c8ffdeab2b0a1635c1
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-gd-5.0.4-9.25.ppc…
5af7337aa8964eb2eadb0d22c40ecb79
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-iconv-5.0.4-9.25.…
45746aacd4d4beb608249d0fe7d18da2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-imap-5.0.4-9.25.p…
118b9ac1abf8b214938272bbde0bf38b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-ldap-5.0.4-9.25.p…
dfe7ef4c738ea4506092c07d77889e61
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-mbstring-5.0.4-9.…
f5490695fbaa5bde29f0b59c58622b0c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-mhash-5.0.4-9.25.…
7a4e24ba512e78dfecebc2f6ec1e436d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-mysql-5.0.4-9.25.…
2129bba97312f6c3071fbbdab99d07f7
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-mysqli-5.0.4-9.25…
533ebb1bfe2af508654e4444cf94f591
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-odbc-5.0.4-9.25.p…
c2c34c2c8d46416cb181f0dfac480cf9
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-pear-5.0.4-9.25.p…
059f696f5241cfad83f450f0022fd925
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-pgsql-5.0.4-9.25.…
657db304cbbe3ee7971495d1eb5191d2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-soap-5.0.4-9.25.p…
1657b02e4c593b193a26d1d1f34c5004
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-sysvmsg-5.0.4-9.2…
cd53e8ea3ed08ac9be063cc5f742dcd8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-sysvshm-5.0.4-9.2…
6e6b8cf312472043135f7b7a993c24e4
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-wddx-5.0.4-9.25.p…
8670cdcffb49b9b611d117a52342bf84
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-xmlrpc-5.0.4-9.25…
26223d4dcd3942c504c9da98e12e5907
x86-64 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/apache2-mod_php5-5.2.0-1…
6fc7baec7b5ec5ca6d3d07d74827aecc
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-5.2.0-12.x86_64.rpm
c66d9af139ad3b400508853dfeda09fd
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-bcmath-5.2.0-12.x86…
8035f925c26a0d4fb06e91e54b8c6d05
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-curl-5.2.0-12.x86_6…
17dd2121b6710e9ba18210ef531bec1e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-dba-5.2.0-12.x86_64…
d95da72c9e77724d3b603ede1bb9c914
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-devel-5.2.0-12.x86_…
80ad1109a779bfab84da41ad3207ef71
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-dom-5.2.0-12.x86_64…
5c23b8279a5a7073de28c855983214b1
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-exif-5.2.0-12.x86_6…
9cb38772ebb7de686872c6d82d648ab0
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-fastcgi-5.2.0-12.x8…
99feebfe9a7630874a604af784f181f1
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-ftp-5.2.0-12.x86_64…
1df97f146a31b34de52bda12a845112a
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-gd-5.2.0-12.x86_64.…
0860a628bc53fb46d396e594e62cd3fd
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-iconv-5.2.0-12.x86_…
8b08709305f9a322df6de8e3f6bccf27
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-imap-5.2.0-12.x86_6…
a82697ed69ed138c77213abbebfcf853
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-ldap-5.2.0-12.x86_6…
56376e6c7983e3232a786ce3b7be4aa7
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-mbstring-5.2.0-12.x…
68e744f409ece9e3ebb54e1635cbea81
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-mhash-5.2.0-12.x86_…
8ad060629c9e4ecee5f4e5b1bead92e6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-mysql-5.2.0-12.x86_…
bf08f399b780a8eefd9a1f573c780932
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-odbc-5.2.0-12.x86_6…
e65570a8f2ea458189ff915928473b5b
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-pear-5.2.0-12.x86_6…
db54468157f4a51fe8326c873b8d1549
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-pgsql-5.2.0-12.x86_…
00a8f2f1950d34746791d59261f5fb1a
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-soap-5.2.0-12.x86_6…
1530d575261ccd4b23c001d2312933f4
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-sysvmsg-5.2.0-12.x8…
c4dbd19e34ab84061524cadbe7cd2c4e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-sysvshm-5.2.0-12.x8…
192f1ff8ae9bb423185a62a28e521ad7
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-wddx-5.2.0-12.x86_6…
98e74d43115262bf5c2acba07f465fbe
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-xmlrpc-5.2.0-12.x86…
b025401b4013248ec586278e3d1ce23b
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-zip-5.2.0-12.x86_64…
9cdcaee5b2f2e5c0c980e18168c321af
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-mod_php5-5.1.2-2…
4fd8d3fa9744edd5d7f83f95efde8dbf
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-5.1.2-29.25.3.x86_6…
f0c2f62a61536c536fc7823604f535ae
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-bcmath-5.1.2-29.25.…
af10d837432c9c73f1dba82d638cd3b2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-curl-5.1.2-29.25.3.…
3d16d559e804d068804c7309357ce14a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-dba-5.1.2-29.25.3.x…
c2f82c5c554f2ff5fd94c427245f6075
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-devel-5.1.2-29.25.3…
ada96bd2d11eefbae636d523f0a907fa
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-dom-5.1.2-29.25.3.x…
aaf4d830ec47a2414d0549d8d2ec54d2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-exif-5.1.2-29.25.3.…
f765f9ffc0227e75c5bed9da63a83b57
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-fastcgi-5.1.2-29.25…
3b2ea32c19c591563c7b190f250b7cea
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-ftp-5.1.2-29.25.3.x…
ff5fc5fcc18190628c179273efcb0fc0
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-gd-5.1.2-29.25.3.x8…
36e911e68dd41699ba5204709b77a92e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-iconv-5.1.2-29.25.3…
c9ff817e3e3567ae57208f4741fae3a6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-imap-5.1.2-29.25.3.…
39c26262a603f6435621efb4bedcc466
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-ldap-5.1.2-29.25.3.…
e281185be8f10044c02c8fd072c50f75
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mbstring-5.1.2-29.2…
e1c9750409ed17ff024d6921d06f5eb2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mhash-5.1.2-29.25.3…
bb2606332148cc2ccb43421e95364fa0
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mysql-5.1.2-29.25.3…
b75e42616ee017fa1af98ef0fb9abdfc
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mysqli-5.1.2-29.25.…
aa3d99e202f326161d32a5492c95fd15
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-odbc-5.1.2-29.25.3.…
2c4e75b9d7bc4fc950e64caa9d8849f2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-pear-5.1.2-29.25.3.…
09042a4bb4fe75fe1d13910dc3b271be
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-pgsql-5.1.2-29.25.3…
3ec76fa30dce97bf39a38b30349487a0
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-soap-5.1.2-29.25.3.…
0cb6f0ca7ca0d4ed78b60e99fc510b38
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-sysvmsg-5.1.2-29.25…
742992ef40458fa2b94c9d1405d92701
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-sysvshm-5.1.2-29.25…
d1251f1b468f444e858b8be6c60e6a77
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-wddx-5.1.2-29.25.3.…
90c1320bbc5e7354ba9d189a152c4559
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-xmlrpc-5.1.2-29.25.…
1e79521e5a2febd20ccfa3b0573c3432
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-mod_php4-4.…
925516a11b920e10489c1cf5bdf871eb
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-mod_php5-5.…
f6f15dc828084191ec5d2e2641638371
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mod_php4-core-4.4.0…
d8285a7d9a4631a3b136e3df02905ac4
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mod_php4-servlet-4.…
d1dea83ebba87c93da8c0c10cc50518f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-32bit-4.4.0-6.…
7f8be06667f3be70c50fff464396bc00
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-4.4.0-6.25.x86…
f326c18b79cb38ae322d6fa4d017fc33
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-devel-4.4.0-6.…
0eae16871bdded2a254141349320cdc3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-exif-4.4.0-6.2…
e77f72fa9dcd5c221b95a72a7d28392f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-fastcgi-4.4.0-…
a0a6b70c368de79f4dc67e08ba669d38
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-imap-4.4.0-6.2…
81f36a9101e13af4851cfd3352c970b8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-mhash-4.4.0-6.…
6446a1e4eaa2d7491d7e6cf77bafc605
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-mysql-4.4.0-6.…
4b1dd084f492c2146461978c4b32e3f4
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-pear-4.4.0-6.2…
2a376b42917264e6ca0272071394eca6
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-servlet-4.4.0-…
a277896ba45191dfc4e8c1f227101aa3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-session-4.4.0-…
3a174a8827455f05f31cbcb64365c7ff
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-sysvshm-4.4.0-…
de9be6eb9df1d511643e2556d8db3e15
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-unixODBC-4.4.0…
8de27ff48379f08e3432ca68796fe4fb
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-wddx-4.4.0-6.2…
302e716290d6d25fe5e2856d686e1e6d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-5.0.4-9.25.x86…
67c3765f4c290ec2374601cb37fb14dc
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-bcmath-5.0.4-9…
84e87d9548fdc8e58d25c21b32785d61
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-curl-5.0.4-9.2…
412ee31631d23f0ea69a49b6f3476855
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-devel-5.0.4-9.…
5d665cecdb179352d9daee78ae341d3c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-dom-5.0.4-9.25…
8e73ad5f45a549b415e2f0377de76a90
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-exif-5.0.4-9.2…
03a0a80e990d92e864d48bcd60c95677
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-fastcgi-5.0.4-…
bc51d867ec17930815a177831072f623
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-ftp-5.0.4-9.25…
797ac418702fa602aae8954c9015d613
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-gd-5.0.4-9.25.…
00e4f452b244b388f992ce71e0877b2d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-iconv-5.0.4-9.…
a30de85bf0749d4d2926b65d24234c4c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-imap-5.0.4-9.2…
063d3d4eb77d8c6d3fff329384f02c0a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-ldap-5.0.4-9.2…
70464454a2fceab33e4cea0b254d7e51
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-mbstring-5.0.4…
df8ff7a4420eb8ba7033f333a87bae43
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-mhash-5.0.4-9.…
d22609c830fe2374d836acd72396740f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-mysql-5.0.4-9.…
3c3c04769a76c72ecc861a2885e17ec7
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-mysqli-5.0.4-9…
30d795b17a5466d9b084804558ad9752
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-odbc-5.0.4-9.2…
df3ef7d2905ae6d7cf142b32f572aad6
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-pear-5.0.4-9.2…
4c7cc9ec050f864d7a59a7279cddeaa7
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-pgsql-5.0.4-9.…
25c9dce3ae41bb304979a849e4053442
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-soap-5.0.4-9.2…
d342f0ede7e2c551981c0c21da51e730
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-sysvmsg-5.0.4-…
c7112ad40246f8266184ec7ef8b7d3fa
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-sysvshm-5.0.4-…
dbf8bf0d818a3546bc6afb376c89b401
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-wddx-5.0.4-9.2…
87332ebcf13f46c8b5c688cab2866058
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-xmlrpc-5.0.4-9…
f2c73bc637cd12522ae8c86f70a62ad1
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-mod_php4-4.3…
24c98fc36a7faedeb779ee3b4e7f73d5
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-mod_php5-5.0…
f149fb043389b18f07636d5420d04859
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mod_php4-core-4.3.10…
e4b857236ec89f4df684f395fe2a61f7
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mod_php4-servlet-4.3…
19beaafa8455cb98942d0f3d5b02040b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-32bit-9.3-7.15.…
020249f005fc4c83ddc82d93a9af555d
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-4.3.10-14.35.x8…
b5f0f23719fee99f7be239f4626bfaf8
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-devel-4.3.10-14…
c107e9024a50fa776cc86f1b92772b38
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-exif-4.3.10-14.…
32e519b534c9cb80317846887c72ed48
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-fastcgi-4.3.10-…
05364fe8e32876398df9969cdc3449d3
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-imap-4.3.10-14.…
ec18bfb5c0951198107b689ebb10ad43
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-mhash-4.3.10-14…
1e16bdfb510fb7fa16d83f8b4cd0785f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-mysql-4.3.10-14…
2b55db2d8f7e96ede5620e0d8f7eae1f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-pear-4.3.10-14.…
1ba53024f74739ce15112572c2a4bda0
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-servlet-4.3.10-…
61a8c92d790f1c57de862ca0a9f4ecb4
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-session-4.3.10-…
5f29a4a5e1070e69392839babfc9d807
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-sysvshm-4.3.10-…
df12f1e25c87c6759e9345e43b581aad
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-unixODBC-4.3.10…
0dd8c6e5334e71c05d9ca288d47d02cc
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-wddx-4.3.10-14.…
90c2e65ea424eec06c2bfa8f66e3723a
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-5.0.3-14.35.x86…
37037d199b1b98deaac852867a598c40
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-bcmath-5.0.3-14…
49e60a5c8a34eb49259d7715ec41997f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-curl-5.0.3-14.3…
ec2da88d11ffc3f4bd44e208b5a067fa
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-dba-5.0.3-14.35…
7d92a633ec5c977ec9a6a397c95f6b93
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-devel-5.0.3-14.…
3e8bd1deb04c3c43f6cb93c48f71aba8
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-dom-5.0.3-14.35…
e7e43bd96742374b7ab5863b685a28b3
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-exif-5.0.3-14.3…
d5b0ab6c51eed967c8349436bcfdff45
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-fastcgi-5.0.3-1…
cdef9f778140ce0b1e1341c7825a44af
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-ftp-5.0.3-14.35…
591036b10c3fd895ec839670e2ed054d
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-gd-5.0.3-14.35.…
d93d1069b2fa4d18c362ce32196b3e28
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-iconv-5.0.3-14.…
165d04fe427b8aa5156a5e25e382855b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-imap-5.0.3-14.3…
dec99b3448519cc4de53ecc46de2d857
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-ldap-5.0.3-14.3…
d59f0276ea7d364677954f97b4d75a34
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-mbstring-5.0.3-…
758be866ae6ac8579d2f35f061832b72
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-mhash-5.0.3-14.…
aaff90fa07e919e693d28775d8bb9836
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-mysql-5.0.3-14.…
d37113b54225deaf5429e0a500ab1bce
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-mysqli-5.0.3-14…
3b18b0e056a97101eaacdfb6ba0afb66
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-odbc-5.0.3-14.3…
5a2d02e6e6ee2d9f1d835084356598bb
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-pear-5.0.3-14.3…
1df56255aeaacdbb2f3cda07f4415bc0
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-pgsql-5.0.3-14.…
2d1022c22576ab61220752954d3d2c6b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-soap-5.0.3-14.3…
61ccceb26be012b279c3ad6c7caefd64
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-sysvmsg-5.0.3-1…
3a21ebb1f5044c1230b4951bb49b3108
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-sysvshm-5.0.3-1…
368d4b69de42fd1710c7e0d2578fe124
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-wddx-5.0.3-14.3…
8e19f2b753c8db27b07fb9fa19390e78
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-xmlrpc-5.0.3-14…
0ab3c2307a3acf9da9fda3f7b7fc58d1
Sources:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/php5-5.2.0-12.src.rpm
a1df0dc4add87807ff937b0b03d3e2f1
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/php5-5.1.2-29.25.3.src.rpm
1d5a89b185eb0dd5a5b62f4b711dc2ac
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/php4-4.4.0-6.25.src.rpm
bc4579898653534197b3203e5b2c8c17
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/php5-5.0.4-9.25.src.rpm
6993a1bafdb3a19e1a66e5eda2d862ef
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/php4-4.3.10-14.35.src.r…
f87c049c55af281c456769dc620b0ee7
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/php5-5.0.3-14.35.src.rpm
ce9e2f1c8500dbb0b8b1edead40d2550
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
SUSE SLES 10
http://support.novell.com/techcenter/psdb/f36e1cd46e4c288ce275fae334efd2b8.…
SLE SDK 10
http://support.novell.com/techcenter/psdb/f36e1cd46e4c288ce275fae334efd2b8.…
Open Enterprise Server
http://support.novell.com/techcenter/psdb/9331ab8ca1a0615674f5dd979bd4b413.…
Novell Linux POS 9
http://support.novell.com/techcenter/psdb/9331ab8ca1a0615674f5dd979bd4b413.…
SUSE SLES 9
http://support.novell.com/techcenter/psdb/9331ab8ca1a0615674f5dd979bd4b413.…
UnitedLinux 1.0
http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.…
SuSE Linux Openexchange Server 4
http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.…
SuSE Linux Enterprise Server 8
http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.…
SuSE Linux Standard Server 8
http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.…
SuSE Linux School Server
http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.…
SUSE LINUX Retail Solution 8
http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBRfka3Hey5gA9JdPZAQLKXgf/eRodO1QCZx6QsYAv71XKOQOlPR9Zz0WG
pYkE3DHuo04u7Znf5DxcArLBYFDDnTzNPW6YDEZsbpnSWoj77BnF2Zr4CL6AO3GK
cz/ZvHDE07lQi+Pj9yFol074Em96PtZIC0deTANBKvqQWReGIxgYFnvQHUro8rr4
3Izc9rlMRWAqlZ6nLFnhNSPEChqTBrZj2mlnNYn292HER9O21ultfe/og3w/Pxss
cHs45KZ3NZ/7VuClbl6YkZDVeq1t1uod75xGcOYdXOmzpb1+X8PF27JXwkTIpvyF
QA9tLKqbA0+d7NkSgZlVTYPiM/cyc7KTXXe/xmKcpEpynrkqt7U9CA==
=qJrc
-----END PGP SIGNATURE-----
1
0
Dear suse-security-announce subscribers and SUSE Linux users,
SUSE Security announces that SUSE Linux 9.3 will be discontinued soon.
Having provided security-relevant fixes for more than two years,
vulnerabilities found in SUSE Linux 9.3 after April 15th 2007 will not
be fixed any more for this product. We expect to release the last updates
around April 30th 2007.
Please do not confuse SUSE Linux 9.3 with SUSE Linux Enterprise Server 9
Service Pack 3, these are two different products.
As a consequence, the SUSE Linux 9.3 distribution directory on our
ftp server ftp.suse.com will be moved from /pub/suse/i386/9.3/
to the /pub/suse/discontinued/ directory tree structure to free
space on our mirror sites. The 9.3 directory in the update tree
/pub/suse/update/9.3 will follow, as soon as all updates have
been published.
The discontinuation of SUSE Linux 9.3 enables us to focus on the SUSE
Linux and openSUSE distributions of a newer release dates to ensure that
our customers can continuously take advantage of the quality that they
are used to with SUSE Linux products.
This announcement holds true for SUSE Linux 9.3 only. As usual, SUSE
will continue to provide update packages for the following products:
SUSE Linux 10.0
SUSE Linux 10.1
and
openSUSE 10.2
for a two-year period after the release of the respective distribution.
Please note that the maintenance cycles of SUSE Linux Enterprise products
and products based on the SUSE Linux Enterprise Server operating system
are not affected by this announcement and have longer life cycles.
Other products that will be discontinued this year:
After 2 years of security support:
* SUSE Linux 10.0 - October 31st 2007
After 5 years of maintenance and security support:
* SUSE Linux Desktop 1.0 - November 30th 2007
* SUSE Linux Enterprise Server 8 - November 30th 2007
SUSE Linux Standard Server 8
SUSE Linux Retail Solution 8
SUSE Linux Openexchange Server 4.0
SUSE Linux Openexchange Server 4.1
United Linux 1.0
To learn more about SUSE Linux business products, please visit
http://www.novell.com/linux/suse/ . For a detailed list of the life cycles
of our Enterprise Products please visit http://support.novell.com/lifecycle/
and http://support.novell.com/lifecycle/lcSearchResults.jsp?sl=suse
If you have any questions regarding this announcement, please do not
hesitate to contact SUSE Security at <security(a)suse.de>.
1
0
06 Mar '07
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: MozillaFirefox,seamonkey
Announcement ID: SUSE-SA:2007:019
Date: Tue, 06 Mar 2007 18:00:00 +0000
Affected Products: SUSE LINUX 9.3
SUSE LINUX 10.0
SUSE LINUX 10.1
openSUSE 10.2
Novell Linux Desktop 9
SUSE SLED 10
SUSE SLES 10
Vulnerability Type: remote code execution
Severity (1-10): 6
SUSE Default Package: yes
Cross-References: CVE-2006-6077, CVE-2007-0008, CVE-2007-0009
CVE-2007-0775, CVE-2007-0776, CVE-2007-0777
CVE-2007-0778, CVE-2007-0779, CVE-2007-0780
CVE-2007-0800, CVE-2007-0981, CVE-2007-0994
CVE-2007-0995, CVE-2007-0996, CVE-2007-1092
MFSA 2006-72, MFSA 2007-01, MFSA 2007-02
MFSA 2007-03, MFSA 2007-04, MFSA 2007-05
MFSA 2007-06, MFSA 2007-08, MFSA 2007-09
Content of This Advisory:
1) Security Vulnerability Resolved:
Mozilla Firefox security release 1.5.0.10 / 2.0.0.2
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The Mozilla Firefox web browser was updated to security update version
1.5.0.10 on older products and Mozilla Firefox to version 2.0.0.2 on
openSUSE 10.2 to fix various security issues.
Updates for the Mozilla seamonkey suite before 10.2, Mozilla Suite
and Mozilla Thunderbird are still pending.
Full details can be found on:
http://www.mozilla.org/projects/security/known-vulnerabilities.html
- MFSA 2007-01: As part of the Firefox 2.0.0.2 and 1.5.0.10 update
releases several bugs were fixed to improve the stability of the
browser. Some of these were crashes that showed evidence of memory
corruption and we presume that with enough effort at least some of
these could be exploited to run arbitrary code. These fixes affected
the layout engine (CVE-2007-0775), SVG renderer (CVE-2007-0776)
and javascript engine (CVE-2007-0777).
- MFSA 2007-02: Various enhancements were done to make XSS exploits
against websites less effective. These included fixes for invalid
trailing characters (CVE-2007-0995), child frame character set
inheritance (CVE-2007-0996), password form injection (CVE-2006-6077),
and the Adobe Reader universal XSS problem.
- MFSA 2007-03/CVE-2007-0778: AAd reported a potential disk cache
collision that could be exploited by remote attackers to steal
confidential data or execute code.
- MFSA 2007-04/CVE-2007-0779: David Eckel reported that browser UI
elements--such as the host name and security indicators--could be
spoofed by using a large, mostly transparent, custom cursor and
adjusting the CSS3 hot-spot property so that the visible part of
the cursor floated outside the browser content area.
- MFSA 2007-05: Manually opening blocked popups could be exploited by
remote attackers to allow XSS attacks (CVE-2007-0780) or to execute
code in local files (CVE-2007-0800).
- MFSA 2007-06:
Two buffer overflows were found in the NSS handling of Mozilla.
CVE-2007-0008: SSL clients such as Firefox and Thunderbird can suffer
a buffer overflow if a malicious server presents a certificate
with a public key that is too small to encrypt the entire "Master
Secret". Exploiting this overflow appears to be unreliable but
possible if the SSLv2 protocol is enabled.
CVE-2007-0009: Servers that use NSS for the SSLv2 protocol can
be exploited by a client that presents a "Client Master Key" with
invalid length values in any of several fields that are used without
adequate error checking. This can lead to a buffer overflow that
presumably could be exploitable.
- MFSA 2007-06/CVE-2007-0981: Michal Zalewski demonstrated that setting
location.hostname to a value with embedded null characters can
confuse the browsers domain checks. Setting the value triggers a
load, but the networking software reads the hostname only up to
the null character while other checks for "parent domain" start at
the right and so can have a completely different idea of what the
current host is.
- MFSA 2007-08/CVE-2007-1092: Michal Zalewski reported a memory
corruption vulnerability in Firefox 2.0.0.1 involving mixing
the onUnload event handler and self-modifying document.write()
calls. This flaw was introduced in Firefox 2.0.0.1 and 1.5.0.9 and
does not affect earlier versions; it is fixed in Firefox 2.0.0.2
and 1.5.0.10.
- MFSA 2007-09/CVE-2007-0994: moz_bug_r_a4 reports that the fix for
MFSA 2006-72 in Firefox 1.5.0.9 and Firefox 2.0.0.1 introduced a
regression that allows scripts from web content to execute arbitrary
code by setting the src attribute of an IMG tag to a specially
crafted javascript: URI.
The same regression also caused javascript: URIs in IMG tags to be
executed even if JavaScript execution was disabled in the global
preferences. This facet was noted by moz_bug_r_a4 and reported
independently by Anbo Motohiko.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please close and restart all running instances of Firefox after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-2.0.0.2-1.1…
02e3d51d0b3420cc9397760f0e86d191
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-translation…
7b0f32ecd094d7eef87733b3e3476673
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-1.1.1-0.1.i586.r…
84df0ff9847008b5db52b4c1ae934210
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-dom-inspector-1.…
f90f3afd0bff86b4da3dbb05a2c2335d
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-irc-1.1.1-0.1.i5…
80ac7fdac2cc547c76b5eedd482bb082
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-mail-1.1.1-0.1.i…
91992945df0728e4260ae2ddfb7d3281
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-spellchecker-1.1…
a4c38e8b67b32883b7d2a8c43672e762
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-venkman-1.1.1-0.…
907c12a9bb1662652126d643fe851fcc
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/MozillaFirefox-1.5.0.10-0.…
6e55236e3b80b3894969c655f9ebf2a4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/MozillaFirefox-translation…
6d61e4d6e1d6dbc9445cc3f6b6ed30e3
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaFirefox-1.5.0.…
d94fa79fb7f0de31f8d9f90baa617ca1
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaFirefox-transl…
1d3fddf5349977a9caead4b47878e51d
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-1.5.0.1…
f6e7cc76afc0fef155553f735fe653b7
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaFirefox-transla…
9e7435497cd97dcd1f38105a6b080d8c
Power PC Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/MozillaFirefox-2.0.0.2-1.1.…
5c6b5efd358c074106dcef14acb89f23
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/MozillaFirefox-translations…
1a6991caad9a490822710e4fcf838c9c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-1.1.1-0.1.ppc.rpm
c0dc8bbb08a3d06b656258a86710bc45
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-dom-inspector-1.1…
c834417d2d1db92f284a12c9f88f71d0
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-irc-1.1.1-0.1.ppc…
469a2f5b1968979582291477e83260dd
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-mail-1.1.1-0.1.pp…
21d9f56ac5b93d70f47eba112505e209
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-spellchecker-1.1.…
c550ce638db6e7f8d7fb3f3e037de53a
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-venkman-1.1.1-0.1…
58c4aced409456293248113d32a00dbf
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/MozillaFirefox-1.5.0.10-0.2…
4140a6709fabce8a52a9ccaeaeb7bb1a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/MozillaFirefox-translations…
ac0d3d387e2f1930f331fee0800e462b
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/MozillaFirefox-1.5.0.1…
76e3f52dd691ca5b652edce6c697070f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/MozillaFirefox-transla…
3652ee25f11e32a518294ad8b4314b23
x86-64 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/MozillaFirefox-2.0.0.2-1…
ae21afdc3451c6517c228b7cb012bbc7
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/MozillaFirefox-translati…
9ec91717a80c8ad5947d6d6e2fc99d01
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-1.1.1-0.1.x86_…
aa9b1d5d7cf62fcc990aabcae84e7c39
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-dom-inspector-…
d8ac0deb3f11edc0439ce11153a04fbe
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-irc-1.1.1-0.1.…
1554c4a8c75564ae02c720455f29775b
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-mail-1.1.1-0.1…
779e371deec7bf589bda6b3d6fdd4069
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-spellchecker-1…
2ffba2b0ea7bbaf5806e03c7ffe58ac4
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-venkman-1.1.1-…
3761ab7b9fc06cc114a609c322d18803
Sources:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/MozillaFirefox-2.0.0.2-1.1.…
f77b9222e0a60e6638a3e0f343fea209
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/seamonkey-1.1.1-0.1.src.rpm
ae42228f39110de8d0699694458ff88e
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/MozillaFirefox-1.5.0.10-0.2…
8f80ec015760d1fd3d25f30be2d5ef01
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/MozillaFirefox-1.5.0.1…
748849a36a1990fea5bdb75b3bd0bcf3
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/MozillaFirefox-1.5.0.10…
f7d79ad15eeed3798e91a31cace3022d
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
Novell Linux Desktop 9
http://support.novell.com/techcenter/psdb/66969064f4a01b40dabf533d22cb76ee.…
Novell Linux Desktop 9 for x86
http://support.novell.com/techcenter/psdb/66969064f4a01b40dabf533d22cb76ee.…
SUSE SLES 10
http://support.novell.com/techcenter/psdb/1cbeadd626068e3518e641d88f149a11.…
SUSE SLED 10
http://support.novell.com/techcenter/psdb/1cbeadd626068e3518e641d88f149a11.…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
suse-security-announce(a)suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe(a)suse.com>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBRe2d5Xey5gA9JdPZAQIolQf/fUMZUfMhVUETAT0TDxs2sSBzkT138JLx
xlcq0BAcSmQ6bh75XUKPj7W35nnjGPGlhGYinpgRJcTCPHcn4RGPiGJimEU2hxxH
7TlgkE8uAGEmLPRus9xpTdrvxs6BreZ+g+e347wDepQDLU8l7u8tNtZ73UxeP1BH
uoqxdHIqUEVEBsLX/tSo954QMmuExcV0JoQZJu8KQhR3RCqT2NAsjv1VF8Uw8rTs
nL3AAlSCZUopPGpKjzJruCQ0kppaBe8SrTMt2CWIUtdnUbDUHLANxMFk0FbaVoGY
x53M03rgxeqbRTPIlTcGP0enUG/EYYDNvn5Vzu5Pd6ivDLhZ+Gm6Tw==
=MvXE
-----END PGP SIGNATURE-----
1
0