openSUSE Security Announce
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
July 2007
- 1 participants
- 10 discussions
20 Jul '07
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2007:014
Date: Fri, 20 Jul 2007 12:00:00 +0000
Cross-References: CVE-2005-4835, CVE-2006-4168, CVE-2006-7177
CVE-2006-7178, CVE-2006-7179, CVE-2006-7180
CVE-2007-0720, CVE-2007-1558, CVE-2007-2447
CVE-2007-2645, CVE-2007-2829, CVE-2007-2830
CVE-2007-2831, CVE-2007-2948, CVE-2007-3257,
CVE-2007-3372
Content of this advisory:
1) Solved Security Vulnerabilities:
- MPlayer CDDB handling buffer overflow
- madwifi site remote denial of service problems
- samba bugfix regression update
- cups denial of service regression fix
- libexif denial of service problems
- evolution IMAP SEQUENCE buffer overflow
- mutt APOP password disclosure problem
- avahi local denial of service
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
- Mozilla Firefox/Thunderbird/Seamonkey update
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for minor
issues, SUSE Security releases weekly summary reports for the low profile
vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums
or download URLs like the SUSE Security Announcements that are released for
more severe vulnerabilities.
Fixed packages for the following incidents are already available on our FTP
server and via the YaST Online Update.
- MPlayer CDDB handling buffer overflow
A buffer overflow in parsing of CDDB entries was fixed in MPlayer.
This could be exploited by malicious CDDB servers to inject
code. (CVE-2007-2948)
MPlayer is only SUSE Linux Desktop 1.0 and an update was released
for this product.
- Madwifi site remote denial of service problems
The madwifi driver and userland packages were updated to 0.9.3.1
to fix several denial of service problems.
Due to versioning problems that would have caused the madwifi KMP
RPMs not to be installed the RPM version still says "0.9.3", the
content is the 0.9.3.1 version.
This update fixes following security problems:
CVE-2007-2829: The 802.11 network stack in net80211/ieee80211_input.c
in Madwifi before 0.9.3.1 allows remote attackers to cause a denial
of service (system hang) via a crafted length field in nested
802.3 Ethernet frames in Fast Frame packets, which results in a
NULL pointer dereference.
CVE-2007-2830: The ath_beacon_config function in if_ath.c in Madwifi
before 0.9.3.1 allows remote attackers to cause a denial of service
(system crash) via crafted beacon interval information when scanning
for access points, which triggers a divide-by-zero error.
CVE-2007-2831: Array index error in the (1) ieee80211_ioctl_getwmmparams
and (2) ieee80211_ioctl_setwmmparams functions in
net80211/ieee80211_wireless.c in Madwifi before 0.9.3.1 allows local
users to cause a denial of service (system crash), possibly obtain
kernel memory contents, and possibly execute arbitrary code via a
large negative array index value.
"remote attackers" for this problem are attackers within range of
the WiFi reception of the card.
Please note that the problems fixed in 0.9.3 were fixed by the
madwifi Version upgrade to 0.9.3 in the SUSE Linux Enterprise Desktop
Service Pack 1 already but not listed in a separate advisory.
(CVE-2005-4835, CVE-2006-7177, CVE-2006-7178, CVE-2006-7179,
CVE-2006-7180).
Only SUSE Linux Desktop 10 contains the affected madwifi driver.
- Samba bugfix regression update
A samba update was released that fixes several regressions introduced
by an earlier security update.
The previous security fix for CVE-2007-2447 missed one character
in the shell escape handling.
Also fixed were some non-security related regressions introduced by the
previous update.
- cups denial of service regression fix
CUPS packages were released to fix another denial of service problem
introduced by the previous Denial of Service Fix for CVE-2007-0720, which was
incomplete.
All SUSE Linux based products were affected.
- libexif denial of service problems
Two security problems were fixed in libexif.
CVE-2007-2645: A denial of service problem (crash) was fixed in the
EXIF Loader of libexif, which could be used to crash the browser or
image viewer when it interprets the EXIF tags in prepared JPEG files.
CVE-2006-4168: An integer overflow during loading EXIF entries was
fixed that could lead to a denial of service (crash) or potential
code execution.
All SUSE Linux based products containing libexif and libexif5 were affected.
- evolution IMAP SEQUENCE buffer overflow
A security problem was fixed in the evolution / evolution-data-server
package, where a malicious IMAP server could execute code
within evolution by sending a malformed response to a SEQUENCE
command. (CVE-2007-3257)
This affects all SUSE Linux based products containing evolution.
- mutt APOP password disclosure problem
This update of mutt fixes a vulnerability in the APOP implementation
that allows an active attacker to guess three bytes of the password.
(CVE-2007-1558)
All SUSE Linux based products containing mutt were affected and fixed.
- avahi local denial of service
A security problem was fixed in avahi, where local attackers could
send empty TXT data via D-BUS, causing the avahi daemon to exit.
This issue has been assigned the Mitre CVE ID CVE-2007-3372 and
it was fixed for SUSE Linux Enterprise 10, SUSE Linux 10.1 and
openSUSE 10.2.
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
- Mozilla Firefox/Thunderbird/Seamonkey update
Mozilla Firefox and Thunderbird 2.0.0.5 have been released and fix
various security issues.
We are currently preparing updates.
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and integrity of a
package needs to be verified to ensure that it has not been tampered with.
The internal RPM package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on RPMv4-based
distributions) and the gpg key ring of 'root' during installation. You can
also find it on the first installation CD and included at the end of this
announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBRqCKoney5gA9JdPZAQKm8gf/RFKRr8E2EUJqB9e0xY2anSVhJxWlCel/
8DLXAia6QuDzfv9gRiluDclWLGLWc72P4bM5YwumdsIObUok6qZ3rHDHYOUwTF/W
qct/X/vFALwunNXZ6Uwczt2seggniSdjc28xhZHuzfhpErYU0hXewxMVfOnIyc+K
jDRRSEI8EcUTvbzbuqUywbvjlhHeVIXy9oPTdkvdnvntSnxDXwPxtK8Uu4RyOf9E
SyrHajke6kHUMQ8iiTGNpEpOcHJTYupVfi7Xg4fE7M/6/5KNUlA4ghq4nojQZNeL
QY73kiD/TxU2PyCIKbXHGsrMgy8ub5tlzYw4mAb5b0v1WsWkmsjt0w==
=wpcZ
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE Security Announcement: flash-player (SUSE-SA:2007:046)
by Marcus Meissner 19 Jul '07
by Marcus Meissner 19 Jul '07
19 Jul '07
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: flash-player
Announcement ID: SUSE-SA:2007:046
Date: Thu, 19 Jul 2007 13:00:00 +0000
Affected Products: SUSE LINUX 10.0
SUSE LINUX 10.1
openSUSE 10.2
UnitedLinux 1.0
SuSE Linux Enterprise Server 8
SuSE Linux Openexchange Server 4
SuSE Linux Desktop 1.0
SuSE Linux Standard Server 8
SuSE Linux School Server
SUSE LINUX Retail Solution 8
Novell Linux Desktop 9
SUSE Linux Enterprise Desktop 10 SP1
Vulnerability Type: remote code execution
Severity (1-10): 8
SUSE Default Package: yes
Cross-References: CVE-2007-2022, CVE-2007-3456, CVE-2007-3457
Content of This Advisory:
1) Security Vulnerability Resolved:
Adobe Flash Player security problems
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The Adobe Flash Player was updated to fix various security issues.
New versions:
- Flash 7.0.70.0: SUSE Linux 10.0, Novell Linux Desktop 9,
SUSE Linux Desktop 1.0 and SUSE Linux Enterprise Server 8
- Flash 9.0.48.0: SUSE Linux 10.1, openSUSE 10.2 and SUSE Linux
Enterprise Desktop 10.
Security issues resolved:
- CVE-2007-3456: An input validation error has been identified in
Flash Player 9.0.45.0 and earlier versions that could lead to the
potential execution of arbitrary code. This vulnerability could
be accessed through content delivered from a remote location via
the user's web browser, email client, or other applications that
include or reference the Flash Player.
- CVE-2007-3457: An issue with insufficient validation of the HTTP
Referer has been identified in Flash Player 8.0.34.0 and
earlier. This issue does not affect Flash Player 9. This issue
could potentially aid an attacker in executing a cross-site request
forgery attack.
- CVE-2007-2022: The Linux and Solaris updates for Flash Player 7
(7.0.70.0) address the issues with Flash Player and the Opera and
Konqueror browsers described in Security Advisory APSA07-03. These
issues do not impact Flash Player 9 on Linux or Solaris.
The web browsers Opera and konqueror that were affected by CVE-2007-2022
have already been fixed independently.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please close and restart all running instances of flash after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/flash-player-9.0.48.0-1.1.…
131ba264fcdabc55a568c15b588c6ecd
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/flash-player-9.0.48.0-1.2.…
98bc9952b35fc72f82a2146b074bfbb9
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/flash-player-7.0.70.0…
775613fa6a09b9359e07c87b5efe1d5a
Sources:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/flash-player-9.0.48.0-1.1.s…
9cccf1386487f58c7b619785d31ee4b0
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/flash-player-9.0.48.0-1.2.s…
7ac2087cb331b1188837c9baf42d4dd4
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/flash-player-7.0.70.0-…
2078936c1bb42c55eb85e7fd6ca62a53
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
UnitedLinux 1.0
http://support.novell.com/techcenter/psdb/a3ed2a4c78f6382bffe9aeb90de5f965.…
SuSE Linux Openexchange Server 4
http://support.novell.com/techcenter/psdb/a3ed2a4c78f6382bffe9aeb90de5f965.…
SuSE Linux Enterprise Server 8
http://support.novell.com/techcenter/psdb/a3ed2a4c78f6382bffe9aeb90de5f965.…
SuSE Linux Standard Server 8
http://support.novell.com/techcenter/psdb/a3ed2a4c78f6382bffe9aeb90de5f965.…
SuSE Linux School Server
http://support.novell.com/techcenter/psdb/a3ed2a4c78f6382bffe9aeb90de5f965.…
SUSE LINUX Retail Solution 8
http://support.novell.com/techcenter/psdb/a3ed2a4c78f6382bffe9aeb90de5f965.…
SuSE Linux Desktop 1.0
http://support.novell.com/techcenter/psdb/a3ed2a4c78f6382bffe9aeb90de5f965.…
Novell Linux Desktop 9
http://support.novell.com/techcenter/psdb/11185d1d77c266319dacb704d254fd94.…
SUSE Linux Enterprise Desktop 10 SP1
http://support.novell.com/techcenter/psdb/11185d1d77c266319dacb704d254fd94.…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBRp9XDXey5gA9JdPZAQI33Qf+J42AkFwWGzdjIFrggljEIZPX02INQBvs
RwaSuHsJ7EsGA9eJ9wN+GSlHFqOedgL0fAomBAr+WNqtuUTg3R7E8PX0kTmD3cKI
nAZIgOD4lGD5dJYNsbiC0lzklJgMrvTNEZwVOHE+QhbHZe65BFrlXHJjWLxJjivo
dDS70HbFZRXNq14DRwzKGJdEl+A5yqP93OzcrtM3E75+jHrdieA2ww3F/C7+F/Jt
OrzbSiMHmdxExP4OnKWDDg23h46vVx5RDcsMHN2eBBWErMHDtYYedGtC06tYMKZn
TlLduG8Z8aS3apKk0ZMfXoGaFi0Fossi5DrTHiHdreDR3gCtoXDaAw==
=xNe/
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE Security Announcement: Java security problems (SUSE-SA:2007:045)
by Marcus Meissner 18 Jul '07
by Marcus Meissner 18 Jul '07
18 Jul '07
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: IBM Java, Sun Java
Announcement ID: SUSE-SA:2007:045
Date: Wed, 18 Jul 2007 18:00:00 +0000
Affected Products: SUSE LINUX 10.0
SUSE LINUX 10.1
openSUSE 10.2
UnitedLinux 1.0
SuSE Linux Enterprise Server 8
SuSE Linux Openexchange Server 4
SuSE Linux Desktop 1.0
SuSE Linux Standard Server 8
SuSE Linux School Server
SUSE LINUX Retail Solution 8
SUSE SLES 9
Novell Linux Desktop 9
Open Enterprise Server
Novell Linux POS 9
SUSE Linux Enterprise Desktop 10 SP1
SLE SDK 10 SP1
SUSE Linux Enterprise Server 10 SP1
Vulnerability Type: remote code execution
Severity (1-10): 8
SUSE Default Package: yes
Cross-References: CVE-2006-6736, CVE-2006-6737, CVE-2006-6745
CVE-2007-0243, CVE-2007-2788, CVE-2007-2789
CVE-2007-3004, CVE-2007-3005
Content of This Advisory:
1) Security Vulnerability Resolved:
various java security problems
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
- Correction for kernel advisory SUSE-SA:2007:043
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
Both the IBM and Sun Java environments had several security issues
which have been fixed by upgrading to their current patch levels.
IBM Java JRE/SDK 1.3 was updated to 1.3.1 SR10.
IBM Java JRE/SDK 1.4 was updated to 1.4.2 SR8.
IBM Java JRE/SDK 5 was updated to 5.0 SR3.
Sun Java JRE/SDK 1.3 was updated to 1.3.1_20.
Sun Java JRE/SDK 1.4 was updated to 1.4.2_15.
Sun Java JRE/SDK 1.5.0 was updated to 1.5.0_12.
For IBM Java please also check the web page
http://www-128.ibm.com/developerworks/java/jdk/alerts/
for more details.
For Sun Java please also check the web page
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1
for more details.
Affecting both sets of JDKs:
- CVE-2007-0243: A buffer overflow vulnerability in the Java(TM)
Runtime Environment may allow an untrusted applet to elevate its
privileges. For example, an applet may grant itself permissions to
read and write local files or execute local applications that are
accessible to the user running the untrusted applet.
IBM Java specific (fixed already for Sun Java in SUSE-SA:2007:003) problems:
- CVE-2006-6737/CVE-2006-6736: Two vulnerabilities in the Java Runtime
Environment may independently allow an untrusted applet to access
data in other applets.
- CVE-2006-6745: Two vulnerabilities in the Java(TM) Runtime
Environment with serialization may independently allow an untrusted
applet or application to elevate its privileges.
Sun Java specific (fixed for IBM Java in later versions):
- CVE-2007-2788 / CVE-2007-3004: Integer overflow in the embedded ICC
profile image parser in Sun Java Development Kit (JDK), allows
remote attackers to execute arbitrary code or cause a denial of
service (JVM crash) via a crafted JPEG or BMP file.
- CVE-2007-2789 / CVE-2007-3005: The BMP image parser in Sun Java
Development Kit (JDK), on Unix/Linux systems, allows remote attackers
to trigger the opening of arbitrary local files via a crafted BMP
file, which causes a denial of service (system hang) in certain
cases such as /dev/tty, and has other unspecified impact.
- CVE-2007-0243: Buffer overflow in Sun JDK and Java Runtime
Environment (JRE) allows applets to gain privileges via a GIF image
with a block with a 0 width field, which triggers memory corruption.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please restart running Java instances.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-1.4.2_updat…
d127e4f44e096a9dd06c14814bd2182c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-alsa-1.4.2_…
a37f8d08c7e9789fc7876dc3e37da5b9
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-demo-1.4.2_…
0f2e825414bbfd9c1902c2d4d8471e43
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-devel-1.4.2…
d01ae6db6325f64a6b6a01aebe342031
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-jdbc-1.4.2_…
a86f7b7b752b6dbb45a1368027f393d6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-plugin-1.4.…
4c9ff9f65b29b68a28ce1a8e84bf4813
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-src-1.4.2_u…
18020d2e7c086751659f79fc54ca7fc6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-1.5.0_updat…
e23a75a56e94d61ea64aae6d1364236d
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-alsa-1.5.0_…
89647e053e07458532337478cce33cad
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-demo-1.5.0_…
962aef2cde996c68bf837f0b6c02a6e4
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-devel-1.5.0…
15ba442c876600e59453b5e6a7d774b6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_…
570092628e736998bf98e0153736595b
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-plugin-1.5.…
6b27e226c65e444521f3964933dd474b
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-src-1.5.0_u…
703422879e4ebf22e6295383deae522d
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-1.4.2.15-2.…
159c176de609647b9cbc4e2f477a793d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-alsa-1.4.2.…
e51e6c719126ab5efe679786c4f47cba
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-demo-1.4.2.…
066dc7eda76f25899b25cea8079afc0f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-devel-1.4.2…
5599dfe80fe053e4a3332cc4f76e7720
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-jdbc-1.4.2.…
15d749d534785cfdf8bd109b7e1f76c9
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-plugin-1.4.…
fc9e644929c7571f281382375f808dc7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-src-1.4.2.1…
1a23c8b996815dd55f80c4298830256f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-1.5.0_12-2.…
8f158ac8ab83f7d72a19caa29ceae701
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-alsa-1.5.0_…
366a738ed2c0a26f11501c74d7ee88cb
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-demo-1.5.0_…
01452bd648010f03b2dade18ac412125
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-devel-1.5.0…
5229399ac7f8500ecbe13c075ddd1215
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_…
55693889496cb3bf2757f581eff753dc
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-plugin-1.5.…
16e688147e8ebd8055ee35d7066a37a0
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-src-1.5.0_1…
52b6439209a9f08f9a7c582f5be6afb1
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-1.4.2.…
630512d206eb760db5be2506c227eb0b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-alsa-1…
4a333fd9e8b28bc592b4f9bbfb710bf0
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-demo-1…
f9cb64c25765bf3317a25c980976ec77
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-devel-…
ff1a6a11ef42ce167df4c3258a534ae8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-jdbc-1…
69e15d0311de0f2d4ec83df1b0ccd28e
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-plugin…
04072837c2eba22785fd87161d7c8fb8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-src-1.…
18f2e82b24615428c9703cb3c7699b4c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-1.5.0_…
8cdac523a1416fc23f86f74c20ee2d47
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-alsa-1…
c00ff3d2b961c5da9a398a56231c15b9
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-demo-1…
2e9049ba2424621e96ac63dd646d0860
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-devel-…
6660f2e9bb5bf3b4dfa080ced121d3d4
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-jdbc-1…
f0e93dd1acf6a6a2caa3f009b75fe061
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-plugin…
a47683a25a369253173ddc28e4049f09
x86-64 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-1.5.0_upd…
9f3ef07f4bacc445eca261ee29e899ef
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-alsa-1.5.…
f293d1c08089f16daf990692df3d97d3
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-demo-1.5.…
cfbf41758105bce296c6cbbd1a31c174
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-devel-1.5…
c6f54e2c39788faf1cd5518f38450b00
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-jdbc-1.5.…
54672479c76d8c30d076ef358e548db6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-src-1.5.0…
37570a66f1227d7699353b4ebb2f5d92
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-1.5.0_12-…
b4dc3bf51489568887f316c4e56e7b0d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-alsa-1.5.…
66860bf3f94132c4a199f454f9adcbed
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-demo-1.5.…
201e9f5ba9e7adcaffe79d3e0baeb6d8
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-devel-1.5…
a748d4e7ba25561cfcd29a6a1028a519
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-jdbc-1.5.…
f19d6cbfe6bce232ef23a4a57ed22a46
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-src-1.5.0…
9c0d632b4a389232dc7be2c71a31bc29
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-1.5.…
a025ef68d1f195df7ee456f2fce52979
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-alsa…
9150ad42f5ba77284a632684ff0cb061
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-demo…
e11f8f7453ee1894f38f90d9cca7a30e
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-deve…
4d94914d13825dfdecea50bf2679c179
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-jdbc…
5120d762ca5dfc91fea4d41fe40c966e
Sources:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/java-1_4_2-sun-1.4.2_update…
ea53f3e1dbd5f3e8dd9df1e5d07d93ae
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/java-1_5_0-sun-1.5.0_update…
790c082ae4ee14328b35e7da450ff2dd
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/java-1_4_2-sun-1.4.2.15-2.1…
f3fd322dc7c4830d7d38ebea68598a8d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/java-1_5_0-sun-1.5.0_12-2.1…
e944399dcd5667744fb0faf96bc61965
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/java-1_4_2-sun-1.4.2.1…
09b093972cc108b7ce5e111c0edd4009
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/java-1_5_0-sun-1.5.0_1…
42d90396d048156c62d5946466281ed8
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
Novell Linux Desktop 9
http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.…
SuSE Linux Desktop 1.0
http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.…
SUSE Linux Enterprise Desktop 10 SP1
http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.…
http://support.novell.com/techcenter/psdb/dc35750a80dacaad950b2c1075b2b499.…
SUSE Linux Enterprise Server 10 SP1
http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.…
http://support.novell.com/techcenter/psdb/dc35750a80dacaad950b2c1075b2b499.…
http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.…
SLE SDK 10 SP1
http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.…
Open Enterprise Server
http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.…
http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.…
Novell Linux POS 9
http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.…
http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.…
SUSE SLES 9
http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.…
http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.…
UnitedLinux 1.0
http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.…
http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.…
http://support.novell.com/techcenter/psdb/327376e840cf84f64469ae584f131ea6.…
SuSE Linux Openexchange Server 4
http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.…
http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.…
http://support.novell.com/techcenter/psdb/327376e840cf84f64469ae584f131ea6.…
SuSE Linux Enterprise Server 8
http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.…
http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.…
http://support.novell.com/techcenter/psdb/327376e840cf84f64469ae584f131ea6.…
SuSE Linux Standard Server 8
http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.…
http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.…
http://support.novell.com/techcenter/psdb/327376e840cf84f64469ae584f131ea6.…
SuSE Linux School Server
http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.…
http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.…
http://support.novell.com/techcenter/psdb/327376e840cf84f64469ae584f131ea6.…
SUSE LINUX Retail Solution 8
http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.…
http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.…
http://support.novell.com/techcenter/psdb/327376e840cf84f64469ae584f131ea6.…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
- Correction for kernel advisory SUSE-SA:2007:043
The Linux kernel security advisory SUSE-SA:2007:043 incorrectly lists
various SUSE Linux Enterprise Server 9 products as being affected.
Correction:
The advisory SUSE-SA:2007:043 only applies to the SUSE Linux 10.0
and openSUSE 10.2 products.
The last SLES 9 kernel advisory is SUSE-SA:2007:035 and already
contains most of the fixes listed. The fixes not listed yet will
be fixed with the next SLES 9 kernel update.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBRp4z1Hey5gA9JdPZAQL1Fwf/V+AQlUTwGbizTXJ4falNt48c50SackDh
GQRoyCPtCzC1S4EdeeLLDlAbEnrnLQTkSBaBCV+wukVJEAqYvamIg6Hz5d16uxd+
Sq612JqDFBQeuM2Mk0j15KCeBXMyrHdLzGpG3GrDFbjp3RnoDNlW1PVl3VexLM7n
t+izudNsA70K6TxhgJbPYzed6rlyOe+EjoKqJgMfICzYuniUd0h9kjC0t3I24III
qiPP7g3CAvJe9mwUteXYHUB2oHYb/4hPkgtlzvlRnIau2MMmBRy14FHk4oTD58/2
QespYkBU0g50EgEwRdsvay9+zwu5T6+WQ0vH3njLJM94QAq1tDKUrQ==
=a8cV
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE Security Announcement: php4,php5 (SUSE-SA:2007:044)
by Marcus Meissner 12 Jul '07
by Marcus Meissner 12 Jul '07
12 Jul '07
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: php4,php5
Announcement ID: SUSE-SA:2007:044
Date: Thu, 12 Jul 2007 16:00:00 +0000
Affected Products: SUSE LINUX 10.0
SUSE LINUX 10.1
openSUSE 10.2
UnitedLinux 1.0
SuSE Linux Enterprise Server 8
SuSE Linux Openexchange Server 4
SuSE Linux Standard Server 8
SuSE Linux School Server
SUSE LINUX Retail Solution 8
SUSE SLES 9
Open Enterprise Server
Novell Linux POS 9
SLE SDK 10 SP1
SUSE Linux Enterprise Server 10 SP1
Vulnerability Type: remote denial of service
Severity (1-10): 7
SUSE Default Package: yes
Cross-References: CVE-2007-0906, CVE-2007-1285, CVE-2007-1396
CVE-2007-1864, CVE-2007-2509, CVE-2007-2510
CVE-2007-2511, CVE-2007-2756, CVE-2007-2872
CVE-2007-3007, MOPB-41-2007, MOPB-03-2007
Content of This Advisory:
1) Security Vulnerability Resolved:
multiple PHP security issues
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The scripting language implementations PHP4 and PHP5 have been updated to
fix several security issues.
The updates have been released over the last weeks after they passed QA,
this summarizes this set of updates.
The following issues have been fixed:
- CVE-2007-3007: missing open_basedir and safe_mode restriction
in realpath
- CVE-2007-2872: chunk_split() integer overflow
- CVE-2007-2756: DoS condition in libgd's image processing
- CVE-2007-1396: possible super-global overwrite inside
import_request_variables()
- CVE-2007-2511: buffer overflow inside user_filter_factory_create()
- CVE-2007-1864: remotely trigger-able buffer overflow inside
bundled libxmlrpc
- CVE-2007-2509: CRLF injection inside ftp_putcmd()
- CVE-2007-2510: remotely trigger-able buffer overflow inside
make_http_soap_request()
- CVE-2007-0906 / MOPB-41-2007: PHP 5 sqlite_udf_decode_binary()
Buffer Overflow Vulnerability
- CVE-2007-1285 / MOPB-03-2007: fixed deep recursion DoS by limiting
the nesting level of input variables
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please restart all running instances of Apache/Apache2 after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/apache2-mod_php5-5.2.0-16.…
ba20097c259b4c630349fcfb21ac054e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-5.2.0-16.i586.rpm
2432a9ed3981c9ce47dcf15ecf70dea1
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-bcmath-5.2.0-16.i586.…
d4eb0bd4046a5bf0c54a438ea406dfd4
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-bz2-5.2.0-16.i586.rpm
3dba82087d941738cdb7c7f365c96d30
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-calendar-5.2.0-16.i58…
4f4aaf7f237b6b2159f28e609708dcda
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-ctype-5.2.0-16.i586.r…
6f4f54b01b2ea1d150baba3ad037296f
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-curl-5.2.0-16.i586.rpm
4c4eac4be68594964959bbd459166ba2
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-dba-5.2.0-16.i586.rpm
e305830817376238b41514f5c2de04ca
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-dbase-5.2.0-16.i586.r…
ea38877dca2d57d5f5b2895c9a868b86
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-devel-5.2.0-16.i586.r…
0548b33d3872db89dcfae7d6e82f0d8a
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-dom-5.2.0-16.i586.rpm
ebafdcb967ab70609409013731e494ef
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-exif-5.2.0-16.i586.rpm
26f75581dc1bd664959219fd7b91d0f6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-fastcgi-5.2.0-16.i586…
acf40f646ec94ffef1e26ae6ff6b53f0
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-ftp-5.2.0-16.i586.rpm
0650d9fadfac68a95cc946a8e31a195e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-gd-5.2.0-16.i586.rpm
335b0b9abff8f4b8b64223d23a86c880
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-gettext-5.2.0-16.i586…
52cbbe398f1001d7c9cc98ec571c4a97
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-gmp-5.2.0-16.i586.rpm
5e85fdc29ed7299c01ee94e98ec5d6e2
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-iconv-5.2.0-16.i586.r…
2fb7586cb9c54ef3f4f733e0e3b08621
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-imap-5.2.0-16.i586.rpm
ebc45d8c966bea8399408ec14aac1c60
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-ldap-5.2.0-16.i586.rpm
7c0404fbd0dccdcf66a089cb690dadec
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-mbstring-5.2.0-16.i58…
93ce26706c6614cebdf239faa3f1f12b
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-mcrypt-5.2.0-16.i586.…
4516f393ddc47996cfac3c12673e2870
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-mhash-5.2.0-16.i586.r…
4d1bc36d171783d7eefbbc1fe6fdfddc
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-mysql-5.2.0-16.i586.r…
fcf4c6a696a8aabf21a4fe8636157e17
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-ncurses-5.2.0-16.i586…
c325107b3dd401204c17e2c4fa1e8492
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-odbc-5.2.0-16.i586.rpm
fb1a6ad2ea27052a0105d167591afbba
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-openssl-5.2.0-16.i586…
d81e0ca0fec2f5b7d426cde22620f8e0
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-pcntl-5.2.0-16.i586.r…
d43e0680084efc1fd0d0904435ae92bb
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-pdo-5.2.0-16.i586.rpm
24e309feb17e2ed81d32190e180fa697
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-pear-5.2.0-16.i586.rpm
8b613f5c603c8753c6ab1273b6cc2298
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-pgsql-5.2.0-16.i586.r…
22dc422932a2a9dea6752f4237417407
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-posix-5.2.0-16.i586.r…
f47879a66e66f0cd24678680d45ad31f
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-pspell-5.2.0-16.i586.…
3265251c16fa7f7c8a31b47efdd1d670
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-shmop-5.2.0-16.i586.r…
8d05576d17dded15e85221f64a597474
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-snmp-5.2.0-16.i586.rpm
293536cc8452cd9749cee39607b132be
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-soap-5.2.0-16.i586.rpm
c5939cdbe5d1cedf4d7af0acb2cb4827
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-sockets-5.2.0-16.i586…
0a95f2fcee7bf44a8ef64fc3404aea14
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-sqlite-5.2.0-16.i586.…
9c8ea9abfe45c9f6f4a96c0c7de914f4
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-sysvmsg-5.2.0-16.i586…
e81703ef51205ce5111ba1b4e8717d10
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-sysvsem-5.2.0-16.i586…
c670d136264f172691b13c2108b8bd4b
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-sysvshm-5.2.0-16.i586…
b8032fe7861a10fd901e0da305651ec8
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-tidy-5.2.0-16.i586.rpm
ca6a811ddda0e864a87e364fd7711615
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-tokenizer-5.2.0-16.i5…
a88c49332085992f50743ee0a5c1baa7
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-wddx-5.2.0-16.i586.rpm
1db2874b515931eaebdc77a5aa2a57f9
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-xmlreader-5.2.0-16.i5…
48d372748cc34fd6157e8181f9644fec
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-xmlrpc-5.2.0-16.i586.…
af928224bfd4b6959d2c34e574101a01
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-xsl-5.2.0-16.i586.rpm
b3e10c3a653182e4204727a8f06f51e7
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-zlib-5.2.0-16.i586.rpm
fcb73239cdf02fabfd46500b0610c91a
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-mod_php5-5.1.2-29.…
c40eda9c70d5e8265ac20b166b59d94b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-5.1.2-29.40.i586.rpm
7afa7736f6910b1ab507068947cad502
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-bcmath-5.1.2-29.40.i5…
6a9e67b7b125a7bbae1bc00c5fd0801a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-bz2-5.1.2-29.40.i586.…
864f429e5edf1eac590691d0edcd9820
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-calendar-5.1.2-29.40.…
9683f629d679d10d3f3c98f7412499e8
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-ctype-5.1.2-29.40.i58…
42e164d9ff005f5f82fec3431cb201f9
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-curl-5.1.2-29.40.i586…
d9ecffa4fa345da377f75cc9d229a88f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-dba-5.1.2-29.40.i586.…
4ee38509214ac235ef9737da8f935b53
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-dbase-5.1.2-29.40.i58…
38ee9bc51aad7a6f3dcd32f7f9b582be
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-devel-5.1.2-29.40.i58…
bf45f6b2d48c85dd7bebecdb9498b8a7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-dom-5.1.2-29.40.i586.…
cc34ab9cd2a7db8fa877b853de0a5eb9
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-exif-5.1.2-29.40.i586…
5f014ef361dd45f92f56bcc2a8b2af04
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-fastcgi-5.1.2-29.40.i…
5fe79e143f9b402cd168eb8369657a9b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-filepro-5.1.2-29.40.i…
8f3d970da229f1a86ad5f608363b9b85
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-ftp-5.1.2-29.40.i586.…
d0fbc1b980daebcc0cba7c5ef2137220
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-gd-5.1.2-29.40.i586.r…
ec322b99eaf180d9df89cd200ec2341b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-gettext-5.1.2-29.40.i…
c5257619d4981bf93844f8d0f7c00c36
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-gmp-5.1.2-29.40.i586.…
96c96cbe19f1396d116942eac1fa02cf
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-iconv-5.1.2-29.40.i58…
c3e94f9e328051690196050df7ae5883
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-imap-5.1.2-29.40.i586…
c4d6e133939e0a49fa3666bd7185b388
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-ldap-5.1.2-29.40.i586…
befe75da6bd0636b36ee534dd56c652d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mbstring-5.1.2-29.40.…
79a1502c6f7879510ca937f8a207c421
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mcrypt-5.1.2-29.40.i5…
cf4638b0f973100ef9df8eb0df2f0bdf
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mhash-5.1.2-29.40.i58…
9700d85d27312dbcd816a11f4b28c1cb
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mysql-5.1.2-29.40.i58…
6abc8dbd08ec471f4675237b17888acc
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mysqli-5.1.2-29.40.i5…
2e4fb182d772bdf8ca8599d696ddd092
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-ncurses-5.1.2-29.40.i…
64dc6e0f1e72f6c3b4bb6a58f0c9a590
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-odbc-5.1.2-29.40.i586…
d53e203d9343abde0b7942c7e496e333
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-openssl-5.1.2-29.40.i…
5e3ff058fb8431e880a073537414ea94
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-pcntl-5.1.2-29.40.i58…
6670481d2808b9eba094ade4b52593fa
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-pdo-5.1.2-29.40.i586.…
33d3d91224106c1257b082848e707b67
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-pear-5.1.2-29.40.i586…
d79cb3b4234f7081c0d636405f7d7ec7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-pgsql-5.1.2-29.40.i58…
3482bed1281ad2c81b030164e72e44c7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-posix-5.1.2-29.40.i58…
5424feb5ca424273184edcda5a8d04f6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-pspell-5.1.2-29.40.i5…
efb74f23d864816a80f7fc7aa888c126
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-shmop-5.1.2-29.40.i58…
411b0bde5f49c6a1cfe32e72aa281d96
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-snmp-5.1.2-29.40.i586…
a6ef116cbd9895ada3429f8c44d8429a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-soap-5.1.2-29.40.i586…
4b223f76ccdb2c048bc3dbeb8250c136
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-sockets-5.1.2-29.40.i…
cf0a68ff8df04d2f1a0b7d5b00bb66ab
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-sqlite-5.1.2-29.40.i5…
b9de0081f839172051a842c8ee162eb4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-sysvmsg-5.1.2-29.40.i…
22022ac953b21b44cc9b73b0bbc7dd76
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-sysvsem-5.1.2-29.40.i…
9ca07a3e594170721d9d5f91a277c732
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-sysvshm-5.1.2-29.40.i…
2689f836ac98de180069f270e6e6ef69
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-tidy-5.1.2-29.40.i586…
3c1bcc5a3f3c0bdb693fcf816ddaa80d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-tokenizer-5.1.2-29.40…
b5ad67b03c84c36eec285460bd8db3f6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-wddx-5.1.2-29.40.i586…
cdc09324a43f3b2efd664939cdcdce67
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-xmlreader-5.1.2-29.40…
93b48ab99c26c39af9826dfe84dbd4c4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-xmlrpc-5.1.2-29.40.i5…
3c4261ae053a045cd376ea5df3495719
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-xsl-5.1.2-29.40.i586.…
a3ea3844f1e0c2ffe18e86694dc22681
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-zlib-5.1.2-29.40.i586…
b3b12767ae4ac1e58adae600947af413
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-mod_php4-4.4.…
2a1a277fa72f0e057466df9d8f2a9b12
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-mod_php5-5.0.…
f2e862bd4649f9019b23fd53907c30be
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mod_php4-apache2-4.4.…
f65cdd35a448e6494e603545bd8c3df7
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mod_php4-core-4.4.0-6…
3a70abffe2ab60eb3895a288b5961c33
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mod_php4-servlet-4.4.…
4a43d5e675a3ae3815aa4c2dbb7ed854
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-4.4.0-6.29.i586.…
0b7f4061232ffffcd090d601e0b8658d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-bcmath-4.4.0-6.2…
d453510068acd5e4c17f76bc97e476a6
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-bz2-4.4.0-6.29.i…
1129c6d60809e3a9a6a8ea06be7583d8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-calendar-4.4.0-6…
bbf232cce94c5755e49448d55be2e428
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-ctype-4.4.0-6.29…
a49398ac1fb166fd5ba283e035d03137
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-curl-4.4.0-6.29.…
520a7c092582073bb21ba17a979f757b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-dbase-4.4.0-6.29…
2e14337d70c1794040b7460b799752c4
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-dbx-4.4.0-6.29.i…
4024e09541c8f813a14c8245353d44bf
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-devel-4.4.0-6.29…
2a276534a2e3535c1aef153da46eb3b4
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-domxml-4.4.0-6.2…
b74b962cff132efc049a54de5541271b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-exif-4.4.0-6.29.…
bd41417f6741b582faffef525e7af4bd
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-fastcgi-4.4.0-6.…
c0366fae19dc096d5ba5a2a57a6aa4ce
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-filepro-4.4.0-6.…
ec6083557b6fb28609409b531eb28c1a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-ftp-4.4.0-6.29.i…
652cfbf837874a041e52a8169e3733de
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-gd-4.4.0-6.29.i5…
adb80bcf0043f664be666e412a3603eb
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-gettext-4.4.0-6.…
1671d80b005e95c5d95385dda82cb290
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-gmp-4.4.0-6.29.i…
f79f0455391fb138903da43bda93435f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-iconv-4.4.0-6.29…
a06521e8d327adc897d0120b57d9198b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-imap-4.4.0-6.29.…
8a4ec0a86f95ebb5e3b54343390b17e3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-ldap-4.4.0-6.29.…
3e298375fbf3719663cf39e46eadddfa
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-mbstring-4.4.0-6…
a888caf3dc34d5ea915e463c031b71af
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-mcal-4.4.0-6.29.…
b4cff066a32822fbc1f35eec1f2e9258
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-mcrypt-4.4.0-6.2…
caf332fc3cc4215ca83fb061df55b4da
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-mhash-4.4.0-6.29…
1fb14c412e02e8878a2235c857ca6fa2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-mime_magic-4.4.0…
5360f83eacc9929ed6cc73bc0d948e6d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-mysql-4.4.0-6.29…
cdea2e9b6359449f167e46d7286d2d89
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-pear-4.4.0-6.29.…
442e59ff4d9bcf4b61d12ec6b0c553eb
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-pgsql-4.4.0-6.29…
35484508c8e849b50102c05f77402622
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-qtdom-4.4.0-6.29…
840ca24f18d78003e6637ce58eee87ef
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-recode-4.4.0-6.2…
35c3ac140fa31736902690a85897ef64
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-servlet-4.4.0-6.…
309bd9613a5190ab99b855c164b1a214
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-session-4.4.0-6.…
f310b22eca0ee320e8f3522d9f020666
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-shmop-4.4.0-6.29…
6344ce69c5190715d9b3ceab39d39428
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-snmp-4.4.0-6.29.…
1ea789648a0a58e9258d65d1d9369600
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-sockets-4.4.0-6.…
0db8ad69110e0f3bd442b0c8cbfa6928
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-swf-4.4.0-6.29.i…
9653fa85b6179dc2bb76fc4aa1ae2ed8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-sysvsem-4.4.0-6.…
a32eb36ca4e9cbe85c05d044d79700c3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-sysvshm-4.4.0-6.…
c8bea59238777c9f84055c1d0bdea180
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-unixODBC-4.4.0-6…
3e73790a5b4c16baf224b21092be978f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-wddx-4.4.0-6.29.…
7be7b0ca3c85ebd71e1615851ae758ad
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-xslt-4.4.0-6.29.…
84d0312fecf0e3c7b778930492b0bc70
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-yp-4.4.0-6.29.i5…
fc5e8b6fc347ba32dc293e789a2a3f74
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-zlib-4.4.0-6.29.…
5545858c0ab5c292bcbe6577bb691518
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-5.0.4-9.29.i586.…
a02ac5eacd77f6e7a7908916b800051a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-bcmath-5.0.4-9.2…
414b620ca0ef0f123a6423e26fc708b0
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-bz2-5.0.4-9.29.i…
aea7d900dd3a4f51cd8b738bb7532a47
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-calendar-5.0.4-9…
08e61523cb5335e854a736769e11b841
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-ctype-5.0.4-9.29…
cc3c113b3f8a098f8f6da95c33c38b46
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-curl-5.0.4-9.29.…
e556a372ac278b28ca081cb0b0127c57
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-dbase-5.0.4-9.29…
9c7ceafa7974cf0a4178586bcdd08293
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-devel-5.0.4-9.29…
26fd0855b0182bb375f0287f5ba7841b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-dom-5.0.4-9.29.i…
6262edc949cfcf6fefb72a8571d211e9
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-exif-5.0.4-9.29.…
261954fc0cf51b35beff440dc6450af8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-fastcgi-5.0.4-9.…
0675a22027a7edb6308a18145811397a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-filepro-5.0.4-9.…
5bf488791dfe96ddb4704586b00b4a0c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-ftp-5.0.4-9.29.i…
d667cdb175d9a5e72ddbbfd9054b1bf6
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-gd-5.0.4-9.29.i5…
e998cec29e215e7cde24b5b84ee69cf2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-gettext-5.0.4-9.…
3448292997f85a2a084a558c8d0a76fb
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-gmp-5.0.4-9.29.i…
f628d2072884f4d2fd8430ec2f436014
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-iconv-5.0.4-9.29…
0737998ad34bb9915f44aaa4a940934d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-imap-5.0.4-9.29.…
3091b7e9f63f8c4c16f720bf2ce0980a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-ldap-5.0.4-9.29.…
cd79330d72111b7e971a6798cbc13f8b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-mbstring-5.0.4-9…
d87cf4ac120bea34cefdec4f42f13e05
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-mcrypt-5.0.4-9.2…
ea5d9f067e7264aef0aafbbb429007cf
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-mhash-5.0.4-9.29…
5d6ff50c9f79046ad6bebf4b0552d0dc
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-mysql-5.0.4-9.29…
8c8c02a053240b15fcd428cdb6952cae
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-mysqli-5.0.4-9.2…
1280caed8efcb1128293fa1e95e2fa29
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-ncurses-5.0.4-9.…
b01161358d68e3b8b6b6c6f416f97614
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-odbc-5.0.4-9.29.…
788ed0e27cfa0b458d13081a78f2a4d3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-openssl-5.0.4-9.…
7808f59e41b5346df5bc64ba0dbf6ca0
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-pcntl-5.0.4-9.29…
ae829981cf457c06b0af5a461c24bf85
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-pear-5.0.4-9.29.…
69d500b83bda77ec6866a6315dc18321
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-pgsql-5.0.4-9.29…
858faf76e4ba3254e7131baed51d4dbf
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-posix-5.0.4-9.29…
cde71d6a680ff8d68d600a296128fd7d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-pspell-5.0.4-9.2…
bf7faa6308b437e93c342e9b7733d2bf
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-shmop-5.0.4-9.29…
52e936e83506d2a7dfc93d267a48eac6
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-snmp-5.0.4-9.29.…
110e822965c2c27a0af9ec749985fdda
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-soap-5.0.4-9.29.…
defb434dbd2be868736121a36f3a3bb3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-sockets-5.0.4-9.…
64e952edc33a50b5fb963ee67dbc68a6
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-sqlite-5.0.4-9.2…
cbf5b4d3db71cd849d9b62fcf02d427c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-sysvmsg-5.0.4-9.…
c52457db509b73cdb34b0c051882e346
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-sysvsem-5.0.4-9.…
53e65044d18f7fddd9d668175d2a11e8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-sysvshm-5.0.4-9.…
4cf05fc524ad2b43ffed8fd1fc2fbd4f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-tokenizer-5.0.4-…
56cd46aeb9ad7a83536fc4cbccd7adec
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-wddx-5.0.4-9.29.…
a850d1951f302f069c5bc81eeb29f75d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-xmlrpc-5.0.4-9.2…
a6da129345abd43d5cbad1abf664e6b5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-xsl-5.0.4-9.29.i…
7cb4da3305a5c87b7bdd1d53bb745c4f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-zlib-5.0.4-9.29.…
969af2163ffef3114d24c7f6083ae1c6
Power PC Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/apache2-mod_php5-5.2.0-16.p…
77e89520ae1a44164880c9ba32e86e95
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-5.2.0-16.ppc.rpm
d0b4e6163f8e63a288e43bc5d5ceafa6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-bcmath-5.2.0-16.ppc.rpm
2fa415a33f81adb5b31760ff654b40f3
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-bz2-5.2.0-16.ppc.rpm
9b0d245c2b159becab65c1b0506fcbb2
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-calendar-5.2.0-16.ppc.…
9b6b5b339fe77a88367068a5b4330fd0
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-ctype-5.2.0-16.ppc.rpm
ea74f593b24dcaff43073275b06219eb
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-curl-5.2.0-16.ppc.rpm
0552b49b073a052d5f36c899df8702f9
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-dba-5.2.0-16.ppc.rpm
7a632d341ddb921be2436ff2fd78ad0a
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-dbase-5.2.0-16.ppc.rpm
102c856cbf15d03c2e53f1b517dcb8b9
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-devel-5.2.0-16.ppc.rpm
c580d2a6976643aa727334ab9151c9b1
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-dom-5.2.0-16.ppc.rpm
cb0e14b82e467e1fcdef1727035dd1c1
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-exif-5.2.0-16.ppc.rpm
b694920b397ada9fe09f330d97541a5e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-fastcgi-5.2.0-16.ppc.r…
fdc7e3556211ec3cacd2899951c4963c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-ftp-5.2.0-16.ppc.rpm
272d4964a4e9427f55993e4ccd3b6ffb
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-gd-5.2.0-16.ppc.rpm
1e961bd025ae8afca062131fa159f409
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-gettext-5.2.0-16.ppc.r…
e679121ff73fc83f4bc892fa5b6ac9e2
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-gmp-5.2.0-16.ppc.rpm
b10f515b627c9426fb63836504a36bf5
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-iconv-5.2.0-16.ppc.rpm
1d7aa6908818d67bf1bf3d092973b4f7
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-imap-5.2.0-16.ppc.rpm
cf7ec5ea4b1fde50448f06ab111b7764
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-ldap-5.2.0-16.ppc.rpm
2a9e8cb6bb92f75a9e79390044570a62
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-mbstring-5.2.0-16.ppc.…
790918abce3adda821c62515fb7d8387
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-mcrypt-5.2.0-16.ppc.rpm
4279ac7a84e0447bfe326769530a2c90
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-mhash-5.2.0-16.ppc.rpm
dc5372cd2ced381902649837e2d80a18
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-mysql-5.2.0-16.ppc.rpm
bde7c3a4e15362f84332aa5b99df8ba0
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-ncurses-5.2.0-16.ppc.r…
153e373aec28d363ae2f45ca238be6c3
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-odbc-5.2.0-16.ppc.rpm
aa3caff7141490cb67f801036b01e30c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-openssl-5.2.0-16.ppc.r…
0af490166bfc93c29f9e098ffa01ba29
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-pcntl-5.2.0-16.ppc.rpm
af50584342d43f9f1adcf27cea99c549
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-pdo-5.2.0-16.ppc.rpm
3302e4c578e3b111bb749f7bb1a130a8
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-pear-5.2.0-16.ppc.rpm
e3bf5563e94daa0c36a737dbd660f2c2
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-pgsql-5.2.0-16.ppc.rpm
509a7ea94a0ee0340354dd54d585f9f1
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-posix-5.2.0-16.ppc.rpm
5369c85bef389c782a88b2bd573277f0
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-pspell-5.2.0-16.ppc.rpm
5aeab698883f6c89ce1ba254e39053d4
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-shmop-5.2.0-16.ppc.rpm
21cf0fa790e19047f4f3ad45feef1f6e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-snmp-5.2.0-16.ppc.rpm
d92cf29fda52bd62f69d0405ddf108c6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-soap-5.2.0-16.ppc.rpm
36a7abf36fdbfbff5133dc4b92f14722
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-sockets-5.2.0-16.ppc.r…
678ff6ac106a647a4416ca634a6a7e63
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-sqlite-5.2.0-16.ppc.rpm
0f1210627b0ee885bcdee16bb3b1312c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-sysvmsg-5.2.0-16.ppc.r…
3ab8efe082ccdce0730a9811b947cf59
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-sysvsem-5.2.0-16.ppc.r…
709398e8e13283168f8a0b73f192a6d1
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-sysvshm-5.2.0-16.ppc.r…
b4f3c3fa04738cfa365fce1e6cbbd38c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-tidy-5.2.0-16.ppc.rpm
86e45376034be906b2fd5c9f3f313569
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-tokenizer-5.2.0-16.ppc…
8f77d6d556d4234066441825ddee3d37
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-wddx-5.2.0-16.ppc.rpm
c18b19f5b67010b0afbc5d7596e5d7c4
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-xmlreader-5.2.0-16.ppc…
f0aa257aa5bb6d9a19d657177f64b8c8
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-xmlrpc-5.2.0-16.ppc.rpm
2be377c0fe649bbf1e8600287cdbeefa
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-xsl-5.2.0-16.ppc.rpm
d567ae8bd7a8e5cbfc968bcd35cd76c2
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-zlib-5.2.0-16.ppc.rpm
9671425144308c276f98b48d4e688c2b
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-mod_php5-5.1.2-29.4…
04ad8f9dc99cc2e511a85e1e3681836a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-5.1.2-29.40.ppc.rpm
718b8efe0b2aa7152db07ce8375f9b4e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-bcmath-5.1.2-29.40.ppc…
8f38cbce71f4f8091d5bcfb8edd82c43
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-bz2-5.1.2-29.40.ppc.rpm
9e4a092c5b650888b327e16b47383f10
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-calendar-5.1.2-29.40.p…
26f9096a842efd4c580509aad64226ba
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-ctype-5.1.2-29.40.ppc.…
c24d8438535280e40c5a2742a4692ced
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-curl-5.1.2-29.40.ppc.r…
b9cafc61711d75f33a57286467032b4a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-dba-5.1.2-29.40.ppc.rpm
dd1fbdc70c31cd05e1f365aa183604d4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-dbase-5.1.2-29.40.ppc.…
d87be6e950ffea0bb0d365282e62e998
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-devel-5.1.2-29.40.ppc.…
cd1f91b7f934eef802b5bfbacba22aca
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-dom-5.1.2-29.40.ppc.rpm
5ed8e3e084ab42b82a21a243773f2503
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-exif-5.1.2-29.40.ppc.r…
c28780bd4880d9a8b1869a6120cad7a7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-fastcgi-5.1.2-29.40.pp…
8be3d72339814179d9815fd260006e3d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-filepro-5.1.2-29.40.pp…
341c7196bec7ff9ef58fa91ba508c4cd
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-ftp-5.1.2-29.40.ppc.rpm
f5ce8c96f5164b8af91b0d0463e958ec
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-gd-5.1.2-29.40.ppc.rpm
7a2a965149cadb7a1589338c08306fb9
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-gettext-5.1.2-29.40.pp…
f1b1f3be56f74fe5c65657c213bc3396
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-gmp-5.1.2-29.40.ppc.rpm
82630f97aa22df563c90b93daad11b7c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-iconv-5.1.2-29.40.ppc.…
42c4e85bf482d1059533b05871eef2d8
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-imap-5.1.2-29.40.ppc.r…
16a8ff0817ec60fd2637391b395d8a54
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-ldap-5.1.2-29.40.ppc.r…
9db9e9b111cd7b4ebda1a08e8fcbe955
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mbstring-5.1.2-29.40.p…
a1c02e5df5a64d8d85c61a2db639b9ce
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mcrypt-5.1.2-29.40.ppc…
a650b126f3750646c6db6d51b4ec29cc
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mhash-5.1.2-29.40.ppc.…
b82c5192c499e38c1ef26f5dc786e41e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mysql-5.1.2-29.40.ppc.…
2487c0962a1d594ecea4d03931edb6a2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mysqli-5.1.2-29.40.ppc…
e2934171a5df745634e99ac4dc2a9e1a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-ncurses-5.1.2-29.40.pp…
d5dc830807692a4f96ef177638b830b1
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-odbc-5.1.2-29.40.ppc.r…
15321a19f357b398db6b4fb4732d608d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-openssl-5.1.2-29.40.pp…
d70f7091bc3a813d9a788ae9a6c345a8
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-pcntl-5.1.2-29.40.ppc.…
cc5bf2505c98e17cce5b7d11ae0d62bd
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-pdo-5.1.2-29.40.ppc.rpm
3f947f08c29b8c8f2b32fc548210cb29
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-pear-5.1.2-29.40.ppc.r…
0a3d43e328f74a68a4647238b7189025
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-pgsql-5.1.2-29.40.ppc.…
350e6ccbf6bceba9eb5813f9d72bfbdf
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-posix-5.1.2-29.40.ppc.…
bb91a2a8237f7bb77c1d4275ad54b102
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-pspell-5.1.2-29.40.ppc…
3c68e6ee08f994dae0e1e7825216cf09
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-shmop-5.1.2-29.40.ppc.…
ca1b93fcceca49d56a49b77e4230c8e4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-snmp-5.1.2-29.40.ppc.r…
bf99dbaec9fccd3d93dcccbf9e19a6e7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-soap-5.1.2-29.40.ppc.r…
eb85328a2bb5a1f8ee4fb8ea2ad4084f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-sockets-5.1.2-29.40.pp…
12873747a4d2316d04282afe71a8e73c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-sqlite-5.1.2-29.40.ppc…
1c522caf46afbe1029953fc58ee8a4ed
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-sysvmsg-5.1.2-29.40.pp…
a4977491b2a373c49a3e1ae0f5a20bab
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-sysvsem-5.1.2-29.40.pp…
3c2c16fc2f32f88e270a1d8826cda416
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-sysvshm-5.1.2-29.40.pp…
828bd11321398d6604455e80f0e01198
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-tidy-5.1.2-29.40.ppc.r…
2a7071c96021697b75e8359eb3b9cfcf
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-tokenizer-5.1.2-29.40.…
c0107617ce809f50a27fe4ca518fe9fc
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-wddx-5.1.2-29.40.ppc.r…
cf7fe868a00d5caa1d2863b2b43bc837
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-xmlreader-5.1.2-29.40.…
1989165e3521bf2a48bbe9d56e8ae4df
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-xmlrpc-5.1.2-29.40.ppc…
166df79845cdfd5e18595d6490ae8c96
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-xsl-5.1.2-29.40.ppc.rpm
3bb537b4232f6cce2b26fe47567ae7a0
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-zlib-5.1.2-29.40.ppc.r…
7ddecaa815bc9598f548602d5eafbd29
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-mod_php4-4.4.0…
94faa9d54ac754e3140906a068f87e00
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-mod_php5-5.0.4…
76ae7fadd4bbdac4fa8f610da56dcb19
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mod_php4-apache2-4.4.0…
d387b43c23e2611aac5464a2c73defb2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mod_php4-core-4.4.0-6.…
727361a2601e6197ef501b879a60fbeb
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-4.4.0-6.29.ppc.rpm
f00654ce38bbc06fe34a85300c457377
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-bcmath-4.4.0-6.29…
0480a9d54f494411b2e18d9ca35f8ec0
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-bz2-4.4.0-6.29.pp…
98d6bca5a2935e62a32bee320284c84f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-calendar-4.4.0-6.…
6b5a9f66c9f53772b1e539d034f20cfe
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-ctype-4.4.0-6.29.…
b99074034092963572b1c01127f29f1b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-curl-4.4.0-6.29.p…
3265fd1becc14962e0aa785e90abf19a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-dbase-4.4.0-6.29.…
cc5c90b0764a1d71f119e5f9d86263ed
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-dbx-4.4.0-6.29.pp…
9808b6ad380a1ff7b96949beae4922ee
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-devel-4.4.0-6.29.…
dac9f2b018ae99263697ca4be7a80459
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-domxml-4.4.0-6.29…
b7aec0f0c55f597d94664ab8dc6f0f35
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-exif-4.4.0-6.29.p…
bb2d924d86f5387f01bfc5f6b04c912f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-fastcgi-4.4.0-6.2…
c17b4fbc83d779852b2b280f4e8167c9
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-filepro-4.4.0-6.2…
0ff8246924bba8007d8d618adaff11e2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-ftp-4.4.0-6.29.pp…
35e6f9214bf40b4941d40f4244f9c077
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-gd-4.4.0-6.29.ppc…
83d4b39a6dc783f40316943cb3144fc4
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-gettext-4.4.0-6.2…
edbfd82eb8e652f38d6cdf8ed8e9b562
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-gmp-4.4.0-6.29.pp…
ad55bb61fb18550ef714c67897d310d7
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-iconv-4.4.0-6.29.…
5b647eeb6d331dbe638ed6b2a2295c76
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-imap-4.4.0-6.29.p…
4a71e58f9de0982283c25349cb42d40f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-ldap-4.4.0-6.29.p…
2aa7fa144e90c47affb46a0c71e694ae
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-mbstring-4.4.0-6.…
05cf439fa38066c35d52ab196e4bc035
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-mcal-4.4.0-6.29.p…
6472c03f7b2ea06c5f4e6977bdb19bf2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-mcrypt-4.4.0-6.29…
e901c500dd376850c7d29f3eaadb2d4f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-mhash-4.4.0-6.29.…
16ccc0b9eca5985a503ee74df805cfbc
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-mime_magic-4.4.0-…
53e863aece5f498ae604a4b7d879eac8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-mysql-4.4.0-6.29.…
26418b83dead7c543636dcbe1ffe578f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-pear-4.4.0-6.29.p…
99ef01553545c5323342eb07b834a854
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-pgsql-4.4.0-6.29.…
fc0bb01595b579f96af606065b0267a1
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-qtdom-4.4.0-6.29.…
da9762f2ac80be18067b025cb671fdbc
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-recode-4.4.0-6.29…
97e8ca98d622be6cd329655dbea0806c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-session-4.4.0-6.2…
0fbb07a3971af5488ab1866ecc17239c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-shmop-4.4.0-6.29.…
bfc4c4939dc3f0204601cd45d8133080
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-snmp-4.4.0-6.29.p…
5d5b0078b8e9b5ca86e5826506851560
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-sockets-4.4.0-6.2…
6ac7553f7cc8f4749e8db680c775c64f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-sysvsem-4.4.0-6.2…
80e19212a879e638cdcb878db2b4461c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-sysvshm-4.4.0-6.2…
17004fe4e7debfb7d346a9e7db0ba558
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-unixODBC-4.4.0-6.…
87738431ea2eab20cce406bdfc15261d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-wddx-4.4.0-6.29.p…
39fe35360cd1d135fff690b69e902c42
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-xslt-4.4.0-6.29.p…
1e1d972951294c0dfdb108d7075fe192
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-yp-4.4.0-6.29.ppc…
6f045d6271d801b30cc23c98a8ff3acb
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-zlib-4.4.0-6.29.p…
84d2b5142f4840ec439225752e5696e3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-5.0.4-9.29.ppc.rpm
c3982469123bcad156c4edc5e98be03c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-bcmath-5.0.4-9.29…
4ea1639c17b09a58145c57715a41e699
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-bz2-5.0.4-9.29.pp…
f0aae4d7e48fb953026e732d5488f394
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-calendar-5.0.4-9.…
9f7d9fea409dc1ee715f2c0b7dd5dd8e
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-ctype-5.0.4-9.29.…
ee5b002fdd3a0abb2b8b69b493a63a37
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-curl-5.0.4-9.29.p…
52e3f4a78d943d65cf0cc455e58db3c1
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-dbase-5.0.4-9.29.…
27cfde29f16d1645e0969b65c24dbc60
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-devel-5.0.4-9.29.…
dde4db28b3d55c5f44ff5957513c646c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-dom-5.0.4-9.29.pp…
b1958623546cd99c8a16c41100407b56
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-exif-5.0.4-9.29.p…
095eb6c3126eb60b1c4dbc2f3493d566
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-fastcgi-5.0.4-9.2…
459149c9d0240d4d4fa1074e8aace10a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-filepro-5.0.4-9.2…
9b23c14c438d3691cf34a705f557a2ba
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-ftp-5.0.4-9.29.pp…
70f5f358dfca5b9b16df56a845f6f990
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-gd-5.0.4-9.29.ppc…
80ca94f75c0fbcf42196bf2c6cfd0781
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-gettext-5.0.4-9.2…
7abef2d20f6640204c097a9d4ca77579
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-gmp-5.0.4-9.29.pp…
3d7a7c2ad4664dd0204a47a938a85237
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-iconv-5.0.4-9.29.…
4493eca2dec671bd56ac3a49f602a88a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-imap-5.0.4-9.29.p…
8b9629acc8f19b90028e9b7d48f6a49f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-ldap-5.0.4-9.29.p…
623286a9bd2bd27c4dc7d14c1531be63
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-mbstring-5.0.4-9.…
2ce44e870425e727dde5c2999caf281d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-mcrypt-5.0.4-9.29…
e6dfb64cf0b5e9c6c20e206b2f19e8fd
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-mhash-5.0.4-9.29.…
695f21c0ce8490476ab1afd279c093ee
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-mysql-5.0.4-9.29.…
161044a7995aeb23468c35502ebfa259
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-mysqli-5.0.4-9.29…
e7d97380579f836956597cbd75f94462
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-ncurses-5.0.4-9.2…
0153c92c72ccf05df597124be7a9117d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-odbc-5.0.4-9.29.p…
97bb7e922a50b62e8bfa3bc77a56d3ea
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-openssl-5.0.4-9.2…
8a1d40661508a565f1f246029e2e579a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-pcntl-5.0.4-9.29.…
dba0b28c75a1bd9c03511d7bfcdd1d1c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-pear-5.0.4-9.29.p…
7c18391a69283e6b9dfe14bb93755cd6
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-pgsql-5.0.4-9.29.…
36b47b7ac44e8212886c5288ec7e387b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-posix-5.0.4-9.29.…
3456e51c94f325e88a246b0e005cbaff
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-pspell-5.0.4-9.29…
13453f9ce5d93257a7b16a84b2500e4f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-shmop-5.0.4-9.29.…
6e205c939bebf865c4c1ff9f82aa064e
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-snmp-5.0.4-9.29.p…
abb5d16735c2eb0e752b35853f2551d8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-soap-5.0.4-9.29.p…
0f19083d8c972b6ad4e3b805b737e9c2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-sockets-5.0.4-9.2…
f415c616940e716bbc65036d3630955f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-sqlite-5.0.4-9.29…
62ae4c8d02fb72ad9deafa7939ec2a80
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-sysvmsg-5.0.4-9.2…
f2ade019e1f4e91416f26618f75ae1e2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-sysvsem-5.0.4-9.2…
717f8f991ccb0e15576b56110134da29
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-sysvshm-5.0.4-9.2…
490108c83e86e45fea99c91d7e77c992
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-tokenizer-5.0.4-9…
89038ea991d2207996ae1dd706dbf87b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-wddx-5.0.4-9.29.p…
a63538df659cc0ad562f908835d3f6f1
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-xmlrpc-5.0.4-9.29…
5e3fb55677f2c34560fb43b3150e3aa5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-xsl-5.0.4-9.29.pp…
c949f5a5333903703f57134fb59717d0
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-zlib-5.0.4-9.29.p…
43fca85347d88bce1cc1e5eb0402d7d7
x86-64 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/apache2-mod_php5-5.2.0-1…
fefe59a39561e1304133ef3b1cf8c7d4
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-5.2.0-16.x86_64.rpm
cd8b815bbdc4bf2ce5930e207f00402f
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-bcmath-5.2.0-16.x86…
2244245adb1d0b9f55e83f8bd4e1c3de
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-bz2-5.2.0-16.x86_64…
42ae08735eb0d41fe6f169d59b6cac92
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-calendar-5.2.0-16.x…
d330f41f03fb13586a83eb3fafcd658b
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-ctype-5.2.0-16.x86_…
2037ea34af3dfaa022eeb2c3536caaec
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-curl-5.2.0-16.x86_6…
9fb762a50f22b0607b05a0762179057c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-dba-5.2.0-16.x86_64…
7d75c7112a77cf19d95229b02368e0a8
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-dbase-5.2.0-16.x86_…
c8dbcd11ff397a3d1b343e2d9263c506
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-devel-5.2.0-16.x86_…
f71451163eacfae71f22efa1cee3a7f8
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-dom-5.2.0-16.x86_64…
52edfe7bf1d0f4c01394fdbf3b653bec
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-exif-5.2.0-16.x86_6…
6d986ac4b3b62e27fcf8ef395b74751f
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-fastcgi-5.2.0-16.x8…
cbb202e6c6ca5a4e7e3d987cdc1edf2f
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-ftp-5.2.0-16.x86_64…
46b45fe2856e6b20520a3dc5f8c38291
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-gd-5.2.0-16.x86_64.…
432ce29c725111811772aaf7064dab11
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-gettext-5.2.0-16.x8…
74ce27e5492442b7e9c7c18a08aee999
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-gmp-5.2.0-16.x86_64…
2b9fa0570d3400422a25a72f825147e9
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-iconv-5.2.0-16.x86_…
3ae5039141b6cd19da4462de72808c78
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-imap-5.2.0-16.x86_6…
3548f75d65c88cd4f8a3aa803826851e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-ldap-5.2.0-16.x86_6…
1e33f95316d73c4aca926a1d41bbbb49
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-mbstring-5.2.0-16.x…
f9074619a044a29e4df2713522aea375
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-mcrypt-5.2.0-16.x86…
a87bce14d52665fdbd5db8e9e2542301
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-mhash-5.2.0-16.x86_…
807ebcb336b5958244ae67558b3f359c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-mysql-5.2.0-16.x86_…
832c1475d0efab70297a5dddbd7d2b59
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-ncurses-5.2.0-16.x8…
f743c37171a145e7af385214bb99fa41
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-odbc-5.2.0-16.x86_6…
e02ff6604a226f58fbcd867aac260d6f
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-openssl-5.2.0-16.x8…
ddcda2dc46f91329ac919cffdef5d7d7
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-pcntl-5.2.0-16.x86_…
5764f10bd79ba8c693146bcc59278b19
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-pdo-5.2.0-16.x86_64…
1b0dfd999f860ac8e310b7224ae01a9d
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-pear-5.2.0-16.x86_6…
db11fb2bf9fbe5b537a7cf5e9ef65ea6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-pgsql-5.2.0-16.x86_…
f60378a49e15d6af9f5f68f481ad3743
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-posix-5.2.0-16.x86_…
dc0c20e9eb4285f8d6e2d32db7163157
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-pspell-5.2.0-16.x86…
3e738908892fe3c7458fcd88117af6af
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-shmop-5.2.0-16.x86_…
b1aad29c34bb2c9560224f6bc1732445
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-snmp-5.2.0-16.x86_6…
0f2291cb7a91ac36e5d867198b2d9e6e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-soap-5.2.0-16.x86_6…
158cea0a9466a2284dd859125f094f21
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-sockets-5.2.0-16.x8…
1c188fc92d24a4fdea6682ff26bb7664
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-sqlite-5.2.0-16.x86…
ab2edb68960888c71371399521f673db
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-sysvmsg-5.2.0-16.x8…
34cca4e6e82ac8382fb6f02d49bc320e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-sysvsem-5.2.0-16.x8…
601dd7b4901f78bdf20032db0169809f
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-sysvshm-5.2.0-16.x8…
2f61e898afabff9bcbf933265aa13983
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-tidy-5.2.0-16.x86_6…
3c711e83c4847e1095ce425799a4ad89
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-tokenizer-5.2.0-16.…
609367345692fa6607d4430eb44de02c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-wddx-5.2.0-16.x86_6…
219ca11ba678d58856b37e55b4b4f035
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-xmlreader-5.2.0-16.…
801cbee3362f119ade8039ae17d67587
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-xmlrpc-5.2.0-16.x86…
f5f2250d586c5e13a0f0eef1be13ea48
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-xsl-5.2.0-16.x86_64…
2924cc928b940c73193b4563635e43d4
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-zlib-5.2.0-16.x86_6…
a5f1834d9920200759f95f09d00b5ca7
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-mod_php5-5.1.2-2…
257fb184e46a3237c0de46180ad339a2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-5.1.2-29.40.x86_64.…
abddf5ba02c8b21960c8c24f82d1464f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-bcmath-5.1.2-29.40.…
14b46371f135ae0ec64ecce20537d5ca
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-bz2-5.1.2-29.40.x86…
9a0657f45f2ec7d85cde6b5d02896955
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-calendar-5.1.2-29.4…
7203a9a91f56c17097c605c022eb7eec
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-ctype-5.1.2-29.40.x…
d4ced6c4680e0b840f74eec007b91d4d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-curl-5.1.2-29.40.x8…
fed239d8fe1e83132301c9f0a8576d4e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-dba-5.1.2-29.40.x86…
cccfa612ef0695e92e0ef86c92c574c7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-dbase-5.1.2-29.40.x…
05429d6688f291648ef9ba42763dcc6b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-devel-5.1.2-29.40.x…
b13f242366b18d03c4360f70ae2d6038
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-dom-5.1.2-29.40.x86…
d6deafc58ccdaed5be436f33d50e7db6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-exif-5.1.2-29.40.x8…
f75c198abb75b1f81b9ae2375d0c4b50
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-fastcgi-5.1.2-29.40…
35cad4019d8f1cb38edadf1fcd484d69
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-filepro-5.1.2-29.40…
5464f1053029864b9a90f921042e04bb
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-ftp-5.1.2-29.40.x86…
3845c906ad026344c5cd0ce10c6d7b6b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-gd-5.1.2-29.40.x86_…
609f00d3affabe7f6e4a63fafed36f7a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-gettext-5.1.2-29.40…
c875f756a3496d6e8cc6ad976b8c8d0c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-gmp-5.1.2-29.40.x86…
6c569f4f2b8e71f5fe26a5a582557e78
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-iconv-5.1.2-29.40.x…
7ca11254ed9225e4416b93d04d328b5d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-imap-5.1.2-29.40.x8…
7ec4b80302b3581d46d322b670505e5a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-ldap-5.1.2-29.40.x8…
eb60cd38c536e3c9ff7910861294ee97
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mbstring-5.1.2-29.4…
2f1ee2d0e47c98c242c6db56fa46665c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mcrypt-5.1.2-29.40.…
7b2c6155f7f66ce22a12766adfc5ac21
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mhash-5.1.2-29.40.x…
fa282e3eac0373acb49c64029187c1b2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mysql-5.1.2-29.40.x…
a60f18fd288a666638533267a74f787a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mysqli-5.1.2-29.40.…
5e35e32817179825f73c275effd92749
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-ncurses-5.1.2-29.40…
9de9b0bdbf35228a88208f3b7270196e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-odbc-5.1.2-29.40.x8…
b96e4f97fc10bbd89e31e40cb17060b4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-openssl-5.1.2-29.40…
d7b816e74e736be9e8c461105d59ebd6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-pcntl-5.1.2-29.40.x…
cb86e23e02603a1a03debae7ea91d4af
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-pdo-5.1.2-29.40.x86…
9a2219cb291c22eb1453ab1ea2399206
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-pear-5.1.2-29.40.x8…
a5801fbb2217edb38491c5d11ce324db
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-pgsql-5.1.2-29.40.x…
ea466ca04241c01a3bbddd1c5c6ebff8
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-posix-5.1.2-29.40.x…
15df882ea506c1fb698597ffe9992fc3
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-pspell-5.1.2-29.40.…
a0acfd93ce84abdf182e4b47ef344929
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-shmop-5.1.2-29.40.x…
f4807996cd311a49ed172d3933e35d02
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-snmp-5.1.2-29.40.x8…
93820663f6027be5b459b61a723a571a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-soap-5.1.2-29.40.x8…
66dad20442cfc699f64bcfae4c8ac843
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-sockets-5.1.2-29.40…
5fd33f46a09682e29347753d24955ccc
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-sqlite-5.1.2-29.40.…
039b11959eaa0de321f1c840b6d1a6c3
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-sysvmsg-5.1.2-29.40…
b29957dc5b5e8736137b21a43f3a5647
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-sysvsem-5.1.2-29.40…
8148797a20b2bcf3e7bf6492a9fa0fa3
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-sysvshm-5.1.2-29.40…
07a1e3843fe9ccbc74c29317dd24c980
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-tidy-5.1.2-29.40.x8…
2323812bf145567deda2de668de4f616
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-tokenizer-5.1.2-29.…
fffecdeddff9dbaefd6307b4e95b412c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-wddx-5.1.2-29.40.x8…
2a390737f4527feb9a07814b103cd765
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-xmlreader-5.1.2-29.…
3a148ab6c80ca5fbfd0c007ec3660608
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-xmlrpc-5.1.2-29.40.…
9d71aa748a38d96038cdb810e989a93f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-xsl-5.1.2-29.40.x86…
3b0fb2f7afb602cc5dd777767cf6ff34
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-zlib-5.1.2-29.40.x8…
d2f30536bd684c0898ebb8a79034d7b2
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-mod_php4-4.…
f16d0c18429131d455827af451acd31c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-mod_php5-5.…
d6ce1261c428eee5bb389919b13b8176
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mod_php4-apache2-4.…
1436f6c40f3ab500e4e84c7e538d8d6b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mod_php4-core-4.4.0…
687d7f020d0776db7bb310d2dcb59c1b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mod_php4-servlet-4.…
9ed2cb2233479b427ab3d06ce01e5f25
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-32bit-4.4.0-6.…
31028000d86ad1fe9faf418b9f1232c3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-4.4.0-6.29.x86…
d29fb5ac6b36e6ce7f690a4ba6f81027
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-bcmath-4.4.0-6…
02293ee39bdc77faa485972aeded069c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-bz2-4.4.0-6.29…
d6b4cf3d99ae4de1ce9b328aaa6cbc8d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-calendar-4.4.0…
5299bc079ba201e1a007ac9babaac65f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-ctype-4.4.0-6.…
21def8c90e2020b39813bd6181c20bda
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-curl-4.4.0-6.2…
ffea667cbc04f80881953dcc3f5b404c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-dbase-4.4.0-6.…
3ef44a56cf8179134f4268c2fdba4cb7
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-dbx-4.4.0-6.29…
93be55710d75b5bfb5a66d6b55c415dc
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-devel-4.4.0-6.…
7839332ecffb4d7d14f8f54d2a70d65b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-domxml-4.4.0-6…
0ef407d0dc2a0bc340a18561f2297233
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-exif-4.4.0-6.2…
811903bae9cdbc75101bc103d1126470
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-fastcgi-4.4.0-…
811195a637dbbc698b7f2d74f2994475
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-filepro-4.4.0-…
46f9cc5d6e835cf48c18b08fc8c7affc
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-ftp-4.4.0-6.29…
75e45dfc4c02687555660a15df658707
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-gd-4.4.0-6.29.…
fe89ad56d00dbf0d45b6dff577bb9cd2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-gettext-4.4.0-…
1dda4865d61ac7474e8e9ebb4a06f868
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-gmp-4.4.0-6.29…
ef5ad49b5181c109b440f29ce31ec887
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-iconv-4.4.0-6.…
8508a8a493f6aa98e07882b6b000c074
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-imap-4.4.0-6.2…
78ae4c0b0036e865c66b32482f6f9a92
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-ldap-4.4.0-6.2…
bdab68f5022eabd34f00beb12b2191a5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-mbstring-4.4.0…
468840d11a1de94af36df3a8bad33be5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-mcal-4.4.0-6.2…
197cc01390b9b09dcd7c4439f3abd4ea
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-mcrypt-4.4.0-6…
3d269d442abe2545b4743568f01359c6
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-mhash-4.4.0-6.…
e0c9d846c0f415779ce3ea1a0ac02dd8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-mime_magic-4.4…
66e037fc8575d10dabe970dd49679be1
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-mysql-4.4.0-6.…
4b4e201289652434628419119bb70fd0
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-pear-4.4.0-6.2…
6b75526fbcce2afc2cc43743100fa40e
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-pgsql-4.4.0-6.…
9cef53f9dd9d7ffabee9ee60afbcf474
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-qtdom-4.4.0-6.…
ad07578b7eb526a46aa2a7d7469a7a55
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-recode-4.4.0-6…
5e123e6f67c9a4842138be871df83246
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-servlet-4.4.0-…
5416325f845d389aa7c2b61fc5fc6337
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-session-4.4.0-…
edc1e5da437ad257b174fc293dcdac7e
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-shmop-4.4.0-6.…
61a39706cc37e2c0d195f37252e1de80
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-snmp-4.4.0-6.2…
45e70d7b6391e93b4239b08dfe12328c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-sockets-4.4.0-…
d40bab07e37cd107d412cd3b14286170
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-sysvsem-4.4.0-…
e48546d1399ed1ec8526654b68a1237b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-sysvshm-4.4.0-…
b475930c91c5a981814b991026436efa
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-unixODBC-4.4.0…
aebb24241df60443e51ef446a1065acd
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-wddx-4.4.0-6.2…
8dfb0549623e26ad08e4bea85e16a818
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-xslt-4.4.0-6.2…
2de33c357719ce11d4ef9428ddf50f9c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-yp-4.4.0-6.29.…
91f7f470bc9fd965a9362353464bd39e
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-zlib-4.4.0-6.2…
c5ae6d7209122e13834037108942f7d4
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-5.0.4-9.29.x86…
6eb58a04c9fa1d3d5d2b457693d8ebfa
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-bcmath-5.0.4-9…
b441475b163139b1309221881cc02c08
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-bz2-5.0.4-9.29…
ca0a14024b205b82770d15d46b04db68
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-calendar-5.0.4…
b6057df6570d6981237784a6eb138f6f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-ctype-5.0.4-9.…
f8d72877f00b95569ed838dac53bdb97
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-curl-5.0.4-9.2…
5a2816391a4d1b16e17e8806b1e62b1c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-dbase-5.0.4-9.…
041ffd28f7b8ecf20c2c8faabc2f935c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-devel-5.0.4-9.…
0d1e46926a5b8b8b025bf4cb8a26ba25
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-dom-5.0.4-9.29…
996cedc9380f4a972092cf943faa7e75
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-exif-5.0.4-9.2…
151f0ee8bd86062de7b731caef843d3f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-fastcgi-5.0.4-…
d4e4c3173b745f91fcd3fed59ed73359
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-filepro-5.0.4-…
643707eb0544aa05664056139fda6f74
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-ftp-5.0.4-9.29…
d1728b40c6900ef539ec47dc53e7e701
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-gd-5.0.4-9.29.…
d57a22575db7a186bfb2317e0310b310
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-gettext-5.0.4-…
ea6d92e3f71fa674c831e4a49da280aa
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-gmp-5.0.4-9.29…
717549886a999538d83a2784fe705452
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-iconv-5.0.4-9.…
8649c022140dbf8e09c4a851aa3d4774
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-imap-5.0.4-9.2…
cab52b0c7f0a9cefb056a6d09b5a9e39
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-ldap-5.0.4-9.2…
5cec6f1283a16e067234c2d90d0cad90
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-mbstring-5.0.4…
da031c961f5535a3f5fd322344ba424a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-mcrypt-5.0.4-9…
a25a6b696c505bfdbdb999cbfa9d76e1
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-mhash-5.0.4-9.…
25d5c19d11c1b2df068111ba9ec4f0ae
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-mysql-5.0.4-9.…
4c9a8c05de4a0f33ca7c3e96cb76fe10
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-mysqli-5.0.4-9…
6b607b377ee4a3a0493e1896e6883dde
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-ncurses-5.0.4-…
41988ef0893b9288031711a6fdb210a7
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-odbc-5.0.4-9.2…
3e676c8b9062171f2024cacd3acdfc40
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-openssl-5.0.4-…
d34a8b1db344468d783f37c50be78479
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-pcntl-5.0.4-9.…
21297c1484a389349b768a9edd50d061
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-pear-5.0.4-9.2…
86927d2a547e816bf6369db296db7d97
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-pgsql-5.0.4-9.…
c17398793beac9e1f7697c3c09b13718
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-posix-5.0.4-9.…
dd3a83424d62ae29692f703182d65467
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-pspell-5.0.4-9…
eaac0cd8a45d549cc54ef5ca00f7cb97
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-shmop-5.0.4-9.…
69bacae53b652d494d3931add1cf95ef
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-snmp-5.0.4-9.2…
86393e0c2747cab2e87ab9c7c73c9323
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-soap-5.0.4-9.2…
c9be4d8b2db537688b770cba22a5e434
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-sockets-5.0.4-…
de196725c03a4d324bb6af0446049564
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-sqlite-5.0.4-9…
afb94f74521976ec4b5f4426a78b2a50
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-sysvmsg-5.0.4-…
35d2d4adc745a6388f610327fd6e40b4
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-sysvsem-5.0.4-…
5a4d847ac02cde6f552d999b6738625b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-sysvshm-5.0.4-…
fd4a31cf8b135076fce8d905d7b5a8c9
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-tokenizer-5.0.…
148b77bb7dd1ca43fe1e4dec3e2748e6
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-wddx-5.0.4-9.2…
d1381e82bebf6318b9e08ef8d60faec9
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-xmlrpc-5.0.4-9…
f5b3f48d13238925db49ce1c0761724c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-xsl-5.0.4-9.29…
a73f6ee19f70b22a097246d7710115b3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-zlib-5.0.4-9.2…
2fbab54a9d808630aec23d23178d32a8
Sources:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/php5-5.2.0-16.src.rpm
aade4e03018456231f0e4756646ac3d9
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/php5-5.1.2-29.40.src.rpm
656b0613928dae41453f5821120ac85f
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/php4-4.4.0-6.29.src.rpm
73e23f119a0bec5b3e625566aff65c9c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/php5-5.0.4-9.29.src.rpm
7fe1e3d99d190d888efd82db9985b5aa
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
UnitedLinux 1.0
http://support.novell.com/techcenter/psdb/3e349d7efffdfecc96ca44f446d1b2c4.…
SuSE Linux Openexchange Server 4
http://support.novell.com/techcenter/psdb/3e349d7efffdfecc96ca44f446d1b2c4.…
SuSE Linux Enterprise Server 8
http://support.novell.com/techcenter/psdb/3e349d7efffdfecc96ca44f446d1b2c4.…
SuSE Linux Standard Server 8
http://support.novell.com/techcenter/psdb/3e349d7efffdfecc96ca44f446d1b2c4.…
SuSE Linux School Server
http://support.novell.com/techcenter/psdb/3e349d7efffdfecc96ca44f446d1b2c4.…
SUSE LINUX Retail Solution 8
http://support.novell.com/techcenter/psdb/3e349d7efffdfecc96ca44f446d1b2c4.…
Open Enterprise Server
http://support.novell.com/techcenter/psdb/34e44a394ab66fcf29b156158bf01627.…
Novell Linux POS 9
http://support.novell.com/techcenter/psdb/34e44a394ab66fcf29b156158bf01627.…
SUSE SLES 9
http://support.novell.com/techcenter/psdb/34e44a394ab66fcf29b156158bf01627.…
SUSE Linux Enterprise Server 10 SP1
http://support.novell.com/techcenter/psdb/d7e991611687640b021d8eb8774f15e7.…
SLE SDK 10 SP1
http://support.novell.com/techcenter/psdb/d7e991611687640b021d8eb8774f15e7.…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBRpY6Cney5gA9JdPZAQLFHQf8CfBrBqLudh7eHb7XgjiKa0shdoUGKAk4
6TkVVePMRCvb5bvLKayq+Ip3EUfLWTqXjDaTwBCq8Z+8VPzxvAWINY18ATvsF4Bl
2blLl32k1MYcxVeBnwpV6JGAUBAvzrLNiai91R355GbrNYxVPCWFxcNdjYENZ9L4
Q8LPvYBlX41hJ8xUoI+xKuKmlaS8nrXRmbNAwXj9lktrxZh+JMDii4ZlA8c3ueWl
NX0epqA9BT1/xGTJ6WCExniv5WG7I3puLG/1Ztjm09PqhHYKJZwloOzjMxB7ytvx
5qLX2Mr1INflEgDq3jHFM9yxIpg3q28G85Rf0jUx8CKWcPlGVixEew==
=1oUb
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:2007:043)
by Marcus Meissner 09 Jul '07
by Marcus Meissner 09 Jul '07
09 Jul '07
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: kernel
Announcement ID: SUSE-SA:2007:043
Date: Mon, 09 Jul 2007 13:00:00 +0000
Affected Products: SUSE LINUX 10.0
openSUSE 10.2
SUSE SLES 9
Novell Linux Desktop 9
Open Enterprise Server
Novell Linux POS 9
Vulnerability Type: remote denial of service
Severity (1-10): 7
SUSE Default Package: yes
Cross-References: CVE-2006-7203, CVE-2007-1357, CVE-2007-1496
CVE-2007-1497, CVE-2007-1592, CVE-2007-1861
CVE-2007-2453, CVE-2007-2876
Content of This Advisory:
1) Security Vulnerability Resolved:
kernel security problems
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The SUSE Linux 10.0 and openSUSE 10.2 have been updated to fix various
security problems.
Please note that the SUSE Linux 10.0 has been released some weeks ago.
The SUSE Linux 10.1 is affected by some of those problems but will
be updated in some weeks to merge back with the SLE10 Service Pack
1 kernel.
- CVE-2007-1357: A denial of service problem against the AppleTalk
protocol was fixed. A remote attacker in the same AppleTalk
network segment could cause the machine to crash if it has AppleTalk
protocol loaded.
- CVE-2007-1861: The nl_fib_lookup function in net/ipv4/fib_frontend.c
allows attackers to cause a denial of service (kernel panic) via
NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and
a stack overflow.
- CVE-2007-1496: nfnetlink_log in netfilter allows attackers to cause
a denial of service (crash) via unspecified vectors involving the
(1) nfulnl_recv_config function, (2) using "multiple packets per
netlink message", and (3) bridged packets, which trigger a NULL
pointer dereference.
- CVE-2007-1497: nf_conntrack in netfilter does not set nfctinfo
during reassembly of fragmented packets, which leaves the default
value as IP_CT_ESTABLISHED and might allow remote attackers to
bypass certain rulesets using IPv6 fragments.
Please note that the connection tracking option for IPv6 is not
enabled in any currently shipping SUSE Linux kernel, so it does
not affect SUSE Linux default kernels.
- CVE-2007-1592: A local user could affect a double-free of a ipv6
structure potentially causing a local denial of service attack.
- CVE-2006-7203: The compat_sys_mount function in fs/compat.c allows
local users to cause a denial of service (NULL pointer dereference
and oops) by mounting a smbfs file system in compatibility mode
("mount -t smbfs").
- CVE-2007-2453: Seeding of the kernel random generator on boot did
not work correctly due to a programming mistake and so the kernel
might have more predictable random numbers than assured.
- CVE-2007-2876: A NULL pointer dereference in SCTP connection
tracking could be caused by a remote attacker by sending specially
crafted packets.
Note that this requires SCTP set-up and active to be exploitable.
Also some non-security bugs were fixed.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please reboot the machine after update.
On openSUSE 10.2 this update will trigger installation of new NVIDIA
kernel drivers if you have the NVIDIA repository added.
This addition will leave the old versions present, they need to be
removed manually.
Run:
rpm -qa |grep nvidia-gfx
If you have a new "nvidia-gfxG01-..." package in this list, you can
remove the left over nvidia-gfx-... package.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-bigsmp-2.6.18.8-0.5…
a505d3960da0ec2ffe648752f1d8b6c4
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-default-2.6.18.8-0.…
da9c7c160022a364b3bb07fee33d602d
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-source-2.6.18.8-0.5…
4e1c40c4fda8864192a230bb05380aca
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-syms-2.6.18.8-0.5.i…
5e273c329378e6c102f2f8ad7e154926
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-xen-2.6.18.8-0.5.i5…
c309622d4a95ffe1737c40f025856a7e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-xenpae-2.6.18.8-0.5…
195c5f7ab27f3c3ab20fb47fa0e27ec6
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/Intel-536ep-4.69-0.2.…
1d3fe226bab796dcd52bd99a568f726e
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-bigsmp-2.6.13-…
3cf2ab34b8a006be241aa022f192c89b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-bigsmp-nongpl-…
ee1c01585c96fadcf3071e1028470725
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-default-2.6.13…
d17a8edd2af6c014176525b3b18d9dd9
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-default-nongpl…
05614b6e759579c3e0ee5325ad226fd5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-smp-2.6.13-15.…
fc205f6d3c72ee4a4efafd391866a593
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-smp-nongpl-2.6…
741e1670becd48cae2f9994c2dfaff5c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-source-2.6.13-…
fe997ec5203094fc2fa58eb6b03cc6b5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-syms-2.6.13-15…
c7cf492f1fa78512c1a8d9cd7fb07bac
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-um-2.6.13-15.1…
40114d46d9bb329c5dce4762a7ca78d7
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-um-nongpl-2.6.…
0839b75f18b63ddf1623769d0283eb18
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-xen-2.6.13-15.…
0626e5104b81301c71ddde79bfabdc27
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-xen-nongpl-2.6…
aa2d3994fe3ac616548eb20beb056c57
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/um-host-kernel-2.6.13…
d377dae62b3689c187d8258597df6a67
Power PC Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/kernel-default-2.6.18.8-0.5…
590007ea5d50c35b79eaf3246f80b360
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/kernel-iseries64-2.6.18.8-0…
b174a54f8aae959fdfc50d009be2d069
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/kernel-ppc64-2.6.18.8-0.5.p…
448c87b384c1f62d9e5519cd6f47f5aa
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/kernel-source-2.6.18.8-0.5.…
04bf780fe95e95d9953ab344a0debfe0
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/kernel-syms-2.6.18.8-0.5.pp…
63102284392f8afc6e5a48855b6cf8a8
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-default-2.6.13-…
7f704938e86c3de242436d114560fae9
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-iseries64-2.6.1…
bf310faa41c55b897893e8891e0eaaa8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-ppc64-2.6.13-15…
1a01f7fe3c5b9701d2d122d05138c000
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-source-2.6.13-1…
b76403857ba669b234d2891855809f06
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-syms-2.6.13-15.…
6617ba26a91fd4ae1f7018c2b9675159
x86-64 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/kernel-default-2.6.18.8-…
36bf701bec6ff3f1ef7622ae2d718fc7
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/kernel-source-2.6.18.8-0…
2a00aff3634cb6b60c6c174bbfbc87cc
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/kernel-syms-2.6.18.8-0.5…
0d673a9f9557eb1643c66c6a22f63cda
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/kernel-xen-2.6.18.8-0.5.…
187d790942b4b7287a766c45e6ece747
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-default-2.6.…
effe5768bfde49ca4062a55c49607263
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-default-nong…
ffb75eae6c6ff7bfc965a6227f1f7972
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-smp-2.6.13-1…
106430486de053978ed824436dd064fa
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-smp-nongpl-2…
c1e57b4f42c2de1cf31ebaf9cbdc389f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-source-2.6.1…
ab6ba07327191cf7c409f4f9c0602d73
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-syms-2.6.13-…
e3b600c1e5e2ab862168d20220bcff5c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-xen-2.6.13-1…
d299aa32d3e17091aa83d7f3097653b5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-xen-nongpl-2…
d523b78f2f2d5d1d162d3cbd4511a7c2
Sources:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-bigsmp-2.6.18.8-0.5.…
a4c9f16922fea3aaad385b4614d21d15
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-default-2.6.18.8-0.5…
a576cb1f91137053da1e7f6c58c7d37c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-iseries64-2.6.18.8-0…
901878ad7875cdce03c2178c2d91ae06
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-ppc64-2.6.18.8-0.5.n…
4985f6d66c4cb0d899f5a01db4e38237
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-source-2.6.18.8-0.5.…
71a95473e6114f4eea2a6a00f591d8f8
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-syms-2.6.18.8-0.5.sr…
5a7312884f85d6bce16991333c1504b1
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-xen-2.6.18.8-0.5.nos…
e53829bfc3ae75c0dfdcc0c7e5411ba8
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-xenpae-2.6.18.8-0.5.…
d8cfd9e90f21b4167ebf2935aeba7678
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/Intel-536ep-4.69-0.2.s…
05dec5d7ae03b161f2a57f6da8955700
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-bigsmp-2.6.13-1…
e5ef10ca84c922a722a593e76a20c2f1
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-default-2.6.13-…
a76d8142a583508c669e147c070ce78d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-iseries64-2.6.1…
8016b18e1d36bbfbbed8f75d2c79cb04
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-ppc64-2.6.13-15…
cf5c3bdf83956b642ddd3aa46eac5ee0
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-smp-2.6.13-15.1…
261324df40ac37369cfdd9b22919c742
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-source-2.6.13-1…
17a5dd4d44426ce4d7d96aa437582513
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-source-2.6.13-1…
d200d519ac2cdb2e01a9222f381c3e63
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-syms-2.6.13-15.…
a3c1111ae281e8ac2ed871b39e2236e3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-um-2.6.13-15.16…
88a5a6f8507a193e9407d6490821be94
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-xen-2.6.13-15.1…
0b1277b23d20e93da20ecafe4a23a8b6
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBRpIqgXey5gA9JdPZAQKVaAf/UYixRKjKAi3ggJL7EQr/YheoU11UdNq2
OYn4yNf7WgxnK8mRRrzEbZJnhmYXGi3eDEQghQ+EAqNzWYXUxrrPe0G6sQoGWmB6
Pe1nKm8NMqNtfvicF6rKtgAfrCMRP5DrYioDrVLvF1r3GvURNslurTsTNc59fuV/
Lo1/hDJnTT6hwHpb9BlWUpwkntnJKEn01ysg4HqSK92Yhz5yJHmEeW9ZZ91q0PSa
eSldcRNYQ3JR3C70JzFdu7UZ+QtzI5sPZwoJmRO9QOMavWPghTg3O6+nyP9Um/B0
ywr6ZGXWEsEZI8EsoBO9PepZ17N+VWjjpwRKL7gzGGQdir/M8h/GWw==
=CzqZ
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE Security Announcement: Evolution (SUSE-SA:2007:042)
by Marcus Meissner 05 Jul '07
by Marcus Meissner 05 Jul '07
05 Jul '07
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: evolution,evolution-data-server
Announcement ID: SUSE-SA:2007:042
Date: Thu, 05 Jul 2007 18:00:00 +0000
Affected Products: SUSE LINUX 10.0
SUSE LINUX 10.1
openSUSE 10.2
SuSE Linux Desktop 1.0
Novell Linux Desktop 9
SUSE Linux Enterprise Desktop 10 SP1
SUSE Linux Enterprise Server 10 SP1
Vulnerability Type: remote code execution
Severity (1-10): 6
SUSE Default Package: yes
Cross-References: CVE-2007-3257
Content of This Advisory:
1) Security Vulnerability Resolved:
remote code execution by malicious IMAP server
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
A malicious IMAP server could execute code within evolution by sending
a malformed response to a SEQUENCE command. (CVE-2007-3257)
This requires the user to connect to this malicious server (or a DNS
entry of a good one replaced pointed to a malicious one)
For older products the problematic code lives in the evolution package,
for newer ones in the evolution-data-server package.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please close and restart all running instances of evolution after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/evolution-data-server-1.8.…
cf0ef3332a1005a598dc01b9b8721c3b
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/evolution-data-server-deve…
53c2edfea054edf680d16b9a6ebe1d6a
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/evolution-data-server-1.6.…
ac3b9d062feda507bc46bb4537c35f01
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/evolution-data-server-deve…
999c30d78f4bcedb92cc9d13acd4cb04
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/evolution-data-server…
f81fc01aac70dacaef72067cd20e1789
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/evolution-data-server…
0c5019714dc38967250d546e4240324b
Power PC Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/evolution-data-server-1.8.2…
bedd7b5ecb09dc7ebe13b4ba5a39746c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/evolution-data-server-devel…
435aca4e7fd2047c8f65de84b4a460ba
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/evolution-data-server-1.6.0…
d58d33df2443fefe6dede70c06c0151e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/evolution-data-server-devel…
e2be822ff9c625b8d6c2571d6003104e
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/evolution-data-server-…
7be262a623a6035ddbe8e885aaee59fc
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/evolution-data-server-…
55e98a69b4e8570548966506ee8b8890
x86-64 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/evolution-data-server-1.…
ddf44956dd38e64e8fd8f352da504a28
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/evolution-data-server-32…
9f1ee1154618701bb018afdc4df07207
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/evolution-data-server-de…
af6d90f21a8574f9ed4a6ac26edc1ba9
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/evolution-data-server-1.…
f71072d3a1b4cdcae9ac1e4464088b20
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/evolution-data-server-32…
e19ff9bd8b3a607dba310ce9f515fec5
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/evolution-data-server-de…
d080eb77092927c24cd6977f18011008
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/evolution-data-serv…
8a82624a404f4a37aeabb10f663f39f9
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/evolution-data-serv…
64b949a2a7feee1015b0172d9d8f4688
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/evolution-data-serv…
6d3f26332fd7aee190f9a801411a3ebd
Sources:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/evolution-data-server-1.8.2…
cb868a3ffb3dbd880f1eabf52b9a2b2f
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/evolution-data-server-1.6.0…
b20034e320b6dc7a78c00ac775bd798b
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/evolution-data-server-…
e84e74ba25d843e82e15392d125a8c44
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
SUSE Linux Enterprise Server 10 SP1
http://support.novell.com/techcenter/psdb/05f2191a0a3c694e34ebe389d55eb5ab.…
SUSE Linux Enterprise Desktop 10 SP1
http://support.novell.com/techcenter/psdb/05f2191a0a3c694e34ebe389d55eb5ab.…
Novell Linux Desktop 9
http://support.novell.com/techcenter/psdb/49ddc1710da25d618b1e7a9a8b2194b5.…
SuSE Linux Desktop 1.0
http://support.novell.com/techcenter/psdb/49ddc1710da25d618b1e7a9a8b2194b5.…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBRo0Rhney5gA9JdPZAQJh0Qf/dUAI+BzwhEJKs9huaJzrLuEezc4K6YXZ
O+qgDZ2fxmldf+1ZG3INMkWI4Lo40hvj4aUeYAbXmohW0nBF92bJzhUjP2b1W5io
BIDMsES6CCM5okb7ipv60UGuD79f3/LCiLMhMWrpjViWpAcPtbr8b4ARNVjmTaxv
6zbg3cUseg8zLnFxxBYM12DXZxFekYey0klL5uYQVu5jK4RbEigCwAEDsVB4CaFS
ZgI8IBlhF1NtqHd5j+mfvqCUFj/nrZVWlO/ea6abe6maQVr8R4B5WN0dJw8Zfbnb
ixsEq3rrEZKQw/5noC0Rq6yyk+21AswkgGxlX4HUCajU2HFFw6G/cg==
=7iu+
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE Security Announcement: freetype2 (SUSE-SA:2007:041)
by Marcus Meissner 04 Jul '07
by Marcus Meissner 04 Jul '07
04 Jul '07
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: freetype2
Announcement ID: SUSE-SA:2007:041
Date: Wed, 04 Jul 2007 14:00:00 +0000
Affected Products: SUSE LINUX 10.0
SUSE LINUX 10.1
openSUSE 10.2
UnitedLinux 1.0
SuSE Linux Enterprise Server 8
SuSE Linux Openexchange Server 4
SuSE Linux Desktop 1.0
SuSE Linux Standard Server 8
SuSE Linux School Server
SUSE LINUX Retail Solution 8
SUSE SLES 9
Novell Linux Desktop 9
Open Enterprise Server
Novell Linux POS 9
SUSE Linux Enterprise Desktop 10 SP1
SUSE Linux Enterprise Server 10 SP1
Vulnerability Type: remote code execution
Severity (1-10): 8
SUSE Default Package: yes
Cross-References: CVE-2007-2754
Content of This Advisory:
1) Security Vulnerability Resolved:
freetype2 security problem
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The TTF rendering library freetype2 was updated to fix an integer
signedness bug when handling TTF images.
This bug can lead to a heap overflow that can be exploited to execute
arbitrary code. (CVE-2007-2754)
Updates for SLE 10 Service Pack 1 and SUSE Linux 10.1 were released on
Monday the 2nd of July, all other products received them at June 20th.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please close and restart your desktop after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/freetype2-2.2.1.20061027-1…
3d57e279dba8b3f75760e56b6664e466
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/freetype2-devel-2.2.1.2006…
97d4c1211f0946dad3a7b4ce5d51a933
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/freetype2-2.1.10-18.14.i58…
327ce20607390381023742a279ad84b1
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/freetype2-devel-2.1.10-18.…
7bc0c9c1b5ca05bfb7a10eea608e687a
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/freetype2-2.1.10-4.9.…
9856006a53a4f50d2d919043441ee7f7
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/freetype2-devel-2.1.1…
3369f95a87b2ac67754bd8d0ca6be892
Power PC Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/freetype2-2.2.1.20061027-15…
6290e10b65e5ad9c508fc9ae7f5be443
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/freetype2-devel-2.2.1.20061…
f53c8a0d9a76397d69bb9080f296f200
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/freetype2-2.1.10-18.14.ppc.…
cee13c222808ee806b1d3711895a5780
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/freetype2-devel-2.1.10-18.1…
6828861f12fb2dd120082f5eb2ad9cf9
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/freetype2-2.1.10-4.9.p…
342c1268d8ae87d00afa9ea8c475c5bf
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/freetype2-devel-2.1.10…
93ed500ad8e68e3d4f50de9e455205bd
x86-64 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/freetype2-2.2.1.20061027…
0d1f860aed7fe167273dc39f8d5dde71
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/freetype2-32bit-2.2.1.20…
d390422eaa70be260ff76e67b43f7a25
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/freetype2-devel-2.2.1.20…
c9236db9b5235545cedda120994efef3
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/freetype2-devel-32bit-2.…
391d544bc6e47b1819b2de570def0dbe
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/freetype2-2.1.10-18.14.x…
c14a7cbee88ea0d66d2426582bca8a82
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/freetype2-32bit-2.1.10-1…
5bf9df9882521f30eec53884c8e8044c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/freetype2-devel-2.1.10-1…
f6e5ea94aa8f2054c493a343586e3073
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/freetype2-devel-32bit-2.…
0d6cd857c9a30cc109d56e2be369b5fe
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/freetype2-2.1.10-4.…
f1e0170374db5118dfcc816f5ebe9d61
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/freetype2-32bit-2.1…
f3620efaf0b4398d618547a867c1ca87
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/freetype2-devel-2.1…
56eab1c0122caf3dd7d2bc9e9f273042
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/freetype2-devel-32b…
51854ad773e65d703bdb9ede50c5f851
Sources:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/freetype2-2.2.1.20061027-15…
9fb6f7a05c9792e1cdb36a071d090989
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/freetype2-2.1.10-18.14.src.…
7cebbeb338640a4090162ece7ca8eb5e
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/freetype2-2.1.10-4.9.s…
833d154c7d8ce2604dc427f43dc3f99a
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
SUSE Linux Enterprise Server 10 SP1
http://support.novell.com/techcenter/psdb/824a4e24e4379e41403530852c364190.…
SUSE Linux Enterprise Desktop 10 SP1
http://support.novell.com/techcenter/psdb/824a4e24e4379e41403530852c364190.…
UnitedLinux 1.0
http://support.novell.com/techcenter/psdb/21c9a243dbedc0b6b97f4bf9e8e2d3f9.…
SuSE Linux Openexchange Server 4
http://support.novell.com/techcenter/psdb/21c9a243dbedc0b6b97f4bf9e8e2d3f9.…
Open Enterprise Server
http://support.novell.com/techcenter/psdb/21c9a243dbedc0b6b97f4bf9e8e2d3f9.…
Novell Linux POS 9
http://support.novell.com/techcenter/psdb/21c9a243dbedc0b6b97f4bf9e8e2d3f9.…
Novell Linux Desktop 9
http://support.novell.com/techcenter/psdb/21c9a243dbedc0b6b97f4bf9e8e2d3f9.…
SuSE Linux Enterprise Server 8
http://support.novell.com/techcenter/psdb/21c9a243dbedc0b6b97f4bf9e8e2d3f9.…
SuSE Linux Standard Server 8
http://support.novell.com/techcenter/psdb/21c9a243dbedc0b6b97f4bf9e8e2d3f9.…
SuSE Linux School Server
http://support.novell.com/techcenter/psdb/21c9a243dbedc0b6b97f4bf9e8e2d3f9.…
SUSE LINUX Retail Solution 8
http://support.novell.com/techcenter/psdb/21c9a243dbedc0b6b97f4bf9e8e2d3f9.…
SuSE Linux Desktop 1.0
http://support.novell.com/techcenter/psdb/21c9a243dbedc0b6b97f4bf9e8e2d3f9.…
SUSE SLES 9
http://support.novell.com/techcenter/psdb/21c9a243dbedc0b6b97f4bf9e8e2d3f9.…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBRouIfXey5gA9JdPZAQL1HAf+Ij7ufUKuJCnFgMHmREcNNyHl/W/0iacl
Ioz2KNQjJ/AYRuroeMiY2UHZNFpQjGRFaJcuuNTXzQXWS25SO21HcNkNcv8Z2145
f965htX52S9gIOJ+wKMkSF40AvH/Za7o774JldFTdV8WysIgOgXJVmg0o45VzCgX
qpK9P/7HPSuQYvQShO23to2zYrqFi5EHwUhq9EXSl5glAV9OO8tL1N1+iJJDZEl6
+pTTyyR/fqK1fpwpIEEfhMsooMs4Hc/rC/DHLoa9W8CsZTO2yKB+wjWf0vyIkeLk
jSTRnQaVMGohZ959Czq34eGAvgOuckljJ3TOcRPr97ciTxxdfyd6Xw==
=GRor
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE Security Announcement: file (SUSE-SA:2007:040)
by Marcus Meissner 04 Jul '07
by Marcus Meissner 04 Jul '07
04 Jul '07
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: file
Announcement ID: SUSE-SA:2007:040
Date: Wed, 04 Jul 2007 13:00:00 +0000
Affected Products: SUSE LINUX 10.0
SUSE LINUX 10.1
openSUSE 10.2
SUSE SLES 9
Novell Linux Desktop 9
Open Enterprise Server
Novell Linux POS 9
SUSE Linux Enterprise Desktop 10 SP1
SLE SDK 10 SP1
SUSE Linux Enterprise Server 10 SP1
Vulnerability Type: potential code execution
Severity (1-10): 7
SUSE Default Package: yes
Cross-References: CVE-2007-1536, CVE-2007-2799
Content of This Advisory:
1) Security Vulnerability Resolved:
file integer overflow
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
A previous security fix for file introduced a new integer overflow
in the file_printf() function and potentially be used to execute code.
This has been fixed and updates have been provided.
Since file can be run by automatic scripts, remote exploitation might
be possible.
This issue is tracked by the Mitre CVE ID CVE-2007-2799.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
None.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/file-4.17-27.i586.rpm
71fb39025842635d3d2a369f67d36966
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/file-devel-4.17-27.i586.rpm
58c8c5cc8219c3a27c6fa35c00d562d1
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/file-4.16-15.13.i586.rpm
0dfcb7061a69c3ea263e259cdc5622a3
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/file-devel-4.16-15.13.i586…
81647420e3676bd1327ad3ee93a2d66c
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/file-4.14-3.5.i586.rpm
2b6b5eb1e6713683ab0062237b18b270
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/file-devel-4.14-3.5.i…
c2341c2361c6ff61a975471a077d8370
Power PC Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/file-4.17-27.ppc.rpm
a34ffaaa3557c9d95b410fb13305feb5
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/file-devel-4.17-27.ppc.rpm
f37b44f3b7faaa5614108f243199478d
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/file-4.16-15.13.ppc.rpm
56f3f787274846955a55a47df9d80f47
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/file-devel-4.16-15.13.ppc.r…
293aaa3d05a2446c4735e5d60ece2e61
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/file-4.14-3.5.ppc.rpm
01722877b74c715ccaf9bfc57cdb4537
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/file-devel-4.14-3.5.pp…
d46fdd9f2cf95e14bea4e6bdfd304d78
x86-64 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/file-32bit-4.17-27.x86_6…
04fa107453847fdbacba7ac20c416c14
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/file-4.17-27.x86_64.rpm
9b25a6c3c36b64da56d18c64c0d41541
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/file-devel-4.17-27.x86_6…
43ad432ef1020371d63a955cba3b4904
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/file-32bit-4.16-15.13.x8…
97f580b6bd4ab6afc3484bb9c75aa27a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/file-4.16-15.13.x86_64.r…
5b2fc247062c970cc6bfd8fcd7de8b51
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/file-devel-4.16-15.13.x8…
6857325d13a32187461b980f47f8e52f
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/file-32bit-4.14-3.5…
a84f3907a7384a27b532c370bfc90371
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/file-4.14-3.5.x86_6…
09430fce30b187c0bc78829ace54fbe6
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/file-devel-4.14-3.5…
17168aee14e6bffdf6b300e24e3e2568
Sources:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/file-4.17-27.src.rpm
63b8e44129d7526ffb6562a2d811933f
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/file-4.16-15.13.src.rpm
06e9f7f0ce0217a20bab1b572004a513
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/file-4.14-3.5.src.rpm
515371c885768d38cf506c1cd8227ca3
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
SUSE Linux Enterprise Server 10 SP1
http://support.novell.com/techcenter/psdb/16b049160f20102b048862a6595a6130.…
SLE SDK 10 SP1
http://support.novell.com/techcenter/psdb/16b049160f20102b048862a6595a6130.…
SUSE Linux Enterprise Desktop 10 SP1
http://support.novell.com/techcenter/psdb/16b049160f20102b048862a6595a6130.…
Open Enterprise Server
http://support.novell.com/techcenter/psdb/40f3a050df9659ee95c994d2fde2b2b0.…
Novell Linux POS 9
http://support.novell.com/techcenter/psdb/40f3a050df9659ee95c994d2fde2b2b0.…
Novell Linux Desktop 9
http://support.novell.com/techcenter/psdb/40f3a050df9659ee95c994d2fde2b2b0.…
SUSE SLES 9
http://support.novell.com/techcenter/psdb/40f3a050df9659ee95c994d2fde2b2b0.…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBRouIRney5gA9JdPZAQIsLwgAiHcToaCWNK0zNixMnDhjUkGB7e8WcbIV
qKpmjW5281AypHLND8ZgXOo+6/rogEI0Lcr4EdTJCsaJCYt6uOrtXW4ywLtZILnD
zzXUh+ROexqA65MqnYzUXJsraF2nB4S0451IbiO40LjtEsexY0pfQ5utVxtqBziI
WLBfzlC+xA6fDoD5p4Rj9uoDzu9Ot5OxIU5QGkcVQf7P08ZjNZYsYWljq7GVy3ed
t6f/5Kd/Xv8dPGVTh7bTNPtwuZKXkt2DkUYXuR7DGd84y9ldl7AHBDM+RneXMpoz
HL5L5sfwggoc/sCpDFf7ttl/pf40u076QSgRoy3zNJCioiKYAKbnBg==
=0WZs
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE Security Announcement: libexif (SUSE-SA:2007:039)
by Marcus Meissner 03 Jul '07
by Marcus Meissner 03 Jul '07
03 Jul '07
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: libexif
Announcement ID: SUSE-SA:2007:039
Date: Tue, 03 Jul 2007 17:00:00 +0000
Affected Products: SUSE LINUX 10.0
SUSE LINUX 10.1
openSUSE 10.2
UnitedLinux 1.0
SuSE Linux Enterprise Server 8
SuSE Linux Openexchange Server 4
SuSE Linux Desktop 1.0
SuSE Linux Standard Server 8
SuSE Linux School Server
SUSE LINUX Retail Solution 8
SUSE SLES 9
Novell Linux Desktop 9
Open Enterprise Server
Novell Linux POS 9
SUSE Linux Enterprise Desktop 10 SP1
SLE SDK 10 SP1
SUSE Linux Enterprise Server 10 SP1
Vulnerability Type: remote denial of service
Severity (1-10): 7
SUSE Default Package: yes
Cross-References: CVE-2006-4168, CVE-2007-2645
Content of This Advisory:
1) Security Vulnerability Resolved:
libexif remote denial of service
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
Two security problems were fixed in the libexif library which handles
extended information in JPEG images.
CVE-2007-2645: A denial of service problem (crash) was fixed in the
EXIF Loader of libexif, which could be used to crash the browser
or image viewer when it interprets the EXIF tags in prepared JPEG
files. ()
CVE-2006-4168: A integer overflow was fixed in the EXIF loader, which
could potentially be used to execute code or at least to crash the
image viewer/web browser.
Attackers might crash your E-Mail client or Web browser by embedding
a crafted JPEG image with broken EXIF data.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
None.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/libexif-0.6.14-20.i586.rpm
8b51ea8c00917b92f2c6f917dc6c7075
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/libexif5-0.5.12-39.i586.rpm
2f664181c05adba466688d72acba0290
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/libexif-0.6.13-20.6.i586.r…
19c460b7303a61f73aa6e8fc608c19e6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/libexif5-0.5.12-17.7.i586.…
94ef6e0db31f9a27cfe918127e111ae8
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/libexif-0.6.13-5.6.i5…
828b66ebbcf65165265b2626d5cfd128
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/libexif5-0.5.12-5.3.i…
2ee753118e36046fde13e7baf776198e
Power PC Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/libexif-0.6.14-20.ppc.rpm
8b4fd53fe4d613e8265cca92e4125eed
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/libexif5-0.5.12-39.ppc.rpm
23907dd0364b4abc001ad0e1fefc559f
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/libexif-0.6.13-20.6.ppc.rpm
6dfe90de0ec18f6b62545d41c1ce0451
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/libexif5-0.5.12-17.7.ppc.rpm
5b16777269b81781ab22e1199bae4744
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/libexif-0.6.13-5.6.ppc…
66758e06bf81296b0f785c4f9be1f6e4
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/libexif5-0.5.12-5.3.pp…
088582470dcb34f117d7914dc0314fd8
x86-64 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/libexif-0.6.14-20.x86_64…
281b4a175bc3ee533c2bc013045cb56f
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/libexif-32bit-0.6.14-20.…
af8ca717ed67c7daf8162264d8c9aad0
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/libexif5-0.5.12-39.x86_6…
62cb1d299cfb85754d2f99fc954f9786
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/libexif-0.6.13-20.6.x86_…
9b758ea30cd441c9d43d0320b4660878
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/libexif-32bit-0.6.13-20.…
7b7666c817078d8ce07026a823dd9b4d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/libexif5-0.5.12-17.7.x86…
2166b456ee47fe57d4557ede76e54a13
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/libexif-0.6.13-5.6.…
5b52f417442e5b6e4c5aebcad9577696
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/libexif-32bit-0.6.1…
6785cb87dd30b864171f79cd7b5c3535
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/libexif5-0.5.12-5.3…
e1f59baef428fa1c02d06f83f3aeee59
Sources:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/libexif-0.6.14-20.src.rpm
1feda79286d3d993eaed1e6c9d9b6477
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/libexif5-0.5.12-39.src.rpm
7f2a0b31dab5845cd281926e91f181b7
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/libexif-0.6.13-20.6.src.rpm
78bf6de918f018177b3151eed8cf7709
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/libexif5-0.5.12-17.7.src.rpm
ac32eee3053e9ec1c28363fbddcc7d0d
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/libexif-0.6.13-5.6.src…
8f901b2be54e9ea36539723f2fe63e5f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/libexif5-0.5.12-5.3.sr…
aa25a73a0f84cfe83728d94bbd69a454
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
SLE SDK 10 SP1
http://support.novell.com/techcenter/psdb/f4ec1eac6e651c2a2747f2e56275d1c4.…
SUSE Linux Enterprise Server 10 SP1
http://support.novell.com/techcenter/psdb/f4ec1eac6e651c2a2747f2e56275d1c4.…
http://support.novell.com/techcenter/psdb/bfd3d663c28c43bc07ad75413eec677a.…
SUSE Linux Enterprise Desktop 10 SP1
http://support.novell.com/techcenter/psdb/bfd3d663c28c43bc07ad75413eec677a.…
UnitedLinux 1.0
http://support.novell.com/techcenter/psdb/d2186e8218d131e17a5524c43a27b841.…
SuSE Linux Openexchange Server 4
http://support.novell.com/techcenter/psdb/d2186e8218d131e17a5524c43a27b841.…
Open Enterprise Server
http://support.novell.com/techcenter/psdb/d2186e8218d131e17a5524c43a27b841.…
Novell Linux POS 9
http://support.novell.com/techcenter/psdb/d2186e8218d131e17a5524c43a27b841.…
Novell Linux Desktop 9
http://support.novell.com/techcenter/psdb/d2186e8218d131e17a5524c43a27b841.…
SuSE Linux Enterprise Server 8
http://support.novell.com/techcenter/psdb/d2186e8218d131e17a5524c43a27b841.…
SuSE Linux Standard Server 8
http://support.novell.com/techcenter/psdb/d2186e8218d131e17a5524c43a27b841.…
SuSE Linux School Server
http://support.novell.com/techcenter/psdb/d2186e8218d131e17a5524c43a27b841.…
SUSE LINUX Retail Solution 8
http://support.novell.com/techcenter/psdb/d2186e8218d131e17a5524c43a27b841.…
SuSE Linux Desktop 1.0
http://support.novell.com/techcenter/psdb/d2186e8218d131e17a5524c43a27b841.…
SUSE SLES 9
http://support.novell.com/techcenter/psdb/d2186e8218d131e17a5524c43a27b841.…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBRopvG3ey5gA9JdPZAQJaigf+N/Xeh76qfZ/mfk+fQGJfvqTTLw7NBoIl
Iy4SKMLSubF3v3YYD+hqxLTFC/WdJGUKNTqNJSaXq2iu00M1TVAk0Ch3+eyAa74z
tk9skeGmABW/DVV5g/qAdg8IHxuZpN9pw0ZDJXTgSR5OjYWPDJcDw2dy9XF9QH9Q
fs4TofgOKXwnDj6TqfJtKXyIzXgmBEYEXAJnDOMlNZ/0i68QCP22QmSZUETPN3Xf
mBl+lQpe3bw1knsqIgJ7gdVLeh75o62sdupvNEZvqTfl/rurPERrdlwq/FLSd5iL
laPK2gu6FUylb1r5JRufu8lLY11MbdGGZfryeYzPthlEwt4X25PCJQ==
=7L0m
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE Security Announcement: krb5 security problems (SUSE-SA:2007:038)
by Marcus Meissner 03 Jul '07
by Marcus Meissner 03 Jul '07
03 Jul '07
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: krb5
Announcement ID: SUSE-SA:2007:038
Date: Tue, 03 Jul 2007 17:00:00 +0000
Affected Products: SUSE LINUX 10.0
SUSE LINUX 10.1
openSUSE 10.2
SUSE Linux Enterprise Desktop 10 SP1
SLE SDK 10 SP1
SUSE Linux Enterprise Server 10 SP1
Vulnerability Type: remote code execution
Severity (1-10): 7
SUSE Default Package: no
Cross-References: CVE-2007-2442, CVE-2007-2443, CVE-2007-2798
Content of This Advisory:
1) Security Vulnerability Resolved:
krb5 security problems
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The KRB5 libraries and utilities contained two security problems for which updates
were released.
- CVE-2007-2798: A stack-based buffer overflow in kadmind was fixed
which can be exploited by authenticated remote users to gain
root. This requires kadmind to run to be effective.
- CVE-2007-2442, CVE-2007-2443: Additionally two bugs in the RPC library
of kadmind were fixed that can lead to remote system compromise. Note
that third-party applications using this RPC library are vulnerable
too.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
None.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-1.5.1-23.6.i586.rpm
dc2fa8951dada9f5682fe449dc385e2d
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-devel-1.5.1-23.6.i586…
dd2d611d86a420e45f5cacce9d7fdec1
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-server-1.5.1-23.6.i58…
5daa3fedc4198ebb7b4d0a8127bed8ed
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-1.4.3-19.22.i586.rpm
09da59a0aaafd6c8d22321752f2c38d3
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-devel-1.4.3-19.22.i58…
0840fcc71f5b4e97beb835e0e25dedbc
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-server-1.4.3-19.22.i5…
9d23419758f2b0a69ba143dbacbc9f0a
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/krb5-1.4.1-5.7.i586.r…
32b71e707e4ec85b0eee500de51a89cf
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/krb5-devel-1.4.1-5.7.…
f71c6582dcb3a74a804a4143ff6f48c3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/krb5-server-1.4.1-5.7…
22b2f9c5cc94918a58c8c5e1b4d6296d
Power PC Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/krb5-1.5.1-23.6.ppc.rpm
cdf7854a981af8b5b9e4ad5d0eca9c7d
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/krb5-devel-1.5.1-23.6.ppc.r…
5aba32af56d726c3616cc4260a69a848
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/krb5-server-1.5.1-23.6.ppc.…
a1ab8842ba74f4b2a3e2cba56d730556
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/krb5-1.4.3-19.22.ppc.rpm
aa13e756476c571bdb9d1f909ffdd2d9
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/krb5-devel-1.4.3-19.22.ppc.…
c121580b3e9392f8de76efda8d5dd551
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/krb5-server-1.4.3-19.22.ppc…
aabf1f7df56922b01d67213af2cfc0af
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/krb5-1.4.1-5.7.ppc.rpm
069361f8698af89dc366bf3d2cdf7239
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/krb5-devel-1.4.1-5.7.p…
e440e4b49b571b8bf9ebf0f9200d29c3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/krb5-server-1.4.1-5.7.…
4188e3334beceefce3cab6aa8429a16c
x86-64 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-1.5.1-23.6.x86_64.r…
edff62bb110662ee8a16f51b69c684c2
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-32bit-1.5.1-23.6.x8…
af81d30ce34ee7c0c708a8c0f17d81a5
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-devel-1.5.1-23.6.x8…
7d204e67fa211a528acedd6980925686
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-devel-32bit-1.5.1-2…
8036b0e78e1fea05e895b7d2c5717538
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-server-1.5.1-23.6.x…
14238f108e2375205961a73ec15ecbde
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-1.4.3-19.22.x86_64.…
0c46b69cf856956753908711a391ca3c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-32bit-1.4.3-19.22.x…
cd9562c71d1439f9ea1b7fd29b2a2a15
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-devel-1.4.3-19.22.x…
624a0d8362e07050d705642f12e6109e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-devel-32bit-1.4.3-1…
30cd873aa47a0006d5e402e2280d311f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-server-1.4.3-19.22.…
6149c3d8873ebbdf0549f74eabd61a0e
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/krb5-1.4.1-5.7.x86_…
eaf8552be5695919d2d7a058339c4d1f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/krb5-32bit-1.4.1-5.…
146f189e550f82bc987cde96a0b13086
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/krb5-devel-1.4.1-5.…
5bd145009778a85a0e8d26f58cf976c6
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/krb5-devel-32bit-1.…
21418e68ed403d5bc822e8e31473bc57
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/krb5-server-1.4.1-5…
2c55efe366234d32d547c85ffe3e78a2
Sources:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/krb5-1.5.1-23.6.src.rpm
e3a6f207ca990afd58afec40b3b08aea
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/krb5-1.4.3-19.22.src.rpm
a29ba835ba013e45102b136d7c0f89a8
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/krb5-1.4.1-5.7.src.rpm
b4a34b1b66194f86cd6163aa9a5879b4
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
SUSE Linux Enterprise Server 10 SP1
http://support.novell.com/techcenter/psdb/b25610d8b470e16c60af96095d35faae.…
SLE SDK 10 SP1
http://support.novell.com/techcenter/psdb/b25610d8b470e16c60af96095d35faae.…
SUSE Linux Enterprise Desktop 10 SP1
http://support.novell.com/techcenter/psdb/b25610d8b470e16c60af96095d35faae.…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBRopsKXey5gA9JdPZAQK1Mwf/UX8QDQUhTT3FBRUVFk/NEXaP4pZpo/FW
LOHAYEiR+j51qkFx4JyrbJ2PGdUwE7TfsqLjEVl+cZcPytxqLoWrqBJfvHGD4e1u
iHW8DuqmFIKw9Sja7Cdg/s3HzIMij59cIAzmZTAmY+NcDg1aafQO22ZFXX6Tkq7j
ZjNl++MCm86h/d2JuLyqeBJY1ZRimufr5SuqkQzVeHty5BPxolh9oyqx8ZfpAnov
Wsg3HE01+C8h5y24gnjKYMbU2YU1p2gPbPPuRgTHda+sOy7MXVqD2TkKr6djsC2R
aKwfk/IFfjjYWp1KAK1YdVnjrTdPoGJ/9lGY6lyJJlVr682MFNMyqw==
=/Ad+
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0