openSUSE Security Announce
Threads by month
- ----- 2024 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
January 2008
- 3 participants
- 7 discussions
[security-announce] SUSE Security Announcement: php4, php5 (SUSE-SA:2008:004)
by Ludwig Nussel 29 Jan '08
by Ludwig Nussel 29 Jan '08
29 Jan '08
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: php4, php5
Announcement ID: SUSE-SA:2008:004
Date: Tue, 29 Jan 2008 13:00:00 +0000
Affected Products: SUSE LINUX 10.1
openSUSE 10.2
openSUSE 10.3
SUSE SLES 9
Novell Linux Desktop 9 SDK
Open Enterprise Server
Novell Linux POS 9
SLE SDK 10 SP1
SUSE Linux Enterprise Server 10 SP1
Vulnerability Type: remote code execution
Severity (1-10): 5
SUSE Default Package: no
Cross-References: CVE-2005-4872, CVE-2006-7224, CVE-2006-7225
CVE-2006-7226, CVE-2006-7227, CVE-2006-7228
CVE-2006-7230, CVE-2007-1659, CVE-2007-1660
CVE-2007-2872, CVE-2007-3996, CVE-2007-3998
CVE-2007-4658, CVE-2007-4661, CVE-2007-4782
CVE-2007-4784, CVE-2007-4825, CVE-2007-4840
CVE-2007-5898
Content of This Advisory:
1) Security Vulnerability Resolved:
multiple security bugs in php
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
- See SUSE Security Summary Report
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
php5 was updated to version 5.2.5 to fix several security
vulnerabilities. For php4 on SLES9 the patches were backported.
- php4 on SLES9 and php5 on SLES10/10.1 contained a copy of the pcre
library which was vulnerable to several security issues. On SLES9
the included library was patched. SLES10/10.1 now uses the system
pcre library. 10.2 and 10.3 already used the system pcre library
before.
(CVE-2007-1659, CVE-2006-7230, CVE-2007-1660, CVE-2006-7227
CVE-2005-4872, CVE-2006-7228)
- flaws in processing multi byte sequences in htmlentities/htmlspecialchars
(CVE-2007-5898)
- overly long arguments to the dl() function could crash php
(CVE-2007-4825)
- overy long arguments to the glob() function could crash php
(CVE-2007-4782)
- overly long arguments to some iconv functions could crash php
(CVE-2007-4840)
- overy long arguments to the setlocale() function could crash php
(CVE-2007-4784)
- the wordwrap-function could cause a floating point exception
(CVE-2007-3998)
- overy long arguments to the fnmatch() function could crash php
(CVE-2007-4782)
- incorrect size calculation in the chunk_split function could lead
to a buffer overflow
(CVE-2007-4661)
- flaws in the GD extension could lead to integer overflows
(CVE-2007-3996)
- the money_format function contained format string flaws
(CVE-2007-4658)
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please close and restart all running instances of the apache web
server after the update if you use mod_php.
Note that due to the version upgrade on 10.2 some defaults in
/etc/php5/apache2/php.ini changed. Especially the change of the
default value of the 'short_open_tag' setting could cause problems
with some applications. Please check that setting if you run into
problems.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/apache2-mod_…
a8188cbbf5d420cedcb14342f5115301
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-5.2.5-8…
3d8a6140570e99546501d239142580e8
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-bcmath-…
569e2e31795a02c4b5c961c114225022
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-bz2-5.2…
3eb3de3fa093b70bc5f3c3955f5a823d
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-calenda…
545d5d80772c778c9e31330593c7952b
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-ctype-5…
f23ff1875f81166fb592c5fa50492718
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-curl-5.…
2bae642efcfcf0bcd362eb22f5ebe329
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-dba-5.2…
964dbc67a325f72b7be1e5290fdba44b
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-dbase-5…
fb7e2924f3d753c551cae0c5a28a645f
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-devel-5…
0b0fcb7df2fd3a717316d53c854c1363
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-dom-5.2…
295cdf6c08f24fa302b1a8f106ba2728
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-exif-5.…
d617f309ab6ba3a30fcbc44b1b139694
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-fastcgi…
5a158118e51527ab4d909b163d8ed694
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-ftp-5.2…
e79ba83fac54860d7a9e6904b4e2524c
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-gd-5.2.…
9182c0206287a7f7b4bdaadbef187eda
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-gettext…
e54875f7ed1eba1db47de2072b5030aa
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-gmp-5.2…
06bf491f92ee3e1690ba75621fa0351a
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-hash-5.…
54be577bf101a603d44537bbfbca8d07
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-iconv-5…
4ec6783c8132268d23fb7d3bacb8a0be
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-imap-5.…
1eff59c23fcac1427a9099ada489f679
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-json-5.…
aedb82387290ece0004c66122b220fea
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-ldap-5.…
6d94bc214812ff61ca5043222b4b3a84
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-mbstrin…
9b676183e09c4d00ae1e83fbd7c4a60b
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-mcrypt-…
58b5452f6a5347562d31ff57f9eb3440
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-mhash-5…
f227c6323007a1dd242905cf391055f8
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-mysql-5…
0c4966a1c251382ff06cddbd9bb8a23c
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-ncurses…
9a188fe421e5ba145b2ab104660a197b
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-odbc-5.…
10ac928072c1b4c0ece82acf9e30aa44
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-openssl…
a181ddfcdccd07aa0cea839808ff28d2
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-pcntl-5…
5fce134ccfff3185fde08cda980fb459
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-pdo-5.2…
f72bac3667dbe1c92e4fc10f7bad17db
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-pear-5.…
c4e6649421ce74f575487eaf70323b03
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-pgsql-5…
4eb89dda038b255dc3c72d089111fa2f
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-posix-5…
0af9866a4315576acbb945048ee435b1
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-pspell-…
b9c71875731f494d80cfd828def517fb
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-readlin…
e0a4b45431f00e74e54aa1fbbd375270
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-shmop-5…
84bafe8f87866dc355da1e4d70c5ecbc
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-snmp-5.…
78ff419fa0224ad76418c704bb595df6
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-soap-5.…
d0362e7e3cc2a9be80855e68bc949940
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-sockets…
ca82b1c65f1b537937b92dd1907c47ad
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-sqlite-…
91846b70bbdadffbdc4200199dc57c08
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-suhosin…
148747a19116f6e0dced4d7e72ecb999
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-sysvmsg…
7ee04efef099bfc6b93e97023960851d
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-sysvsem…
3819f67ecaa79ae37e8018a6feb46914
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-sysvshm…
c2db3cc3e9b5d45c37884d8edc6788f7
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-tidy-5.…
969bc6eabc6c0f0f27dd082af0d2550c
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-tokeniz…
a70920cfe6ea30eca2e2a76894d3b12a
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-wddx-5.…
a1177b0357ac2bd3c00efeb137b5ea0d
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-xmlread…
a5a4e3975a42bf6ae62d9f8a518ede1b
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-xmlrpc-…
cea4a696ced99ba49d8d817f8ab64e3c
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-xmlwrit…
ddbcf747b28060258c01e5266e6bdde8
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-xsl-5.2…
244c0be10ed990fd9b86a0a54ab4ea05
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-zip-5.2…
59e2ef4fe4e899394a7f073613989942
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/php5-zlib-5.…
80c247c0e00c83fdf0b82fe23eeab6cc
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/apache2-mod_php5-5.2.5-18.…
625b6148df06937b338389b05f6d9514
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-5.2.5-18.1.i586.rpm
f534961acaae6c8468398f1427e1bb86
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-bcmath-5.2.5-18.1.i58…
c78e72806c4f41c33c498a20f04a3af6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-bz2-5.2.5-18.1.i586.r…
97fe6c435053e2c49b12d4f5fb23c5e1
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-calendar-5.2.5-18.1.i…
e59e41b31d0c359de24e08023b972339
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-ctype-5.2.5-18.1.i586…
ee8d943793937c34060e1c16e6998158
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-curl-5.2.5-18.1.i586.…
2490b9014d2b775327bd47b63c1433ba
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-dba-5.2.5-18.1.i586.r…
3121684cf52681bb2f03790770d46fea
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-dbase-5.2.5-18.1.i586…
fac1487af0ebed40c272396a37ea5203
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-devel-5.2.5-18.1.i586…
7cead6112abe78b08b2d61d66278596f
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-dom-5.2.5-18.1.i586.r…
d02be021d2cc4c20d4f9f9df47e95537
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-exif-5.2.5-18.1.i586.…
a9dedb8ca7097a05a07bdc32fc7a763d
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-fastcgi-5.2.5-18.1.i5…
419b269023176e4b2adc0778b9430d3e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-ftp-5.2.5-18.1.i586.r…
9a1e46407f3f599ed3a268dab4733c71
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-gd-5.2.5-18.1.i586.rpm
19799ec5e1bc3eb86e71377f20208387
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-gettext-5.2.5-18.1.i5…
75e79088532f4b17ebe8670b24c1f69e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-gmp-5.2.5-18.1.i586.r…
223d6e321258685a5c0c5b9759f300e1
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-hash-5.2.5-18.1.i586.…
ea4fcd1bfa134537c097111d78d8207c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-iconv-5.2.5-18.1.i586…
2151e384a3170077f083b43a196f216a
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-imap-5.2.5-18.1.i586.…
b344026f9d8b554bf72231def5c3b3e1
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-json-5.2.5-18.1.i586.…
9fb203b69bc5c70a96415cbd78bd610c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-ldap-5.2.5-18.1.i586.…
c6dde439f0d2eca874ea135d4e3bd558
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-mbstring-5.2.5-18.1.i…
61da6d6babf5b694b8ce7ad348cfcc68
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-mcrypt-5.2.5-18.1.i58…
761c60fd58e2f3c1d430f19f8405e7d0
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-mhash-5.2.5-18.1.i586…
678eb155cc7610b97aeb83a46d786e0f
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-mysql-5.2.5-18.1.i586…
1ef6a319457450a765da994e3d29a78a
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-ncurses-5.2.5-18.1.i5…
88c08d33baa24b232e96e86e09633b85
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-odbc-5.2.5-18.1.i586.…
0035eb249fa5df76640efdac19a2fa00
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-openssl-5.2.5-18.1.i5…
49dee915f4b87801aa79b95def1cfa34
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-pcntl-5.2.5-18.1.i586…
76fdbd088f96ed426a34a7bbb5fa20d0
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-pdo-5.2.5-18.1.i586.r…
6983e11ed31bb44bdf372f2c126530b2
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-pear-5.2.5-18.1.i586.…
2e520ee7fe8857003a4364da2207821e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-pgsql-5.2.5-18.1.i586…
9fdca7dd3a40114ecd39420bcc36a9c1
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-posix-5.2.5-18.1.i586…
8650667542f48c2c0772aaaeab81b9ac
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-pspell-5.2.5-18.1.i58…
c8d4fccbcdd997e698b1a370d1048261
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-shmop-5.2.5-18.1.i586…
b411abc74ca40b8e3111b975ba3f68a6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-snmp-5.2.5-18.1.i586.…
83d054287546f857191ecec7bbdd02eb
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-soap-5.2.5-18.1.i586.…
46def0f16ec03645298d6ca797ccb740
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-sockets-5.2.5-18.1.i5…
193c468ff29a29a056eec16bfe7d2ec6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-sqlite-5.2.5-18.1.i58…
e391f36c81778061a2ba3881bb4ebdb9
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-suhosin-5.2.5-18.1.i5…
4039c2cf1d534f4b5d0d7188df46f32d
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-sysvmsg-5.2.5-18.1.i5…
1a9f9a634f973e466fa12c313bacba9d
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-sysvsem-5.2.5-18.1.i5…
e9d522796cb2fdf3b4681f918ff332c7
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-sysvshm-5.2.5-18.1.i5…
e23411c24549d0641712a3bc5afea7b9
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-tidy-5.2.5-18.1.i586.…
b4b0148b9ef8caddfe936c7ed5e83012
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-tokenizer-5.2.5-18.1.…
dc9f225f81dbd97880d1c73d7d3afb32
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-wddx-5.2.5-18.1.i586.…
fd19a397657929c1565f273bb1eee8bd
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-xmlreader-5.2.5-18.1.…
f5bdca56508f8d1bba2edc50ea142bc6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-xmlrpc-5.2.5-18.1.i58…
297426b04128a6f95f9d60b880b0e4bb
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-xmlwriter-5.2.5-18.1.…
ce936ad9158227bff53cc94ebad65c3e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-xsl-5.2.5-18.1.i586.r…
0063a971e99c3c2e676c4358258af504
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-zip-5.2.5-18.1.i586.r…
3cd7bb10741a73437aa12b68c1df7880
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/php5-zlib-5.2.5-18.1.i586.…
3bca7e0b0658f7edf18424904de81175
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-mod_php5-5.1.2-29.…
52be4966972051054618facb2ea61b9a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-5.1.2-29.50.i586.rpm
673f9f32884bfdfab2dbfdaa97a23d0d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-bcmath-5.1.2-29.50.i5…
0e9e4b12c200a10dfde6eff1dba291dc
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-bz2-5.1.2-29.50.i586.…
4291bd1fb89846c7da7341212029b8d5
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-calendar-5.1.2-29.50.…
7e96bcc1f15df73b0c414a035dd12e4c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-ctype-5.1.2-29.50.i58…
945ac4a82d59f84e4fe32eaa153fcdec
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-curl-5.1.2-29.50.i586…
e65d5758b41cfd2edde4ba1c717f2b8b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-dba-5.1.2-29.50.i586.…
8f7b316c1cf4e9c0d04f3bb79905cd7b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-dbase-5.1.2-29.50.i58…
4170f22dc88635b20bd9b85318bee3c6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-devel-5.1.2-29.50.i58…
6f84cd6d354af093a2173f7b59916fbc
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-dom-5.1.2-29.50.i586.…
e9b1b2bc775b563af68450fb7be98997
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-exif-5.1.2-29.50.i586…
8220c5f396b94636ff46a6f82ea25f16
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-fastcgi-5.1.2-29.50.i…
a3264c98c03844368aafda988c654643
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-filepro-5.1.2-29.50.i…
25a5d80bcdfcdc23afb0a24539044c05
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-ftp-5.1.2-29.50.i586.…
75ce6a71f654c2dd9fd2e9d59b66fe00
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-gd-5.1.2-29.50.i586.r…
5f4e7e76864397e7849c4d09a9bd3975
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-gettext-5.1.2-29.50.i…
b1cdc78ee2237c0b630655255bcff6b8
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-gmp-5.1.2-29.50.i586.…
0f8eb02e418027bf3045e1e1037eb512
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-iconv-5.1.2-29.50.i58…
42f8035a60c74ce88b22f864c8252a87
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-imap-5.1.2-29.50.i586…
77a0ec0472b951904f92f7444a6cda15
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-ldap-5.1.2-29.50.i586…
ea708e114febda96cb179d32d36a574a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mbstring-5.1.2-29.50.…
11c1685b13e9e418f04b136a0176df9a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mcrypt-5.1.2-29.50.i5…
403daa8840da337fd75591f32118b256
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mhash-5.1.2-29.50.i58…
71ee3d825fd32c7e2d489e89907bf3d1
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mysql-5.1.2-29.50.i58…
8b0c2577739ce9569e8bc129b2ea28ef
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-mysqli-5.1.2-29.50.i5…
ae58e6880e4e6d9d094d49d9d16b934e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-ncurses-5.1.2-29.50.i…
008c57f625f4562c188c8481a95bf0d6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-odbc-5.1.2-29.50.i586…
af51105c824ccadb4d406eca280da53c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-openssl-5.1.2-29.50.i…
02d90ebbff396b268fc5fca9ab70bfb5
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-pcntl-5.1.2-29.50.i58…
a6767a41d5562881e2381424c77c7cae
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-pdo-5.1.2-29.50.i586.…
06ba6a3aeddefcf6e35c56c1f3003c14
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-pdo_mysql-5.1.2-29.50…
d4a867c20f456c685f6039101d8e29ba
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-pdo_pgsql-5.1.2-29.50…
cc6f9a3b24937c21743eeb0594caa402
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-pdo_sqlite-5.1.2-29.5…
829cfc5ca72255593fa117d4d15fbf4a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-pear-5.1.2-29.50.i586…
659847a2e9291b209af88ae0b02a7fe3
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-pgsql-5.1.2-29.50.i58…
583859c55cfa0caeb6d687b9efe76dd6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-posix-5.1.2-29.50.i58…
a78ad6572fd7ed113b0c03c81b8d17f5
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-pspell-5.1.2-29.50.i5…
32b94ba4ae9ab9a9fd10c177b2dff319
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-shmop-5.1.2-29.50.i58…
a8a043545f8e16bcc28255dcb484e627
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-snmp-5.1.2-29.50.i586…
bc5debc9085a2a9b48b80844216de3e1
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-soap-5.1.2-29.50.i586…
f427bf69feb262bbf59880229bbe1438
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-sockets-5.1.2-29.50.i…
24c90ab2c0a1bedf2dd5bad7852d97a0
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-sqlite-5.1.2-29.50.i5…
3c2535f0b543d67290c27d29c91d9f1b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-sysvmsg-5.1.2-29.50.i…
61b41f1b8fe73b04b0b0f00395ce3b33
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-sysvsem-5.1.2-29.50.i…
8a989018be6be3761db38548f9149632
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-sysvshm-5.1.2-29.50.i…
d65ee17c6784054e1bfd76fd56834761
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-tidy-5.1.2-29.50.i586…
dfe0164d82928e3fd0dd03b1f9648aea
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-tokenizer-5.1.2-29.50…
d9e34c09019875a53c674c11e428c778
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-wddx-5.1.2-29.50.i586…
b50ea3ef44fdab4e0b5d3fa55c26aac2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-xmlreader-5.1.2-29.50…
798e665e572807a6d6ef414fba4ea23d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-xmlrpc-5.1.2-29.50.i5…
f4f38d7e3923446e2178a3ac0019f5e6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-xmlwriter-5.1.2-29.50…
90d75cfa7329fd4c3502cc28fc03207f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-xsl-5.1.2-29.50.i586.…
0a5888c9ce400c229b5b3e0c8a98057a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-zlib-5.1.2-29.50.i586…
1b252b90b0f27b7161a37e165b106ff3
Power PC Platform:
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/apache2-mod_p…
19ade3d0482916d4a85e480539247abd
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-5.2.5-8.…
e90c3436b8e0840a4f52a8e794d85f88
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-bcmath-5…
591379f3347f2867d38977249e3db25f
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-bz2-5.2.…
09c2e1b0ff672b365decd053efee2f86
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-calendar…
bd17f3e2a5ce95a0b69abb56c794486b
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-ctype-5.…
6542bc9b79503d246eb26999aa012f8e
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-curl-5.2…
d3f86a2e4ad839bffc79447c33e4fe67
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-dba-5.2.…
9e333dbe769fc41bb943460b0660bb3b
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-dbase-5.…
1389b4676dccb9f7504125946cd147c3
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-devel-5.…
989fc87d437f220ecc514347c1d43297
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-dom-5.2.…
b36b3caf6db1bffa5a63d3a7c65b7f14
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-exif-5.2…
b2d3917cfbada4381feda756fd777918
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-fastcgi-…
89d811d0641dd3d2ed68d1a565c5928e
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-ftp-5.2.…
b359a2ecea06a115eea3fab755b60c41
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-gd-5.2.5…
2aa3fc7e506a55b2041d60dc0023371c
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-gettext-…
6be351bda3b2f2e462f77a64795afcbc
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-gmp-5.2.…
dbc09bb98ca07a921f3aacaa5afb7297
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-hash-5.2…
3f0b82e8523a9369e7ee2aa958468bd8
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-iconv-5.…
f235c54fe5088defdfbac43ee127e298
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-imap-5.2…
5dbb14d2fa91ed5b1d7040b52d291558
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-json-5.2…
f0810a38da0b9c254a463d491a5f457a
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-ldap-5.2…
68f2851315595df3acf68cb0b10f8ee2
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-mbstring…
f187771baca1fbd4788d14eaaef1e686
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-mcrypt-5…
c62b21b660c2ec2bf54db1038c034719
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-mhash-5.…
1db895676f2af863f93775abc043249b
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-mysql-5.…
b815dcaaba9491490bf0c7a0910f259c
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-ncurses-…
a6edeb7cebbe9f202fb57959f3d4121f
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-odbc-5.2…
c0a43ce0a50ded49f736f76134b1c0a3
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-openssl-…
c9d4bb867d35c00bcb7bd13233f49589
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-pcntl-5.…
6727c16dbc99fb7d4c6a235f7494880e
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-pdo-5.2.…
a7e424334800ebdfd5d377b1d0abc7cb
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-pear-5.2…
7d17bce59cf21fe26dc5804cafdaafed
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-pgsql-5.…
29f2d3a2016be3926d507374188e8edb
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-posix-5.…
a66fc2fdd66c1775edcdc950d682bddf
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-pspell-5…
0a090e8680de6126a3687e6522c9a6e1
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-readline…
b44caef30743077c1953c6a0e6c40b1b
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-shmop-5.…
c5c6dfa8a805847911c92ce8e6db2c98
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-snmp-5.2…
1f0cedc373da64fa5a59cf3d64679b00
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-soap-5.2…
878c8a4ecb2ee701c18de4cf970b060c
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-sockets-…
cfb00852c727d8e93be12f8098fdd3c3
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-sqlite-5…
93b19a83b2d86916d937953b6451b2c6
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-suhosin-…
974cc8ab40fee2c065f21dce86fa516e
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-sysvmsg-…
23bda426425713b37fc34a7cf61e239d
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-sysvsem-…
4a06e1c8a8883380b1694a3dd5f2c3ce
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-sysvshm-…
70efd11f6810b370e76dbd0718274f67
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-tidy-5.2…
4317939556947ac2971ae24752db0f82
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-tokenize…
4719871928e83ec18a58edc8c0bf0a62
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-wddx-5.2…
f9ddf77cd7c869e0d691e987d73ee738
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-xmlreade…
bf30fd57dd8b7e7e954488da66e9eb55
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-xmlrpc-5…
f4a7d52a197dc98ba65d60753a1ccf20
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-xmlwrite…
87a9295e92d4980a23113e46b4a3407e
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-xsl-5.2.…
4ba41e612acc946e509bcf280d36c976
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-zip-5.2.…
f9a57feba0d26e38aedf1892ff6ff580
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/php5-zlib-5.2…
a294f4d1ec39d75ac916c15496c90e60
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/apache2-mod_php5-5.2.5-18.1…
528bad27ff88ac64dd40a363df167cf5
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-5.2.5-18.1.ppc.rpm
8ad06da644346d3b450b5fd31dbc1308
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-bcmath-5.2.5-18.1.ppc.…
18152b1d92268f14150ec305a0195409
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-bz2-5.2.5-18.1.ppc.rpm
782e5122436bf384587918557aea7be8
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-calendar-5.2.5-18.1.pp…
c5b7b32429ac0a12792b4e14ca64fbe5
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-ctype-5.2.5-18.1.ppc.r…
46e9e825c26d2a6bcba93afa72585b47
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-curl-5.2.5-18.1.ppc.rpm
4e0c92b0e497c59f92c95f13f97a36f0
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-dba-5.2.5-18.1.ppc.rpm
406324cc5f34b92abc8695ebe5a25f04
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-dbase-5.2.5-18.1.ppc.r…
1d239fd4358b4b23aaa37eeff5ce0e45
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-devel-5.2.5-18.1.ppc.r…
4d669b0618f56b51be6de5f3e016694c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-dom-5.2.5-18.1.ppc.rpm
745379ff055b5c53d558522c7ccf2045
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-exif-5.2.5-18.1.ppc.rpm
8bffb529ed9a71921c0ed9c1fbe244e3
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-fastcgi-5.2.5-18.1.ppc…
cefe8c917e56c65e6c34ca853fb2a0b0
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-ftp-5.2.5-18.1.ppc.rpm
8f31fe18f08bdb73b80b22e4683ef84b
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-gd-5.2.5-18.1.ppc.rpm
bdaf882babe465d8dcb63f95be86a832
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-gettext-5.2.5-18.1.ppc…
a6606830a8596a66035ebde46aaba7f6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-gmp-5.2.5-18.1.ppc.rpm
94e5c99a4a073a862d782b31a65a44d7
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-hash-5.2.5-18.1.ppc.rpm
04ce916ee579bad6b82a75319cc923f7
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-iconv-5.2.5-18.1.ppc.r…
0d2960ecba73ff5e67a7d0f8b9ddcba5
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-imap-5.2.5-18.1.ppc.rpm
07754a8088d80e7a567c33ab666001f6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-json-5.2.5-18.1.ppc.rpm
56fc622e5b7a1381b8ebc274beaa05ef
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-ldap-5.2.5-18.1.ppc.rpm
623877f88d15c630fbb7666568780f07
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-mbstring-5.2.5-18.1.pp…
2aa7099f1e972d07c61898d7c26312b0
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-mcrypt-5.2.5-18.1.ppc.…
4e7fe3244b46fb3b1d95535a32e2bd58
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-mhash-5.2.5-18.1.ppc.r…
cba1eeedb64060500d2a1801ca285bf8
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-mysql-5.2.5-18.1.ppc.r…
52c002937d3b389c76e2041e2a7c1b9c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-ncurses-5.2.5-18.1.ppc…
712263246c4316b95ca0f0bd9bfaba8a
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-odbc-5.2.5-18.1.ppc.rpm
5560c745035bb1437296868ad7548521
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-openssl-5.2.5-18.1.ppc…
b4423ae1f929810fb541cce36b812f80
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-pcntl-5.2.5-18.1.ppc.r…
b596edf403d6904d9890e82733f8102b
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-pdo-5.2.5-18.1.ppc.rpm
b0135f4ddae316928fb07b4b0a397e13
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-pear-5.2.5-18.1.ppc.rpm
ae5c3e3e790ecf5e8495c6d66c21985c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-pgsql-5.2.5-18.1.ppc.r…
01bce05eb858cee63b60e2225f93a74d
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-posix-5.2.5-18.1.ppc.r…
a2365c31f2dc9002235b55147b30259d
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-pspell-5.2.5-18.1.ppc.…
1c9cb2aca2ab19bb7e60082ffc67e8b3
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-shmop-5.2.5-18.1.ppc.r…
fa85e7946598aa98bd5c265518014fdb
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-snmp-5.2.5-18.1.ppc.rpm
271513596459f9a48f36a390eeeb1a6b
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-soap-5.2.5-18.1.ppc.rpm
9e1fc3ffc557897dfb3baf2f8bfd1096
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-sockets-5.2.5-18.1.ppc…
b63b13cdaff4fedcbaa14eca9f35747b
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-sqlite-5.2.5-18.1.ppc.…
b476e1ec8eb2c89bd27d0913a497e609
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-suhosin-5.2.5-18.1.ppc…
a952fa064daabac05e6ff8ff9fbec830
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-sysvmsg-5.2.5-18.1.ppc…
94f66007baeb88f7689107c6fb60f9dc
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-sysvsem-5.2.5-18.1.ppc…
3bd0608a0e3a4b49551e4b96ed4f8447
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-sysvshm-5.2.5-18.1.ppc…
cc2c313036e4c77711c7470f0a2abe69
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-tidy-5.2.5-18.1.ppc.rpm
d99befe5d549b341b8e35c4ab346dbb6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-tokenizer-5.2.5-18.1.p…
b39c3d3e9e0f5f39935a87a8c6f04fe8
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-wddx-5.2.5-18.1.ppc.rpm
ca05e7aa4a618cc206f400ab8dfd5b77
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-xmlreader-5.2.5-18.1.p…
95eb5e188784929171e37e2dfc49808e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-xmlrpc-5.2.5-18.1.ppc.…
417d130e57eda9a77c6cd662cb89e399
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-xmlwriter-5.2.5-18.1.p…
f7c56379f76bb05a48d35367ac771545
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-xsl-5.2.5-18.1.ppc.rpm
51c231c0fce78d26cbf44a93b5b16f54
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-zip-5.2.5-18.1.ppc.rpm
c5f6c1dcd8d7b027af954c9536f9a69e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/php5-zlib-5.2.5-18.1.ppc.rpm
9e94be02a4b837e266ae6fdbb33c3486
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-mod_php5-5.1.2-29.5…
fa3d1d07b92c723343f574b292e5bbbd
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-5.1.2-29.50.ppc.rpm
c5de7b7efefecc025e11d2666d858b09
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-bcmath-5.1.2-29.50.ppc…
4c3618c5d78d3a714cc1d4486f3572cd
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-bz2-5.1.2-29.50.ppc.rpm
e10e821c5437cc9a91835377448a2b03
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-calendar-5.1.2-29.50.p…
1552f69ded27a0a6d4db1d385c375454
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-ctype-5.1.2-29.50.ppc.…
7d44a2cfd403b2e748a2678d482c76d2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-curl-5.1.2-29.50.ppc.r…
8b5b7c4bf8574c2f722a4eb3a8102785
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-dba-5.1.2-29.50.ppc.rpm
5f3e2f8ed9848b948da13548d1c6b19d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-dbase-5.1.2-29.50.ppc.…
e7a9da88a1ce316aaa69fea2fd626e25
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-devel-5.1.2-29.50.ppc.…
d82ed12c2073daf1a293cfbdfccae064
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-dom-5.1.2-29.50.ppc.rpm
6815ae06d6203673cb2ce710d881de89
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-exif-5.1.2-29.50.ppc.r…
60b0f0277913611a7b4c3246bcb1984d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-fastcgi-5.1.2-29.50.pp…
b6a22f8cde88e2a54302580852ef31c1
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-filepro-5.1.2-29.50.pp…
e3149446b5cd9f2ef07df38a89b5ca72
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-ftp-5.1.2-29.50.ppc.rpm
8b8feb09d3ab196c08313e410525bebf
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-gd-5.1.2-29.50.ppc.rpm
65f53c7ebe6fc5994d3052e36227b8ac
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-gettext-5.1.2-29.50.pp…
a51dc42f1064e2ef13f5c08a66892fbc
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-gmp-5.1.2-29.50.ppc.rpm
facaa1bf120865be45c1e498cae4e515
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-iconv-5.1.2-29.50.ppc.…
dd04b99b5144bcbcf1598fa7f37b479f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-imap-5.1.2-29.50.ppc.r…
ccbda1ba67e49b3843849622b3a1616f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-ldap-5.1.2-29.50.ppc.r…
2f44ce06bad10e107fbbacd93858e059
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mbstring-5.1.2-29.50.p…
0d463f0b04171d0a25a4fc7b01302284
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mcrypt-5.1.2-29.50.ppc…
02017d1ad27295c878c41d75d34debc4
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mhash-5.1.2-29.50.ppc.…
102994708272b7c097fdfffa2523144d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mysql-5.1.2-29.50.ppc.…
72168a4730953dafee28ad4678b59477
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-mysqli-5.1.2-29.50.ppc…
400d1106a39ca71e1f6c0660891db75a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-ncurses-5.1.2-29.50.pp…
82d03ca362912cfdbc480afac20d0897
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-odbc-5.1.2-29.50.ppc.r…
e690c2556222bf99a6ab41eb137be6a1
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-openssl-5.1.2-29.50.pp…
24c13b3524a7866fd2c9a5857ef65bf6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-pcntl-5.1.2-29.50.ppc.…
6ff1ed06b04130bac5ce68499cda664d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-pdo-5.1.2-29.50.ppc.rpm
e277aadb41d3b813a078679b749d501c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-pdo_mysql-5.1.2-29.50.…
db90423cbff0d6a4e32891de6b43cc42
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-pdo_pgsql-5.1.2-29.50.…
e3717901ff720f7b76629ad3d7eb8af6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-pdo_sqlite-5.1.2-29.50…
e39ca61eb3102f8a919fe5496a27fa34
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-pear-5.1.2-29.50.ppc.r…
141262df9c1b24242e3423b68d34eca0
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-pgsql-5.1.2-29.50.ppc.…
bcc17cd873225a28411d2ff3983d4fac
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-posix-5.1.2-29.50.ppc.…
8d021b67af1529e29c6d758d545623b5
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-pspell-5.1.2-29.50.ppc…
ae02b66797a3aacebb5ba36725085460
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-shmop-5.1.2-29.50.ppc.…
984be97e82d58405223dbb30d8704687
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-snmp-5.1.2-29.50.ppc.r…
203e80e450d9276532d13cded2e20789
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-soap-5.1.2-29.50.ppc.r…
597bae2ddf4e936c7e738cb8d9fd0ca0
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-sockets-5.1.2-29.50.pp…
11560f5c311a8dfa5527ce9e1cbc68f7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-sqlite-5.1.2-29.50.ppc…
c1a2f40b74a0ecd3b9fc0cc66215746a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-sysvmsg-5.1.2-29.50.pp…
7677414530d2963ec2b49b539404f74c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-sysvsem-5.1.2-29.50.pp…
05b14ddfb5e00296f6c7333af3485115
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-sysvshm-5.1.2-29.50.pp…
5cefd19025030446450c9489cb925b74
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-tidy-5.1.2-29.50.ppc.r…
2784b4afd49f1a17c77b915da35fa1cf
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-tokenizer-5.1.2-29.50.…
759193f9628535c3eb06b5ae8c5ae7fa
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-wddx-5.1.2-29.50.ppc.r…
6a8e4b704952a8cc2a96a361a142508b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-xmlreader-5.1.2-29.50.…
da8b29202365affe14d8d0ab8e2a5141
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-xmlrpc-5.1.2-29.50.ppc…
9d37c33ff3081e9eb7e93a4c850630e8
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-xmlwriter-5.1.2-29.50.…
84e4558317a4a7c136c8b837ec13f913
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-xsl-5.1.2-29.50.ppc.rpm
6d4948182f6a764eb406535025c84952
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-zlib-5.1.2-29.50.ppc.r…
9a8ca9c2ee7182d4a9aeab16e7024df4
x86-64 Platform:
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-mod_php5-5.1.2-2…
0aa556510ff4d14d5ec09ed13cd1fb07
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-5.1.2-29.50.x86_64.…
6bcff3178fcabeac323aad922a051c46
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-bcmath-5.1.2-29.50.…
05fb4eae90bd59d7bb544261a7ca16a6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-bz2-5.1.2-29.50.x86…
4cc23ed9fab6f3c1c38804bedf101092
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-calendar-5.1.2-29.5…
dd95efcccbf7f8a5bb554a2df49a9e4b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-ctype-5.1.2-29.50.x…
878b972ff72f6a183f7e146f278c849d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-curl-5.1.2-29.50.x8…
b52484eb2c6595abf3412a0f73bd3ec3
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-dba-5.1.2-29.50.x86…
8de200e73e1d99a79390c23e4f46cba6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-dbase-5.1.2-29.50.x…
26d0b6689dd35131fe3bdf8d2e159782
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-devel-5.1.2-29.50.x…
a69f6462295c992be01effdaf4f47112
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-dom-5.1.2-29.50.x86…
39c22a417a1ccdb3dd1b64c7bd57e038
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-exif-5.1.2-29.50.x8…
305bc67d2587e4638770ed399a2a1b5f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-fastcgi-5.1.2-29.50…
b9003a0ffb310db44f0d0eb16ac3181b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-filepro-5.1.2-29.50…
416f7394d6b20d3bffe08dcd02dbdb05
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-ftp-5.1.2-29.50.x86…
64d903063569891b42f4ab543b09c121
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-gd-5.1.2-29.50.x86_…
f7fc2c18505b5c9c0955635b9be480eb
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-gettext-5.1.2-29.50…
bf14acc38959aa4664a694aefd993292
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-gmp-5.1.2-29.50.x86…
0347feb70ac5a9fca7e929d2053761d0
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-iconv-5.1.2-29.50.x…
f91a9070dd63427a1048a1a91c1c8da7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-imap-5.1.2-29.50.x8…
cfa18d32ccfea973e870f9286ac3d250
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-ldap-5.1.2-29.50.x8…
2f16bfcec82cdb80aac6b4f583169395
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mbstring-5.1.2-29.5…
701ff86390fcdafe0b9574381a3026c8
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mcrypt-5.1.2-29.50.…
12d743b019e89f1abee42fc5b946ca90
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mhash-5.1.2-29.50.x…
20c6ea1004db833513d3d98fcd0aa0ef
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mysql-5.1.2-29.50.x…
5652a3f10c31d1c4b1c59755b0af05a9
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-mysqli-5.1.2-29.50.…
f1f34ccfe7327740b1ebb917b3ea1871
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-ncurses-5.1.2-29.50…
dd99ba54f36efc7ed1c00ceb3174110c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-odbc-5.1.2-29.50.x8…
69b185934e0d15f52aeab9ecccfd3ae7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-openssl-5.1.2-29.50…
f3b8a912e6074da7057b397b29f0751c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-pcntl-5.1.2-29.50.x…
84a6b25e6d57f301e16fbbdfcf290db6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-pdo-5.1.2-29.50.x86…
c6e0e7950f7c133fc149ca06e3fadb8b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-pdo_mysql-5.1.2-29.…
15c42142fe33807baacca39c288f8df5
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-pdo_pgsql-5.1.2-29.…
98557e23d4e167729122b8ede12d7b39
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-pdo_sqlite-5.1.2-29…
ace7c6109c9d879750152c01d1a45de3
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-pear-5.1.2-29.50.x8…
89a57ee91eb74457b6468ee8050e4da3
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-pgsql-5.1.2-29.50.x…
090ad138f25cfb29ad0ff0c90c45a866
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-posix-5.1.2-29.50.x…
f963d52f68b9e12ad86e297dc66db1fa
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-pspell-5.1.2-29.50.…
00cc5ab36c0b64f629bbf6b34ee73275
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-shmop-5.1.2-29.50.x…
62f87d848e7927dee5dff4fae7735e0c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-snmp-5.1.2-29.50.x8…
dd83fe98fd7eb8b9b7410f5f1197949c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-soap-5.1.2-29.50.x8…
ed4e5ce30bf91054730897e3c6b3e37c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-sockets-5.1.2-29.50…
951c4775215748f8dbe4844a2f3f5dc0
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-sqlite-5.1.2-29.50.…
9787e722cbebc9e3e0e84654551d264a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-sysvmsg-5.1.2-29.50…
d97f86d4399890fec5989992443e9280
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-sysvsem-5.1.2-29.50…
6113b8356e10e3d9a7f239c61d66f380
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-sysvshm-5.1.2-29.50…
839607b81b20b6d98691497e7188415e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-tidy-5.1.2-29.50.x8…
80cacc01769ce5e945f2b7cff1b58a49
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-tokenizer-5.1.2-29.…
4db8a781451fd5d946dd8576b64c7fb3
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-wddx-5.1.2-29.50.x8…
17f8a1def9964171e1bc1a0cccacb914
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-xmlreader-5.1.2-29.…
251918fc1dcbcc90e50f472e0cb950c5
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-xmlrpc-5.1.2-29.50.…
e54244754f4b44385c82af3884e0531e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-xmlwriter-5.1.2-29.…
99971cedd40afadf926d46dfe84fa345
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-xsl-5.1.2-29.50.x86…
61a40f6a3a1f435420553f7d4542ccfc
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-zlib-5.1.2-29.50.x8…
26830baf140ce24e1d7cd90edeca7a8a
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/apache2-mo…
6409ec9cd8eb427c742d9c3510822ed4
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-5.2.5…
2e4254f4cbb1852f9d7a8e18ba9c45c4
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-bcmat…
84a3bbb8c1a65444d42249c7aa460434
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-bz2-5…
543c89193b6a0c7897c9d04003a3f90b
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-calen…
36c1dbbee90fe67aaf5998cda0b7a3ec
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-ctype…
807cf5a1167db08fd4c91352eae2ea5d
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-curl-…
4623bd808faafb9e896f9ab5b62779ed
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-dba-5…
a9188cea184d8a3e8dddc6a49f26f253
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-dbase…
1d0a4773b68848add4da87e010c0c65c
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-devel…
dcea36b275b4fd2c216dae09c5ef0197
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-dom-5…
41d335b6ea1055697de98af1311886c8
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-exif-…
49ab54a92edae531732aaca552f5d0fa
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-fastc…
4bd5b5716197f950c60b7e63f61c665d
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-ftp-5…
6ee3ef7964512c2a999e220cbf09e86a
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-gd-5.…
4878c1cc83ab5955a432792106dabb8f
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-gette…
7954a856647dc49104ab36bfe57489ea
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-gmp-5…
c29fd56eaffdb05b708a99d1d08de347
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-hash-…
57b48774275487b0e61890e4dcf16983
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-iconv…
4bf1416af941a6bd96892bfe055df04b
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-imap-…
369daf43bda83cf3b8acc3a8deee7c27
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-json-…
5ea8980819dc0f797ac99f4589e47572
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-ldap-…
608a0a7f0f8d043bae5a3d6a756595c6
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-mbstr…
40d706adc4e43682f4c05805837fe156
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-mcryp…
5ac404fa936d0352eecbc3d8f1186035
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-mhash…
28ddced6296c2241d35ff1aeb9fce833
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-mysql…
96fd7d74e338d2da96b75e898211ce73
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-ncurs…
6c7578a84aa4c46cadfa88416b942a9e
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-odbc-…
4b920df6fe1641bbd0a824e947a20c97
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-opens…
e804d6b93119a3d323b78f791422e038
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-pcntl…
8c97cbb42ff78b0fb73416d4f90090d0
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-pdo-5…
96c0a92df17f812663a759fc544918dd
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-pear-…
774fd4f3f0e25cbfd05ffd1d9f2400b4
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-pgsql…
0da1eaea1c967fbd96ea174b349ae3b6
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-posix…
d27dedb32da7f7394858452320467d97
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-pspel…
7da5cc623ff16e9fb9d56b8339616763
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-readl…
f875a1122123dc19143dd06440cf5432
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-shmop…
18dd51d026bc40e9f0740f4b53980418
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-snmp-…
bb826a7b8fa407dbae4c0152932b3f0b
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-soap-…
256390362ed980d18c6e01c9c8960d85
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-socke…
b3e00f712d617b7db75ce24337ece16f
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-sqlit…
1d765b6a11f6baf5077c3fba464a662a
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-suhos…
7ac9f27a6a82ea7dd6aa5df52168c7e1
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-sysvm…
4cf3537a3ee5c0716b680da1d316e7ca
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-sysvs…
90d575f5e9c20c22baf78b51b2d726a9
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-sysvs…
46d836256873193ffb00350000c2338a
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-tidy-…
1b3ace1cd8a04d53eaadbfb1bd541aee
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-token…
498f4b25de94ec23c816547400889ab2
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-wddx-…
a67391017a90036b4368f85330bf0c9b
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-xmlre…
3e4cf38a6cda0c48d2027a19b80d6901
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-xmlrp…
7217dd6b5d2772c760339d645b452106
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-xmlwr…
35d487f2df9ac722f9e65e04a44d02b2
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-xsl-5…
3ac4db6116629a8f981f0cc1c6da655d
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-zip-5…
fa2ac72d132cc4d36c446d1f3a454013
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/php5-zlib-…
5f3e21660b1f5562cc76e3e94c3b25f1
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/apache2-mod_php5-5.2.5-1…
59d2abc84b87f69bd79828b9557fa4a8
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-5.2.5-18.1.x86_64.r…
ee0a099fa4a7d6e6c7b43d0ddb35460f
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-bcmath-5.2.5-18.1.x…
5c7d769069ff8d66be16404df76071d2
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-bz2-5.2.5-18.1.x86_…
ef2ea99ef9af5e6134559510696bbc49
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-calendar-5.2.5-18.1…
eb474fbe826f4770ae368ffefb0a4a86
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-ctype-5.2.5-18.1.x8…
07ff560b4bcda6a41ad0cedbb4ef6912
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-curl-5.2.5-18.1.x86…
26b2ad8fae64090097e91c0d8597bb7c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-dba-5.2.5-18.1.x86_…
ad73f199455de54d8dfeb77bf00f7455
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-dbase-5.2.5-18.1.x8…
9898654b740b48641fe5a371726bf699
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-devel-5.2.5-18.1.x8…
10e2d63469c19677b9ea19d23cc40bd8
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-dom-5.2.5-18.1.x86_…
fefc729242ef16d682cbf7bde93b75f7
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-exif-5.2.5-18.1.x86…
9bd8633e5d7c1d2412dae321aa15f4cc
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-fastcgi-5.2.5-18.1.…
d6c776868fabb2ac3a6f5b8a6b3b9460
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-ftp-5.2.5-18.1.x86_…
1ed344e0dcf0ab067b3ba4c2b85752f7
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-gd-5.2.5-18.1.x86_6…
cebbe62274f1a6af8628a3ec8b02f8ac
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-gettext-5.2.5-18.1.…
dc53efda401b163d51683fab265440bf
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-gmp-5.2.5-18.1.x86_…
37f3069507b1e32de556cb59349aff67
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-hash-5.2.5-18.1.x86…
0a3b7154220a965bec69852f62a96bf6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-iconv-5.2.5-18.1.x8…
07a8f64bb658eefee984a6696fbc7a38
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-imap-5.2.5-18.1.x86…
5a16743808108c33ef822163bf585f8e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-json-5.2.5-18.1.x86…
7011c0b475e6b4ba187e235dcdd1d1cf
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-ldap-5.2.5-18.1.x86…
ccf01e567d6057014abede9446d73604
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-mbstring-5.2.5-18.1…
3075083c989268cfcf6b4e9164961182
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-mcrypt-5.2.5-18.1.x…
c9bff5afe7b4fb0dc210907088c45613
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-mhash-5.2.5-18.1.x8…
5d323af16bc13b401e4633f32939449d
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-mysql-5.2.5-18.1.x8…
0b65def5af98cae272167165d761525e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-ncurses-5.2.5-18.1.…
bb35103367146d7f1114fefec67f37ff
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-odbc-5.2.5-18.1.x86…
07c9fba828cf3095de7903928e7a0bdc
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-openssl-5.2.5-18.1.…
43428b12a60e7d21dccbb8126551d253
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-pcntl-5.2.5-18.1.x8…
46f73ff5dc2b61b4ef69b5a7d3c482ef
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-pdo-5.2.5-18.1.x86_…
4a103df347a76f53b3cbc38926678194
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-pear-5.2.5-18.1.x86…
022f98a482292cd332ec834abf1e751d
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-pgsql-5.2.5-18.1.x8…
9bec64d626e95138e1f72d39e0943748
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-posix-5.2.5-18.1.x8…
84ad709aafe7998c3b6f1d9a5af66584
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-pspell-5.2.5-18.1.x…
908e0070fccbc2c68f24e1b190a8f4db
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-shmop-5.2.5-18.1.x8…
6c139952343b763f5418ce17625f2dce
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-snmp-5.2.5-18.1.x86…
8629849f27ea3b82eb4bb38f39e6e008
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-soap-5.2.5-18.1.x86…
936c2589f472f0af74a684d0619c016d
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-sockets-5.2.5-18.1.…
20b413eb9af7e0587b17c1b73e70fb15
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-sqlite-5.2.5-18.1.x…
acfe5b62e5f43c4b511a3ad188a9b1f8
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-suhosin-5.2.5-18.1.…
8645dcc762a7b1acf67b43716c0c7b1d
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-sysvmsg-5.2.5-18.1.…
7f385c1779d12551adb340589a3b7a5d
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-sysvsem-5.2.5-18.1.…
9efd5db90f502e645bf5e57727a21b77
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-sysvshm-5.2.5-18.1.…
1244567bab0377381e5f4d0bbc79e80a
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-tidy-5.2.5-18.1.x86…
0beb4c19c904b1d732720ccd80630265
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-tokenizer-5.2.5-18.…
31359522517d5e8f47f0baf0d22b9025
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-wddx-5.2.5-18.1.x86…
3f8bf7b71ac08d736674f5008027adb0
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-xmlreader-5.2.5-18.…
aa7f82f0bb99fa06c9a35a324eb5993a
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-xmlrpc-5.2.5-18.1.x…
a2dd3ece6ac1a706909a464862c8978c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-xmlwriter-5.2.5-18.…
4713c0867df381504cea22ebf2fc2099
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-xsl-5.2.5-18.1.x86_…
f4cf91d1303b36d084e2a92a52cf5633
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-zip-5.2.5-18.1.x86_…
83c0df87a988f3aee1a1c77637b816ee
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/php5-zlib-5.2.5-18.1.x86…
b90f97120268ee6f0bc71a0aa0f52001
Sources:
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/php5-5.1.2-29.50.src.rpm
38617a8a45312e6d96d5a74f85e3c161
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/php5-5.2.5-8.…
9036d1a54b82c52e563e5f90e1046e1a
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/php5-5.2.5-18.1.src.rpm
b052d386dea3ba049a55c315045b87db
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
Open Enterprise Server
http://support.novell.com/techcenter/psdb/f1255e10262bd8b24adcb137ab61417e.…
Novell Linux POS 9
http://support.novell.com/techcenter/psdb/f1255e10262bd8b24adcb137ab61417e.…
Novell Linux Desktop 9 SDK
http://support.novell.com/techcenter/psdb/f1255e10262bd8b24adcb137ab61417e.…
SUSE SLES 9
http://support.novell.com/techcenter/psdb/f1255e10262bd8b24adcb137ab61417e.…
SUSE Linux Enterprise Server 10 SP1
http://support.novell.com/techcenter/psdb/c7f522e63d98a69b1dcbd04846e66ae7.…
SLE SDK 10 SP1
http://support.novell.com/techcenter/psdb/c7f522e63d98a69b1dcbd04846e66ae7.…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
- See SUSE Security Summary Report
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iQEVAwUBR58gcXey5gA9JdPZAQL8Nwf+KNiGhsyanToQq3C+Q2E5yK1UCjSfGkS4
infj76vcVhdeqGzkl1bEtalHbjZujMzqU2raUuz7uvZdykB0CCBnnlANgC6xnV24
Rboxx/olJEcNvJTcv5rI+Xwo4UKKljPvCa3S14MlGIdZdbXNXBkEazFVKk5bSSui
SGdyJepcQfHa3KC+RScSKOQBAskKkNKXQTnNvX52Bgij+zF9BuK3KZyyBnZchIxo
DKMNCECSMy4M/Umwy6Xn+lHwfgx4LYlwz5H2+WWrmaPCuHnXR9Ibeg9EMuvv/2ho
5ovE9mtpYrr0NVp5W6pOEKaQLjI5qePgYpcGwT9UzMVNrZTdgNZ4mw==
=Ez1F
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
25 Jan '08
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2008:002
Date: Fri, 25 Jan 2008 16:00:00 +0000
Cross-References: CVE-2006-7217, CVE-2007-5339, CVE-2007-5340
CVE-2007-5360, CVE-2007-5848, CVE-2007-5849
CVE-2007-5894, CVE-2007-5902, CVE-2007-5965
CVE-2007-5971, CVE-2007-5972, CVE-2007-6284
CVE-2007-6351, CVE-2007-6352, CVE-2007-6599
CVE-2008-0225, MFSA 2007-29
Content of this advisory:
1) Solved Security Vulnerabilities:
- tog-pegasus buffer overflow in authentication
- xine rtsp buffer overflows
- libxml2 denial of service in UTF8 handling
- libqt4 incorrect SSL certificate handling
- XFree86/X.Org updates reissued
- krb5 various small issues
- libexif overflows and denial of service
- openafs server denial of service
- Apache derby post-authentication denial of service
- MozillaThunderbird 1.5.0.14 release
- Xen denial of service problems
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
- kernel updates in preparation
- wireshark 0.99.7 security release
- various MySQL security issues
- various Apache security problems
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for minor
issues, SUSE Security releases weekly summary reports for the low profile
vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums
or download URLs like the SUSE Security Announcements that are released for
more severe vulnerabilities.
Fixed packages for the following incidents are already available on our FTP
server and via the YaST Online Update.
- tog-pegasus buffer overflow in authentication
A stack based buffer overflow in local PAM authentication
for tog-pegasus could be used by attackers to execute
code. (CVE-2007-5360)
This package only exists on and was updated for the SUSE Linux
Enterprise 10 SDK.
- xine rtsp buffer overflows
Specially crafted rtsp-Streams could cause a buffer overflow in
xine. Attackers could potentially exploit that to execute arbitrary
code (CVE-2008-0225).
Xine-lib has been updated on all affected distributions.
- libxml2 denial of service in UTF8 handling
libxml2 contained a DoS condition in xmlCurrentChar()'s UTF-8
processing. CVE-2007-6284 has been assigned to this problem.
Updates were released for all SUSE Linux based products.
- libqt4 incorrect SSL certificate handling
A bug in the QSslSocket class could under certain circumstances
lead to incorrect SSL certificates beeing accepted as valid
(CVE-2007-5965).
This problem only affected openSUSE 10.3.
- XFree86/X.Org updates reissued
We reissued the previously released X.org and XFree86 packages to
fix a regression in the MIT SHM handling, which caused some programs
(vlc, eclipse, other SWT programs) to abort.
- krb5 various small issues
This update fixes multiple vulnerabilities in krb5. It's unlikely
that those vulnerabilities can actually be exploited. (CVE-2007-5894,
CVE-2007-5902, CVE-2007-5971, CVE-2007-5972)
Updates have been released for SUSE Linux Enterprise 10, SUSE Linux
10.1 and openSUSE 10.2, and 10.3.
- libexif overflows and denial of service
Two bugs in libexif were identified by a Google Security Audit done
by Meder Kydyraliev.
CVE-2007-6351: Loading EXIF data could be used to cause a infinite
recursion and crash
CVE-2007-6352: Integer overflows in the thumbnail handler could be
used to overflow buffers and potentially execute
code or crash a program using libexif.
Updates have been released for libexif and libexif5 packages on
all distributions.
- openafs server denial of service
This update fixes a remote denial of service (crash) against the
openafs server. (CVE-2007-6599)
This problem affected only SUSE Linux 10.1.
- Apache derby post-authentication denial of service
Apache Derby did not determine schema privilege requirements during
the DropSchemaNode bind phase, which allows remote authenticated
users to execute arbitrary drop schema statements in SQL
authorization mode. (CVE-2006-7217)
This update also brings a new requirement of a Java 1.5 JRE.
Unfortunately this makes an update for Itanium impossible, so
Itanium packages are left out for now.
- MozillaThunderbird 1.5.0.14 release
Mozilla Thunderbird was brought to security update version 1.5.0.14
on SUSE Linux 10.1 and openSUSE 10.2.
Following security problems were fixed:
- MFSA 2007-29: Crashes with evidence of memory corruption As part
of the Firefox 2.0.0.8 update releases Mozilla developers fixed
many bugs to improve the stability of the product. Some of
these crashes showed evidence of memory corruption under certain
circumstances and we presume that with enough effort at least
some of these could be exploited to run arbitrary code.
- CVE-2007-5339 Browser crashes
- CVE-2007-5340 JavaScript engine crashes
- Xen denial of service problems
Various Xen issues have been fixed, two of them security related:
- CVE-2007-5906: Xen allowed virtual guest system users to cause
a denial of service (hypervisor crash) by using a debug register
(DR7) to set certain breakpoints.
- CVE-2007-5907: Xen 3.1.1 does not prevent modification of the
CR4 TSC from applications, which allows pv guests to cause a denial
of service (crash).
Updates had already been released for SUSE Linux 10.1, openSUSE
10.3 and SUSE Linux Enterprise Server 10. openSUSE 10.2 updates
were now released too.
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
- kernel updates in preparation
We are currently preparing kernel security updates for SUSE Linux
Enterprise 10, SUSE Linux 10.1 and openSUSE 10.2 and 10.3 to fix
various security issues and bugs. They will probably be released
mid of next week.
- wireshark 0.99.7 security release
Multiple bugs were fixed in wireshark 0.99.7, updated packages for
these problems are currently in QA.
- various MySQL security issues
We are currently testing a MySQL update to fix various security
issues discovered.
- Various Apache security problems
Various Apache security problems have been found in the last weeks
and we are currently preparing updates for them.
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and integrity of a
package needs to be verified to ensure that it has not been tampered with.
The internal RPM package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on RPMv4-based
distributions) and the gpg key ring of 'root' during installation. You can
also find it on the first installation CD and included at the end of this
announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iQEVAwUBR5npCHey5gA9JdPZAQJUZgf/c6GFXGcZ5wvvmYYD9v8izBnMMgQF37BG
SXELgAHugRjfrkgIHYyVZLnETD0ajqgx1lHP+hskBbHJ6Bcg/AbULojWkNCQlhQY
qhLBGpyVbWPu0bqrk0ERnLDLsFzt0QoRHODRAhV1uT80FviAGrCspvc17htoQGup
2I0FRR0cqGtu1Xqx3iBRGSkenLK+IyH23N0aVRjKp4ddToS8uHy9Rj5T4LZgC1+1
tgwtxzscpkKicHEkGCnY05VSD8FKVKJFVcosADfy+Slbp9qumwN1KMkoFbWQDNbG
fSHQUYt5g3d679gGZ3tmTIPJVJe4VZDQCIcvRJJFFV80GqMTES+mjQ==
=GWwC
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE Security Announcement: Xorg and XFree (SUSE-SA:2008:003)
by Thomas Biege 17 Jan '08
by Thomas Biege 17 Jan '08
17 Jan '08
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: Xorg and XFree
Announcement ID: SUSE-SA:2008:003
Date: Thu, 17 Jan 2008 15:00:00 +0000
Affected Products: SUSE LINUX 10.1
openSUSE 10.2
openSUSE 10.3
SuSE Linux Enterprise Server 8
SUSE SLES 9
Novell Linux Desktop 9
Open Enterprise Server
Novell Linux POS 9
SUSE Linux Enterprise Desktop 10 SP1
SLE SDK 10 SP1
SUSE Linux Enterprise Server 10 SP1
Vulnerability Type: remote code execution
Severity (1-10): 7
SUSE Default Package: yes
Cross-References: CVE-2007-5760
CVE-2007-5958
CVE-2007-6427
CVE-2007-6428
CVE-2007-6429
CVE-2008-0006
Content of This Advisory:
1) Security Vulnerability Resolved:
fix of several vulnerabilities
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The X windows system is vulnerable to several kind of vulner-
abilities that are caused due to insufficient input validation.
The bugs range from crashing the X server to executing arbitrary
code with the privilges of the X server process.
For a successful attack the opponent needs shell access to the
vulnerable system (local) or an already established connection
to the X server.
Thanks to US CERT and iDefense for reporting this vulnerabilities
and to the Xorg-Security folks for fixing it.
The Fixes are:
- CVE-2007-5760: XFree86 Misc extension out of bounds array index
- CVE-2007-5958: File existence disclosure
- CVE-2007-6427: Xinput extension memory corruption
- CVE-2007-6428: TOG-cup extension memory corruption
- CVE-2007-6429: MIT-SHM and EVI extensions integer overflows
- CVE-2008-0006: PCF Font parser buffer overflow
2) Solution or Work-Around
none
3) Special Instructions and Notes
Please restart your X server. (logout and login)
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/xorg-x11-dev…
4bbe5643ab5197a9cc685e4223190447
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/xorg-x11-lib…
4cce05a6c93d4bf6a862fb5a69bccb8b
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/xorg-x11-ser…
4a01021996233c6e2ff490fad5aec03e
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/xorg-x11-ser…
97836a761ae467f19d94d1b91ea9b995
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/xorg-x11-ser…
5ff972aaa94b837d8d62317c6bacc88d
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/xorg-x11-devel-7.2-25.i586…
a3246ccdce33d8110f342bdbb2585310
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/xorg-x11-libs-7.2-25.i586.…
d60e0060e406b75e3ac71210ab8ff0fa
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/xorg-x11-server-7.2-30.11.…
92d31c20ae082e9188aecd45a9a6d03e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/xorg-x11-server-sdk-7.2-30…
a4d4d9255140056e46cb38d0e2d3c6d6
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xorg-x11-Xnest-6.9.0-50.54…
c9938a12824aeb3fd74d49d26ce20b77
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xorg-x11-Xvfb-6.9.0-50.54.…
312edac7fcafa8c418f183d8a18c36eb
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xorg-x11-devel-6.9.0-50.54…
10bbd9107fdaf0dd5279044161d20a0b
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xorg-x11-libs-6.9.0-50.54.…
a91dabea7a3c491e2388b3b246be06c2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xorg-x11-server-6.9.0-50.5…
064c1a03036ad7679def77653acde9df
Power PC Platform:
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/xorg-x11-deve…
6fdb46c5be13610d18c1cb0b301d4d12
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/xorg-x11-libs…
617dade18d68a52f3b58d38b59031415
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/xorg-x11-serv…
f3cfb22666dd58a26af56354250e6636
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/xorg-x11-serv…
b9f0fec937301505361978b745f40ad7
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/xorg-x11-serv…
e0ca4a975175a9e13b99a33e79545ad2
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/xorg-x11-devel-7.2-25.ppc.r…
80e857e61d1f1a7b540127ffcfdca0ee
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/xorg-x11-libs-7.2-25.ppc.rpm
b4991e6eb90fcea9afc83ee1831b8986
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/xorg-x11-server-7.2-30.11.p…
879a225b74608634cda54139aaf6a0ae
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/xorg-x11-server-sdk-7.2-30.…
f1e0439b2acfe584d008491d1fa390a2
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/xorg-x11-Xnest-6.9.0-50.54.…
e5012a1fdff71ced7a53827f05d0727a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/xorg-x11-Xvfb-6.9.0-50.54.5…
33873e20b3f5918eb36908f3a1f5d07a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/xorg-x11-devel-6.9.0-50.54.…
2f1dcc7e26c4a9fbde3edd89bc994238
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/xorg-x11-libs-6.9.0-50.54.5…
14fcd28cd5078d76ae67a1db33ca45bc
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/xorg-x11-server-6.9.0-50.54…
8ca0ddaac627503f029f72d7671273b2
x86-64 Platform:
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/xorg-x11-d…
d5452701eb0d6f9ef91d1c2264e5c716
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/xorg-x11-d…
e19652d7217db93081f303a3131cf845
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/xorg-x11-l…
e814f811a5ad43cc3abcde619c2779d4
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/xorg-x11-l…
599758d0f90e6b4c0527206daa776866
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/xorg-x11-s…
0a9224a7eabef9caa9b37b54b8caf05c
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/xorg-x11-s…
9a533681e8d32525b1a92e678ca32d73
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/xorg-x11-s…
a4b50a22158bafd13104472abde095d0
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/xorg-x11-devel-32bit-7.2…
58024c63be1540f240bc6100697f5b9a
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/xorg-x11-devel-7.2-25.x8…
19a58ca74eb67a143de3fe352aee062f
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/xorg-x11-libs-32bit-7.2-…
c2e37d9cc52e979bf73e8a4f34884b1f
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/xorg-x11-libs-7.2-25.x86…
e8af19e6ad8b263e8040fa58d5099e35
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/xorg-x11-server-7.2-30.1…
14a34bc8259984d3fdd5748117260b0b
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/xorg-x11-server-sdk-7.2-…
58aa334590da306353375b1830a717ee
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xorg-x11-Xnest-6.9.0-50.…
52853afb62f85a7a99978b9467d68844
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xorg-x11-Xvfb-6.9.0-50.5…
d69e56bc7042e92e484580068585e7d5
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xorg-x11-devel-32bit-6.9…
ed7645afff6fee4b0c51ec89038c39da
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xorg-x11-devel-6.9.0-50.…
ba857d6ca557ea04e744f4257b22380e
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xorg-x11-libs-32bit-6.9.…
26d99f7fd46c3b2d2b622d3b87db7325
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xorg-x11-libs-6.9.0-50.5…
9d5215fad591bca1fd4d9348ded346f8
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xorg-x11-server-6.9.0-50…
4afae475777e64990502d839de5b1eb1
Sources:
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/xorg-x11-libs…
de839a08105c51acc7887426bde824b2
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/xorg-x11-serv…
6d1776ab401f80cc697a8c6e2857df26
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/xorg-x11-libs-7.2-25.src.rpm
d615319400643142258e964b02409cfe
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/xorg-x11-server-7.2-30.11.s…
8d0e28dd0d5b02b0d473284fccae86a9
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
SuSE Linux Enterprise Server 8
http://support.novell.com/techcenter/psdb/2e67073ec1e81f99bc3f1b5ee47766a2.…
SLE SDK 10 SP1
http://support.novell.com/techcenter/psdb/18a56e9d8d46b54d240bd74f97e7a881.…
SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit
http://support.novell.com/techcenter/psdb/677761c3a6779efbab4567360d1ec13c.…
SUSE Linux Enterprise Server 10 SP1
http://support.novell.com/techcenter/psdb/18a56e9d8d46b54d240bd74f97e7a881.…
http://support.novell.com/techcenter/psdb/677761c3a6779efbab4567360d1ec13c.…
http://support.novell.com/techcenter/psdb/e4b2229c714a9c6fb576185356d86fc8.…
SUSE Linux Enterprise Desktop 10 SP1
http://support.novell.com/techcenter/psdb/18a56e9d8d46b54d240bd74f97e7a881.…
http://support.novell.com/techcenter/psdb/e4b2229c714a9c6fb576185356d86fc8.…
Open Enterprise Server
http://support.novell.com/techcenter/psdb/686ed843d1dc7672badd026d1d0712c1.…
http://support.novell.com/techcenter/psdb/56240f6955337ddf455d2aa23797006a.…
Novell Linux POS 9
http://support.novell.com/techcenter/psdb/686ed843d1dc7672badd026d1d0712c1.…
http://support.novell.com/techcenter/psdb/56240f6955337ddf455d2aa23797006a.…
Novell Linux Desktop 9
http://support.novell.com/techcenter/psdb/686ed843d1dc7672badd026d1d0712c1.…
http://support.novell.com/techcenter/psdb/56240f6955337ddf455d2aa23797006a.…
SUSE SLES 9
http://support.novell.com/techcenter/psdb/ce66af7045437b3b5756995a1909aa37.…
http://support.novell.com/techcenter/psdb/686ed843d1dc7672badd026d1d0712c1.…
http://support.novell.com/techcenter/psdb/56240f6955337ddf455d2aa23797006a.…
SuSE Linux Enterprise Server 8 for x86
http://support.novell.com/techcenter/psdb/ae0d150efd69d29b38dbf2dce673c9b1.…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBR49iBney5gA9JdPZAQK5mwgAiA57T1fGJ8XNjlSkou6wel5Gaptsdz+Z
oGfAlMt6M7zZ149p6FBhveFM+RZH74iyKfoxM5HLuthNDjgkg7z1C2pj9wnaNmWo
OxXEMCWLgbnuT+EgYokkStCTtprEiyG7YEs1ERRZdOE2sDzwqRxiAnAIvUOBw5de
e4HkHW/CYQmwpvR4eQ6bNtEEN5MSpG5DD87RgCHgQU0LHufq14arsp6Ry9qn8Lht
6KTJtgVOiR8URV3Nl/Bj43b2peTMHElujpERuJf/EoujHO8641Qj38/aBgTdhZhH
Ze9an4kfzFx4AREwgA6jBDVqbsWR2G/Kj9nUKND6lWd1TQe2W9ccqQ==
=fKfh
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE Security Announcement: cups (SUSE-SA:2008:002)
by Marcus Meissner 10 Jan '08
by Marcus Meissner 10 Jan '08
10 Jan '08
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: cups
Announcement ID: SUSE-SA:2008:002
Date: Thu, 10 Jan 2008 17:00:00 +0000
Affected Products: SUSE LINUX 10.1
openSUSE 10.2
openSUSE 10.3
SUSE SLES 9
Novell Linux Desktop 9
Open Enterprise Server
Novell Linux POS 9
SUSE Linux Enterprise Desktop 10 SP1
SUSE Linux Enterprise Server 10 SP1
Vulnerability Type: remote code execution
Severity (1-10): 8
SUSE Default Package: yes
Cross-References: CVE-2007-5848, CVE-2007-5849
Content of This Advisory:
1) Security Vulnerability Resolved:
cups security problems
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
Various security issue have been fixed in the CUPS print server.
- CVE-2007-5848: A buffer overflow that can be exploited by users that are allowed to configure CUPS.
- CVE-2007-5849: Additionally a buffer overflow in the SNMP backend of CUPS was fixed that allowed
remote attackers to execute arbitrary code by sending specially crafted SNMP responses.
This requires a local administrator to trigger a SNMP request and the attacker then injecting
a response.
The second vulnerability affects openSUSE 10.2 and 10.3 only.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please close and restart all running instances of cups after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-1.2.12-…
e844b0c92d437c25e71c9be92c3d6ee4
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-client-…
7f3525adc1a7ab85f3650fd9adf69bc8
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-devel-1…
88ea6ba071bd51ee23b87c5d13a551b6
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-libs-1.…
5a41077855e2e502d6c1cfb5e369ef8b
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-1.2.7-12.9.i586.rpm
c4163c0ad47db8221f9b1ea41bdbf259
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-client-1.2.7-12.9.i58…
b55019f39c36ea6ef3352635b7093705
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-devel-1.2.7-12.9.i586…
f83d6477eb8f1c2ed76ba1f4b896ced3
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-libs-1.2.7-12.9.i586.…
295394a3fdc59c155d1683a3084df888
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-1.1.23-40.35.i586.rpm
a5efab6d27bc1262873d4b467e288bbd
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-client-1.1.23-40.35.i…
69b85c943b27dccf4fd3c69072ee01de
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-devel-1.1.23-40.35.i5…
8ab20affa8deb5a6d75481e244935761
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-libs-1.1.23-40.35.i58…
79005dc03c94da463a65b6313a06515e
Power PC Platform:
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-1.2.12-2…
63f5378c91584358555df660d128cc0f
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-client-1…
835d0e286f18d2fa5bba7fa6a0ecef60
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-devel-1.…
47bf9d7837037bc8ea2394a3c63cdf2e
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-libs-1.2…
7421ec50af012b698f9f3e55b8dc15db
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-1.2.7-12.9.ppc.rpm
ccabb5d2c72bc5fa707289b1d2529884
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-client-1.2.7-12.9.ppc.…
06e88fbb162d9505027071cfb49c2981
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-devel-1.2.7-12.9.ppc.r…
fdd75eb988613f025a6882e509e6f8db
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-libs-1.2.7-12.9.ppc.rpm
cf062d8d41eddd7eef98fb9518db4f26
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-1.1.23-40.35.ppc.rpm
2abd05fc5936cb3b3c54af60dc9f4cce
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-client-1.1.23-40.35.pp…
e503e321ae5683fe8ea66084616fe0f1
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-devel-1.1.23-40.35.ppc…
5c5c12e135f4f3a3dd752a24f165c80c
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-libs-1.1.23-40.35.ppc.…
17b18d3827777331560d97ff934f7a2b
x86-64 Platform:
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-1.2.1…
f04e3ddc357e5c81e6db4170d2d773e7
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-clien…
8b91333502a71746b16a77369d062b33
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-devel…
6599150352f49d5494125502a86d8930
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-libs-…
c1635a3dab2ddda61b1ea7ed835334f8
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-libs-…
e84064f49db1ec54dbf9247148d91ee7
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-1.2.7-12.9.x86_64.r…
a71b6141bac10ef6b32fd156e107afa6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-client-1.2.7-12.9.x…
971d1b6ed9965673b232c18c8c6897f0
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-devel-1.2.7-12.9.x8…
dcca8172ada73a69773b2be6e6b5a46e
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-libs-1.2.7-12.9.x86…
e418b6e5ab33453fabb81a0a64d72587
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-libs-32bit-1.2.7-12…
4c9bb5f870772967b8dcb6d47e4118c5
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-1.1.23-40.35.x86_64…
56c999311218649e26f5e5b745f206de
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-client-1.1.23-40.35…
f7f80373487516f8258f5d32497deade
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-devel-1.1.23-40.35.…
7b734519a2317ad3b706e2661c67fc3f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-libs-1.1.23-40.35.x…
facfda468d147b872cd003cf38dd385d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-libs-32bit-1.1.23-4…
48fdaa964afc64d86ebb59670a2100fb
Sources:
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/cups-1.2.12-2…
ed83be3003be5537bdbf50274c6fea06
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/cups-1.2.7-12.9.src.rpm
9c0ba6d4e3c15b81642d65d5e5582ef2
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/cups-1.1.23-40.35.src.rpm
ca0082ed490367ee4dba961dd1d5081f
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
Open Enterprise Server
http://support.novell.com/techcenter/psdb/eb37a23ce60ab91ec04f08ea1e3aa56a.…
Novell Linux POS 9
http://support.novell.com/techcenter/psdb/eb37a23ce60ab91ec04f08ea1e3aa56a.…
Novell Linux Desktop 9
http://support.novell.com/techcenter/psdb/eb37a23ce60ab91ec04f08ea1e3aa56a.…
SUSE Linux Enterprise Server 10 SP1
http://support.novell.com/techcenter/psdb/eb37a23ce60ab91ec04f08ea1e3aa56a.…
SUSE Linux Enterprise Desktop 10 SP1
http://support.novell.com/techcenter/psdb/eb37a23ce60ab91ec04f08ea1e3aa56a.…
SUSE SLES 9
http://support.novell.com/techcenter/psdb/eb37a23ce60ab91ec04f08ea1e3aa56a.…
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iQEVAwUBR4Y+k3ey5gA9JdPZAQLI2Af+Ppd0GPwzMai4YnKcPGNp6PUQxB6cmvo1
T4VwwU4PpGAHh3FAwb7/Ygjh9Nn9pJxBglaTEFyUEPwUD9H3Nyol2RT9RStX3Sna
4i1zXQRjIHCT6H6TmVUXmGxFJ9Schd04ZCoJYKugqEF3qy6+/aVWbobAi0UBv/yh
DRUnHjuezB2WltA4Pnn6/TWbccBYYuo44G2SpEv9VvHmgxQtEVG8o6Daym4QbBY7
HNzz5ruDIiK6NRz+X9VuIDMYDaJ3+Je0JkJOto/T+yiZDA/Jpmk3puELNf7nAQ7/
2gq591afAD/V9ts3ZwYAsoX/m9WjooN34RcJT9iywh5gS54fzf7IFQ==
=HeDU
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
09 Jan '08
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2008:001
Date: Wed, 09 Jan 2008 18:00:00 +0000
Cross-References: CVE-2007-4974, CVE-2007-5906, CVE-2007-5907
CVE-2007-5935, CVE-2007-5936, CVE-2007-5937
CVE-2007-6199, CVE-2007-6200, CVE-2007-6239
CVE-2007-6335, CVE-2007-6336, CVE-2007-6337
CVE-2007-6351, CVE-2007-6352, CVE-2007-6353
Content of this advisory:
1) Solved Security Vulnerabilities:
- libexiv2 integer overflow problem
- dvips buffer overflows / insecure tempfiles
- libsndfile possible buffer overflow
- squid denial of service problem
- rsync directory traversal problems
- clamav 0.92 security update
- Xen denial of service problems
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
- libexif vulnerabilities
- wireshark 0.99.7 security problems
- various MySQL security issues
- krb5 small security issues
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for minor
issues, SUSE Security releases weekly summary reports for the low profile
vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums
or download URLs like the SUSE Security Announcements that are released for
more severe vulnerabilities.
Fixed packages for the following incidents are already available on our FTP
server and via the YaST Online Update.
- libexiv2 integer overflow problem
Meder Kydyraliev of Google found out that specially crafted
files could trigger an integer overflow in the libexiv2 library,
potentially causing code execution (CVE-2007-6353).
This problem affected openSUSE 10.2 and 10.3, updated packages were
released on December 21st.
- dvips buffer overflows / insecure tempfiles
Buffer overflows in dvips and dviljk could be triggered by specially
crafted dvi files (CVE-2007-5935, CVE-2007-5937).
dvips additionally created temporary files in an insecure manner
(CVE-2007-5936).
Update TeX packages have been released for all affected distributions
except openSUSE 10.3. openSUSE 10.3 texlive packages are still pending
due to unrelated problems.
- libsndfile possible buffer overflow
A possible buffer overflow that occurs while reading decoded PCM
data from the FLAC library was fixed in libsndfile. (CVE-2007-4974)
Updates have been released for all affected distributions containing
libsndfile on January 3rd.
- squid denial of service problem
The web browser squid was updated to fix a denial-of-service bug
during cache update reply processing. (CVE-2007-6239)
Squid has been updated on all SUSE Linux based products on
December 30.
- rsync directory traversal problems
A bug in rsync was fixed that allowed remote attackers to access
restricted files outside a module's hierarchy if no chroot setup
was used. (CVE-2007-6199)
Please also read http://rsync.samba.org/security.html entry
from November 28th, 2007 to get more information about a secure
configuration of rsync that also covers the bug tracked with
CVE-2007-6200.
This rsync update also fixes some crashes that only affect rsync-2.6.8
on SLES10.
The update was released on December 22nd.
- clamav 0.92 security update
The virus scan engine clamav was upgrade to 0.92 to fix numerous flaws including
some security problems (CVE-2007-6335, CVE-2007-6336, CVE-2007-6337).
Please note that the version number of the clamav library has
changed. Programs linked against libclamav therefore need to be
updated as well. We released klamav, claws and sylpheed-claws packages to
adjust this.
This update was released on December 20.
- Xen denial of service problems
Various Xen issues have been fixed, two of them security related:
- CVE-2007-5906: Xen allowed virtual guest system users to cause
a denial of service (hypervisor crash) by using a debug register
(DR7) to set certain breakpoints.
- CVE-2007-5907: Xen 3.1.1 does not prevent modification of the CR4
TSC from applications, which allows pv guests to cause a denial
of service (crash).
Updates have been released for SUSE Linux 10.1, openSUSE 10.3 and SUSE
Linux Enterprise Server 10. openSUSE 10.2 updates are still pending.
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
- libexif vulnerabilities
A Google security audit also found problems in libexif. We are preparing
updates for these issues. (CVE-2007-6351/CVE-2007-6352)
- wireshark 0.99.7 security problems
Multiple bugs were fixed in wireshark 0.99.7, updated packages for these
problems are currently in QA.
- various MySQL security issues
We are currently testing a MySQL update to fix various security issues
discovered.
- krb5 small security issues
We are currently testing fixes for the reported krb5 security issues.
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and integrity of a
package needs to be verified to ensure that it has not been tampered with.
The internal RPM package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on RPMv4-based
distributions) and the gpg key ring of 'root' during installation. You can
also find it on the first installation CD and included at the end of this
announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iQEVAwUBR4T1n3ey5gA9JdPZAQKr6gf/Re/Er3pxI8nEdpax6vGEeUghZ5AxRNAH
M56yA62hUofmCYIHvpYJOP9QSiH+aF8IL7+aAgz+qOymJtRrjqcNLINlrno22Vkr
rxgftw6wyONe9aShQJTvugMb+mnuvf++MaPhEpKbqtXz5FUf/ITagyFX7SqVRczG
vgGBy+uClhq+C3cPQsMZaMTxNrVwaAAgog7X/i+Sg7KZNDU7I48H8EWdFkTShgK5
7N3oABkHvXOmlVT5X/qXBjUgEFoAnEyrIKjwsnTFF2vC8/yK8Pn49g6cdzuvrHCn
IS4jzmKC3/IpyndrdmXeo3AgxCxKwZoBJKem98+L/Gar/hy+vAisjg==
=IY6h
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] SUSE Security Announcement: Opera 9.25 (SUSE-SA:2008:001)
by Marcus Meissner 07 Jan '08
by Marcus Meissner 07 Jan '08
07 Jan '08
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: opera
Announcement ID: SUSE-SA:2008:001
Date: Mon, 07 Jan 2008 18:00:00 +0000
Affected Products: SUSE LINUX 10.1
openSUSE 10.2
openSUSE 10.3
Vulnerability Type: remote code execution
Severity (1-10): 4
SUSE Default Package: no
Cross-References: CVE-2007-6520, CVE-2007-6521, CVE-2007-6522
CVE-2007-6523, CVE-2007-6524
Content of This Advisory:
1) Security Vulnerability Resolved:
Opera 9.25 security release
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
Opera released version 9.25 of their browser to fix various security
problems:
CVE-2007-6520: Fixed an issue where plug-ins could be used to allow
cross domain scripting, as reported by David Bloom. Details will be
disclosed at a later date.
CVE-2007-6521: Fixed an issue with TLS certificates that could
be used to execute arbitrary code, as reported by Alexander Klink
(Cynops GmbH). Details will be disclosed at a later date.
CVE-2007-6522: Rich text editing can no longer be used to allow cross
domain scripting, as reported by David Bloom. See our advisory.
CVE-2007-6523: Fixed a problem where malformed BMP files could cause
Opera to temporarily freeze.
CVE-2007-6524: Prevented bitmaps from revealing random data from
memory, as reported by Gynvael Coldwind. Details will be disclosed
at a later date.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Please close and restart all running instances of Opera after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/opera-9.25-1…
1cc7dfa3230320e6f90d235fec6e885f
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/opera-9.25-1.1.i586.rpm
8d66debcef68034bfc60344283009a2c
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/opera-9.25-1.1.i586.rpm
2c437285b8cc80decb649ec818f5a616
Power PC Platform:
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/opera-9.25-1.…
715ee156b5f5b3983ddc576e8f9b74d7
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/opera-9.25-1.1.ppc.rpm
d2496ef4adbffc6688ff720d6674d6a0
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/opera-9.25-1.1.ppc.rpm
82aa04dc7743d43239b34dc115729942
x86-64 Platform:
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/opera-9.25…
799df7724aece868efdfe2474e137eef
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/opera-9.25-1.1.x86_64.rpm
76c67616c8d2c70f77b43935832c44d4
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/opera-9.25-1.1.x86_64.rpm
75de97d12c071a60f498f84536d8be29
Sources:
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/opera-9.25-1.…
157c00c3e60dd9610521b9b050cfaaac
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/opera-9.25-1.1.nosrc.rpm
a628b5553b4306136f10e90217beb2c8
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/opera-9.25-1.1.nosrc.rpm
c5b73df479db77b4cb6819a0936f87e4
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security(a)suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:
1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement
1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build(a)suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command
md5sum <filename.rpm>
after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security(a)suse.de) the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security(a)opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe(a)opensuse.org>.
opensuse-security-announce(a)opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe(a)opensuse.org>.
=====================================================================
SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iQEVAwUBR4JUz3ey5gA9JdPZAQLRfgf+OkfWVhFhTdc8kJLBIZUoegsMqiqVXB7m
cvJNoh6HUPTJ60MzDms1zZHh3SGuDnBMNQWJ/3wxChXiKqLMJn17DgDgalJhSJz5
Xtc3EcXZk4tptwKX7dBA9pDaddPkpHYZIkkM/OEUXNNGomy0VKfaDTlRq7r9Xhnd
/O4GQHZlSgISy18ELQcW7ai+DlPY5RJxF+Saf8NiGUBvTtTeaz6tLXBi7PyR61V6
UJxMzT6KYFxr3HMJPpaXvoF12xi3Nf3GYpiHoQrg2ahJeJdiiG3OMQEO4cynpb5p
AFUgoE8k64UyLapYWq4s9lbAyY3aHYc0CIRLqX6ucORZ1wWQyNc50g==
=3uef
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
07 Jan '08
Hi,
With the release of an nmap bugfix on December 20 we have released the
last update for SUSE Linux 10.0.
It is now officially discontinued and out of support.
SUSE Linux 10.0 was released begin of October 2005.
Some statistics on the released patches:
Total: 666 (311 active) (+12)
Security: 529 (223 active) (+31)
Recommended: 124 ( 79 active) (+16)
Optional: 13 ( 9 active) (-35)
Top issues (compared to 9.3 for some issues):
17 clamav (0)
12 opera (0)
12 MozillaFirefox (-1)
12 apache2-mod_php4 (-3)
12 php5 (0)
9 kernel (-1)
8 xorg-x11-server (+2)
8 squirrelmail (-1)
8 phpMyAdmin (0)
8 MozillaThunderbird (+1)
8 ImageMagick (+1)
8 ethereal (-1)
7 openssl (new)
7 OpenOffice_org (+1)
7 java-1_5_0-sun (+2)
7 cups (new)
6 xine-lib (-1)
6 samba (new)
6 qt3 (new)
6 openssh
6 mozilla
6 java-1_4_2-sun (+1)
6 horde
6 gpg
5 xpdf
5 timezone
5 ruby
5 release-notes
5 poppler
5 mediawiki
5 libextractor
5 krb5
5 kdegraphics3-pdf
5 gpg2
5 bind
5 beagle
5 apache2
... 4 or less occurences ...
Ciao, Marcus
1
0