- openSUSE Security Announce

[security-announce] SUSE Security Announcement: xpdf and more (SUSE-SA:2007:060)
by Thomas Biege 14 Nov '07

14 Nov '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: xpdf, kdegraphics3-pdf, koffice, libextractor, poppler, gpdf, cups, pdf, pdftohtml Announcement ID: SUSE-SA:2007:060 Date: Wed, 14 Nov 2007 16:00:00 +0000 Affected Products: SUSE LINUX 10.0 SUSE LINUX 10.1 openSUSE 10.2 openSUSE 10.3 UnitedLinux 1.0 SuSE Linux Enterprise Server 8 SuSE Linux Openexchange Server 4 SuSE Linux Desktop 1.0 SuSE Linux Standard Server 8 SuSE Linux School Server SUSE LINUX Retail Solution 8 SUSE SLES 9 SLES SDK 9 Novell Linux Desktop 9 Open Enterprise Server Novell Linux POS 9 SUSE Linux Enterprise Desktop 10 SP1 SLE SDK 10 SP1 SUSE Linux Enterprise Server 10 SP1 Vulnerability Type: remote code execution Severity (1-10): 8 SUSE Default Package: yes Cross-References: CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 Content of This Advisory: 1) Security Vulnerability Resolved: various security vulnerabilities Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Secunia Research reported three security bugs in xpdf. The first problem occurs while indexing an array in DCTStream:: readProgressiveDataUnit() and is tracked by CVE-2007-4352. Another method in the same class named reset() is vulnerable to an integer overflow which leads to an overflow on the heap, CVE-2007-5392. The last bug also causes an overflow on the heap but this time in method lookChar() of class CCITTFaxStream, CVE-2007-5393. All three bugs can be exploited remotely with a crafted PDF file with user- assistance only. These bugs do not only affect xpdf but also the following packages: kdegraphics3-pdf, koffice, libextractor, poppler, gpdf, cups, pdf, pdftohtml 2) Solution or Work-Around There is no work-around kown. 3) Special Instructions and Notes none 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-1.6.… 345b9fc437ddccee7bbc7a118b7ce34a http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-data… 50cb911ced9c672be30ded05b48f3942 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-data… 101cd80120c456a3f8f5b7a85c30b18f http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-data… e3419ea2ab82b7470264191f2495ae50 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-deve… d9a61346fd1e9829c0e5b43146d8ab31 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-extr… 57226a84bdac539541acc6ef68f8e389 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-illu… aa8db92e6d395490e585a05f1b5175e6 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-plan… 59568e18669a24bb621caf1e8914ba1c http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-pres… 7dad8ded2f0fc1a7af8056363fa29915 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-pyth… ee923a963e94d50589e2d3580f2d2021 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-ruby… e3c1cec13c238717b4d92d10de8e26bb http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-spre… 3ee30976dd32e57681f4f05985be492f http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/koffice-word… 3ced3acab9e78323b7963e480778ce40 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-1.2.7-12.7.i586.rpm 3139b546a5890ddd3b60450e75dbc51d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-client-1.2.7-12.7.i58… fcd1e373d7f2654a7d556a7811ba6570 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-devel-1.2.7-12.7.i586… d4d7da3c37248cd8184b9512a5055e8d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-libs-1.2.7-12.7.i586.… 2110078d83fa5c00b958bb40653afe1f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/gpdf-2.10.0-82.4.i586.rpm d1c6798825679d94e59688df358f2815 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-1.6.0-0.5.i586.rpm f32587afe52d45eef469ce50785492eb ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-database-1.6.0-0.5… 0d6740e3e482616347d25dfe8e2cd727 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-database-mysql-1.6… 4ecf867cae679b33c1829b5f42a1b8dd ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-database-psql-1.6.… 64e32dd5635929acb99f036d9fa8d458 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-devel-1.6.0-0.5.i5… 7a2d7b8597926351c970d2d9890bd70b ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-extra-1.6.0-0.5.i5… 7f7ff0e224a3157ecd1cc423fd98ee7a ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-illustration-1.6.0… a947d5b0ade3d46e9842d15a61d6afb7 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-planning-1.6.0-0.5… 65e341c9e3525d2b36b78a384ec488ce ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-presentation-1.6.0… caf05a8c0c5bba94bbdcaf8f86105d19 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-python-1.6.0-0.5.i… ccae69f1be81b548fd89665c3626ab25 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-ruby-1.6.0-0.5.i58… 795a1a93bb8a716f7ab93a1dca0f9f94 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-spreadsheet-1.6.0-… 4c65c50ce7fd907ce28492f8066540b8 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/koffice-wordprocessing-1.6… a57e21dc972fe61bc6924d0e227a3425 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/poppler-0.5.4-33.5.i586.rpm 27efb92fdaab89d4d3de4f6872009e31 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/poppler-devel-0.5.4-33.5.i… 6ffcfc677db7c4ca71762afd5907b046 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/poppler-glib-0.5.4-33.5.i5… 1776d3fadabd20ad55eb82ed1f2fce35 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/poppler-qt-0.5.4-33.5.i586… 7fb670644aeaba11aa5e5923edbf5aa3 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/poppler-tools-0.5.4-33.5.i… 9b610714ee13690ba236dfd2c126ce6f SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-1.1.23-40.32.i586.rpm acc52ac714e5c1bce043bb9e2b89c276 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-client-1.1.23-40.32.i… fc46c124fe8f712fcdba9cd2da992d5e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-devel-1.1.23-40.32.i5… aa8f7abf0bf4a292fbb3e7bc178fffb6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-libs-1.1.23-40.32.i58… f1cd69f6de248738a1389ce3ea559d1e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/gpdf-2.10.0-40.5.i586.rpm dd9e10c9c6f0bab6cb60a18315022873 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/kdegraphics3-pdf-3.5.1-23.… aeded6042f620f83783c79d5a83af525 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/koffice-1.4.2-25.6.i586.rpm 9c9377a4c69cdf024759ab1ca56f21c7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/koffice-database-1.4.2-25.… 5d1f25e3480abf5892ccc339794303fc ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/koffice-devel-1.4.2-25.6.i… d55259530f75913fc17894ab5707135a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/koffice-extra-1.4.2-25.6.i… 47c8fd6deb6d090bf82f552e4ba81ef4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/koffice-illustration-1.4.2… d57dd054ce1db3c69fcac150367148cf ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/koffice-presentation-1.4.2… 4fc3f45b42fb6caea31c19450289e368 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/koffice-spreadsheet-1.4.2-… 96ea40119ee3243a290b91eae7ffe920 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/koffice-wordprocessing-1.4… 0a416a5887076e9dc67ec3fb853dd2a1 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/libextractor-0.5.10-12.8.i… a0cdb8d10e8952f09bafabebdf9e4d19 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/libextractor-devel-0.5.10-… 8554647e4b637218cac489b09bba7439 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/pdftohtml-0.36-145.7.i586.… c9352dfbc8ba32999e95a65d5770f681 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/poppler-0.4.4-19.15.i586.r… c9b3f757d1ffed8586e5843fdd9147c5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/poppler-devel-0.4.4-19.15.… a70ea528c7f4eb50f74b0391b1a0bc9a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/poppler-glib-0.4.4-19.15.i… cea69a83fec658a060d4a52a1d23118c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/poppler-qt-0.4.4-19.15.i58… 18b41e6fe3dff5f7e0b0d640b78dc5c3 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xpdf-3.01-21.13.i586.rpm e3db10905926a4e1b481fd326b5bb936 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/xpdf-tools-3.01-21.13.i586… b5eb8a910e907b55882a6a42ddad03a7 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/cups-1.1.23-21.16.i58… ec1243638ea76085bb5a8c9df73653d6 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/cups-client-1.1.23-21… 50b3c3943fe6a1eb1cb9e17593f748e7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/cups-devel-1.1.23-21.… 54234448b3d0db73667c1f6b276a299d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/cups-libs-1.1.23-21.1… 4d079d49dc9357cafb6a64fc5152cf8b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/gpdf-2.10.0-12.9.i586… 0a2d2f1f72064c62dc80413bfbdcf703 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kdegraphics3-pdf-3.4.… 258f139a71c8006ab43bb832d1a94f02 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/koffice-1.4.1-10.8.i5… cdb035a67d437fb3124f5e5f4cb784ae ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/koffice-database-1.4.… 401abda58adacdcfea54a390bd352d25 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/koffice-devel-1.4.1-1… be8b1a1e2db7f8a22992454426a916b9 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/koffice-extra-1.4.1-1… ad76cacc749f0367578fbb86ac7b6580 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/koffice-illustration-… 17b618dff98200999ab1ee58667c7669 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/koffice-presentation-… eb9b6c32f04c0f904862f7db580a483b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/koffice-spreadsheet-1… b4b403407509d4f245fd5f1ce8793bbe ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/koffice-wordprocessin… dc55d423ff5e533ba0377aab6624284d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/libextractor-0.5.2-3.… 5324ebbb6ef34cb7f7749d14c80750d3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/libextractor-devel-0.… e98744ef62f5051a8e2ec5539faa02d1 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/pdftohtml-0.36-130.9.… 543f9c5c34239002ad9dad084d8d9f26 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/poppler-0.4.2-3.11.i5… d147aa24d4e32d13a391389793bfe2ee ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/poppler-devel-0.4.2-3… a9662c695d63c7e00804f2e5e6a0657d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/poppler-glib-0.4.2-3.… 7015b890e0f3f8bc96b738d11cc9bb70 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/poppler-qt-0.4.2-3.11… 398829577f90994e24235b8aac2dadbf ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xpdf-3.00-92.12.i586.… 794dd52eb09eb61263522e76f8a07178 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xpdf-config-3.00-92.1… ff01c1e7443172660ed96cbdc70a2b66 openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-1.2.12-… 99d398454307d0bb9651c0556c266de4 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-client-… 8d536a802caff84a4c33674338ea8fd6 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-devel-1… 0b05322b98d735ed6fc53bc485a69ead http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-libs-1.… ab1d24c8dbc4e44b23eea492a242131c http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kdegraphics3… 7687e5851a60c6ddb8f33d453da32fee http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/poppler-0.5.… 4dfe3d217e5a3c129fa679d0c1d92aab http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/poppler-deve… d2ac0b9e41c016cabd627d05bf23dfb3 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/poppler-doc-… cfaf2f7373dc0dc68f84d994e687758e http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/poppler-glib… 424858b37212f907089cfad5de7b8cbe http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/poppler-qt-0… 48b88d5c628ab89767b0ceaf16367260 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/poppler-qt4-… a72b86398e4c8f924ee431258d940c04 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/poppler-tool… f9b8b34307fc8efb3ce486c5bb006d5e http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/xpdf-3.02-19… 017f59801300ee3a066fd83f43907d6f http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/xpdf-tools-3… fb0f438f2934cbbdc548da9047d142e7 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kdegraphics3-pdf-3.5.5-43.… 7caa4cbc1b91a3301485af57ddd9a5f8 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/xpdf-3.01-58.5.i586.rpm cc0d179e1e098251b6f8577329d492fe ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/xpdf-tools-3.01-58.5.i586.… b131f47b0b03c9505591b72297543a8a Power PC Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-1.2.12-2… 5c8d0dbba4d3a2c52f7470f6597f3b81 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-client-1… d28ac94ab2404bef67bc250c12f1ace0 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-devel-1.… 7207b43ed41c64a6941ac7871ede2815 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-libs-1.2… 99025b49ba5188fc436a28bf28e1f87c http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-1.6.3… c46465a6c06ed2d7ce140488a88de4ff http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-datab… 40c262c6077013fbee1379ff410dd249 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-datab… 6db4bcb3539d644647ed76f4510196c2 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-datab… 0acd4821a10cfa6fc1a6d8b71eeccb4a http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-devel… 6f42a00518e26ec797f941a5da29ae0b http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-extra… 5ac0338ccaa929ce4df4ca0f9c141db2 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-illus… bf5300f4b23b22b38c50d9140b6752ff http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-plann… b219c99a1e02fba5d99d34747fc87034 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-prese… c1d54781fa2fca722b7ba4c0120840d1 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-pytho… f49791ebbf58d06ba59ceaf7535b8918 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-ruby-… 8c68ff90e5e767694d7853ca3f91f512 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-sprea… c3a47f1f523d324796ded308875e9102 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/koffice-wordp… dceba5d8e3a6e0f2523d444709bdea7d http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/poppler-0.5.4… c2ddfca6d3c6c2cd3f69b1beb5b6c1a1 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/poppler-devel… 9685ec456b37268f0542cee48c0961bb http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/poppler-doc-0… ec2430fdf37d1bcac92ef41854881938 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/poppler-glib-… 4e53105307081af61ada3c8ff11c4314 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/poppler-qt-0.… 59002b39b03487d4e6e1804c683a2009 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/poppler-qt4-0… d8547453f912b2d985dcb53da6c4ad2c http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/poppler-tools… d163b43a6f16399a46dd043005afab01 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-1.2.7-12.7.ppc.rpm d5e9ddfbd7b811d9459cb5b671445c72 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-client-1.2.7-12.7.ppc.… 4e4c6596b6818b21a67b9134dd998f52 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-devel-1.2.7-12.7.ppc.r… a412d9097883f31b3ead2ba465e919c6 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-libs-1.2.7-12.7.ppc.rpm f3372a6cbb2daf7dada17c33ccf0369d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/gpdf-2.10.0-82.4.ppc.rpm b098ef0e828d63fc29ab6761483a1d6e ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-1.6.0-0.5.ppc.rpm 63108fb82cd68fcf23ce8b7ff8b860d3 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-database-1.6.0-0.5.… d7c7cddb69a5c92cc940277ff2e5d56b ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-database-mysql-1.6.… e4beed6482eec0738f02d452043113c7 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-database-psql-1.6.0… 4a99a6a186a78c0ef1aa79e0679c0382 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-devel-1.6.0-0.5.ppc… 07a6f2eb9b197aaddd88e9edec159038 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-extra-1.6.0-0.5.ppc… 5569e1a150c99cad4a7df8df361a396c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-illustration-1.6.0-… 60860d2df788879d48e1f947abc9dd5f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-planning-1.6.0-0.5.… 2077e22ee8bc7d703abdc9e88b523d96 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-presentation-1.6.0-… 1be3341d5fda66008931839fdda98af3 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-python-1.6.0-0.5.pp… 9566edb0c094cda6f0af378be4a0c36f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-ruby-1.6.0-0.5.ppc.… 7240eb79ed72808956b4573fd2e39339 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-spreadsheet-1.6.0-0… ab184afc3c1f44e118b429d41ddfd7bf ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/koffice-wordprocessing-1.6.… 9a3e056f40bb3a7cd879f3d2fffe473c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/poppler-0.5.4-33.5.ppc.rpm 6359866d5eb9c408a137c5923527390f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/poppler-devel-0.5.4-33.5.pp… 1742432730bdfe5b90f7af7044a9580c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/poppler-glib-0.5.4-33.5.ppc… 8ec8bcaeff1d902440cbd9d478145f04 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/poppler-qt-0.5.4-33.5.ppc.r… 8316086b76ef18ac20928dba213f72f3 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/poppler-tools-0.5.4-33.5.pp… c3110578c4bfd602d8614053cdaf4b98 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-1.1.23-40.32.ppc.rpm 7363adf91be7ab49e6e028e7029f0a42 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-client-1.1.23-40.32.pp… 93dc51b76235951ede9c87153bae69c7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-devel-1.1.23-40.32.ppc… 02a21da5bc70d9bd569042e97e6a9041 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-libs-1.1.23-40.32.ppc.… 427c8c6805a14d323afb3f55ae04b25f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/gpdf-2.10.0-40.5.ppc.rpm 315537180b1afcd128782c8fa854cdbc ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/kdegraphics3-pdf-3.5.1-23.2… 15d828b0a6031d77cb748cb4921342f7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/koffice-1.4.2-25.6.ppc.rpm 562b0a10ceb94fb9938db3ad3ae4a3fc ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/koffice-database-1.4.2-25.6… 66f9f2878e8dd0228e7dc58b78a15244 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/koffice-devel-1.4.2-25.6.pp… 8774f090aabe1b14c59c238f38c5065d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/koffice-extra-1.4.2-25.6.pp… 1542de8f27bc354d5c735fe28823baf0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/koffice-illustration-1.4.2-… 09a89a49802166ab99b962732dd62f94 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/koffice-presentation-1.4.2-… 72d0d79050ecf0a753ddfa0beb9ce6d3 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/koffice-spreadsheet-1.4.2-2… c4d5afe8d133a2535446a57b176e07e8 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/koffice-wordprocessing-1.4.… b025facfba70989f0efa6138922884e0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/libextractor-0.5.10-12.8.pp… 8619679086227f968d1485fd033b484e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/libextractor-devel-0.5.10-1… d4916edec0a030bbc0223fbf5cfcbdca ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/pdftohtml-0.36-145.7.ppc.rpm ee1d30e1b85f7cee33d6af21c4d60a80 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/poppler-0.4.4-19.15.ppc.rpm f360d766c27159cd6f212402cc417cfa ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/poppler-devel-0.4.4-19.15.p… 9a8537efa773694807482f5bf7c6e2bf ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/poppler-glib-0.4.4-19.15.pp… 70085493e667dcb327c3deda95ddfd75 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/poppler-qt-0.4.4-19.15.ppc.… 1efee1dd0305d73167f4cf15e7783293 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/cups-1.1.23-21.16.ppc.… 05677554dcf20a5758fbb1662d082d2d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/cups-client-1.1.23-21.… 4af3fa5c4e0bb2a80f0c0964897feb8c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/cups-devel-1.1.23-21.1… 7d961b475bc91d967a6c6edcaae15dd5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/cups-libs-1.1.23-21.16… 34461478b8fd187c6112a992dbce876f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/gpdf-2.10.0-12.9.ppc.r… 45fa4ad637365ac731173fd2a4b4d8c1 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kdegraphics3-pdf-3.4.2… 89269b47fd6d8a74a60f311ebb0ea835 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/koffice-1.4.1-10.8.ppc… b3ed69719ba604f5b20d2bcfd7adaec8 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/koffice-database-1.4.1… 7ec038f545472372e59313808a2e78da ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/koffice-devel-1.4.1-10… fca8fae942254a0591a88a2b9f62eb9a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/koffice-extra-1.4.1-10… 0f8355e0fe510ec19fe3fa19b636a76f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/koffice-illustration-1… adfba4f8d72a64da177253bff466ea3a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/koffice-presentation-1… 21475173bf9a07d88fb0184c9e89ea21 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/koffice-spreadsheet-1.… 79ad94202a0f2241916eee6580a9eccd ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/koffice-wordprocessing… fd7cc066f74cda44d5b7145f4b8a4b46 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/libextractor-0.5.2-3.1… 1a1c97efdd3ca7e04317d99a3401f8a3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/libextractor-devel-0.5… c3dc77c02148efe46d421109164c1d67 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/pdftohtml-0.36-130.9.p… 2344badfe361a3c41c592920725b6c78 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/poppler-0.4.2-3.11.ppc… 4bf5a271da0bbdbddd5d0d3ad4979019 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/poppler-devel-0.4.2-3.… af40a5f133d6824411087253f9d96cdf ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/poppler-glib-0.4.2-3.1… 4b1e4b1b9f5c0dd7085a0bc569b3a6df ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/poppler-qt-0.4.2-3.11.… f2e44da24faf378422a335eb6e0df005 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/xpdf-3.00-92.12.ppc.rpm fdab1249222934637fa2931f158bdb7a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/xpdf-config-3.00-92.12… 3033cef279012f7bbf2f53206e83ee7a openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/kdegraphics3-… 1e02a1cc8671a69063cfc530b675041b http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/xpdf-3.02-19.… dfebfbc234ba66a95bf40cff16f178d8 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/xpdf-tools-3.… 53da3ccfbced79e1b7a6b84deb4e4940 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/kdegraphics3-pdf-3.5.5-43.5… fd4e86bac9ae4825b2c19a28e9284daa ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/xpdf-3.01-58.5.ppc.rpm abb5e0e9a1754d53090b505bd5ca6841 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/xpdf-tools-3.01-58.5.ppc.rpm b0497d057c554e32636a2a5c7e39dcd0 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/xpdf-3.01-21.13.ppc.rpm 88f1ffe14587e59cb8ed22a79e174243 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/xpdf-tools-3.01-21.13.ppc.r… 90a7aab0e4e85f7ed88d4035b6ad8898 x86-64 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-1.2.1… db798f54006e2bb020bda6e07c9c839b http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-clien… ac838addf8742811763a6ca9a156a3ad http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-devel… 8d98a1a715487edad88522bf34928654 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-1.… 398a5dc9b0d85d2b49bb3975ff3972fc http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-da… 2a65f5f77d47fd093da8043698e024c5 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-da… a121a01ebe8707005bca703502ccfd6b http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-da… c0f2c9b3f0d7bff89e9c125df460349d http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-de… f47dc181c4f1b8a0a5ef0fb4df91af2f http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-ex… 916ae3c8779baea3f289f5b0d2d03e0b http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-il… 13e3ee1370ddf9b6f1573c0a2fc1a5e9 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-pl… b8b79bd27c10cc419f6886551053fcda http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-pr… 1232ed85c7652686eaa8821c0fa61f89 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-py… 5ff33163c9240f61d7089c7ffe5419fd http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-ru… 92e225958f54aac2f81a04d95666f95b http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-sp… 5840ecb3814f985a877afa7d2c265489 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/koffice-wo… 1731a2674faeaa449ddc6c332e8b9ee2 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/poppler-0.… 2cb89c938690ed47b045053a3f961cdd http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/poppler-de… ff45ab8b1d1ddb865e20ba8bc630b4d3 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/poppler-do… 32ad24d04ce07cb6210967ef2a218684 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/poppler-gl… 4538948820df8743f0ac58d965eb89ca http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/poppler-qt… 7356af830c07c536cf8a05c0550d42c5 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/poppler-qt… f5d472588965beddeff08a26e5709ba1 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/poppler-to… 3c5ea3b1be3272a8eea1bce56ab97915 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-1.2.7-12.7.x86_64.r… c6530c1a47a3781e8b201e19d8f73cf4 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-client-1.2.7-12.7.x… a190861fc22ca4bb9c55acbb17646a10 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-devel-1.2.7-12.7.x8… 5161aa8c8ee4f731fe905163fa41f30d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-libs-1.2.7-12.7.x86… f0faf1e2eae3cc92b26825fbcc679dda ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-libs-32bit-1.2.7-12… cdba07de0aae5cc0a5a210f0ec0a5087 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/gpdf-2.10.0-82.4.x86_64.… d43a3f67bf12c3c07bbc4d505cb14ef5 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-1.6.0-0.5.x86_64… 448bb6c4b54dbc2719fed891a2e247ad ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-database-1.6.0-0… 3194461b81d15364991e3f8cbadeaa61 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-database-mysql-1… 0cfd1b2ff0014d74f835b039e5c08cc7 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-database-psql-1.… 5339ed7818f7eea91e71ccfb07cdfa29 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-devel-1.6.0-0.5.… 90f19fa4f580c705abb29a49453e8335 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-extra-1.6.0-0.5.… 556c1bc238604fdcef4b2270fc4e1b18 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-illustration-1.6… b79732151bc28fce8d8140dc9f875b42 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-planning-1.6.0-0… 819046c20baa05a9629ac92004d45a86 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-presentation-1.6… 52782b1fa018ff1f95daecc10c90c226 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-python-1.6.0-0.5… 856f1b14fae9203d2eeca6a496522cbc ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-ruby-1.6.0-0.5.x… 63c1ae8f04c1dbca5530734ea33fc66a ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-spreadsheet-1.6.… c93f2de4cb8720efdc15a1563309498c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/koffice-wordprocessing-1… 7c977dd4c44e9c93437c23b4a7931840 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/poppler-0.5.4-33.5.x86_6… d60a2d793c368afb9e9748f5447630aa ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/poppler-devel-0.5.4-33.5… 565745e389a6177bbc26283448da9265 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/poppler-glib-0.5.4-33.5.… befb55ffb32b8d0640113b44289619e0 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/poppler-qt-0.5.4-33.5.x8… b182da6a5a80834d76e36ff2d20f6653 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/poppler-tools-0.5.4-33.5… 966cfc1fe6e35bd0f2e28be91fc45ee7 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/xpdf-3.01-58.5.x86_64.rpm a84388b11e820296c767cb0f53bc480e ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/xpdf-tools-3.01-58.5.x86… a6b0b0947a08e8bcc95e4cde42cf3922 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-1.1.23-40.32.x86_64… c3d5548c7284ca04019cacee9acef068 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-client-1.1.23-40.32… c4b8d812d27128aaa08149c42e984c4e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-devel-1.1.23-40.32.… c43e8b65de1a6919ff8e4c74c7c68912 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-libs-1.1.23-40.32.x… 8b15abe03e7073b4f75fe2988c7e352f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-libs-32bit-1.1.23-4… 59c51697c429d177ddd84ca3fb17d04e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/gpdf-2.10.0-40.5.x86_64.… d800fa04c985320eba3715420839a58c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/koffice-1.4.2-25.6.x86_6… b20be621c4300e54730bde79bab0f09c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/koffice-database-1.4.2-2… 731f1946155e7faa78523cc14256580c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/koffice-devel-1.4.2-25.6… a140863bdc008e22198dff13b9d4cd71 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/koffice-extra-1.4.2-25.6… 3bfdc8323c47e15820fc8e7858e1bb56 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/koffice-illustration-1.4… 27232c5e29b27afeabe7f143afcccdf2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/koffice-presentation-1.4… 8998efaf089c5ae19c698195aca7d709 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/koffice-spreadsheet-1.4.… d1027549f41c395de67f8eb235cb84c5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/koffice-wordprocessing-1… 867884ed8eba9fbdcb2f43cf8fc39f7f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/pdftohtml-0.36-145.7.x86… 0bcb0872571c7cbf9c85fdcd3abb6c2f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/poppler-0.4.4-19.15.x86_… 6e6d08f95393b8743f790d487d9700df ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/poppler-devel-0.4.4-19.1… 6f42fa404dfe94522458255bcb2fe177 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/poppler-glib-0.4.4-19.15… 63840c1f2fc72b0e166c59363306a86f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/poppler-qt-0.4.4-19.15.x… c0fc539382c6131f222240a0cde10f52 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xpdf-3.01-21.13.x86_64.r… 99ce1d5dce4a5d467f449cae9411dec3 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/xpdf-tools-3.01-21.13.x8… 6bc3803ef8a6203de0746e8e963a99b3 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/gpdf-2.10.0-12.9.x8… 4583bdcbf24da0aee5c6aad32a301c19 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kdegraphics3-pdf-3.… b697a094acc332ca97946e2c0e28d2ed ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/koffice-1.4.1-10.8.… ff2007650a6d8a476d8cc921742bac6d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/koffice-database-1.… 86230439e099ab7fd4bbc64ecd975519 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/koffice-devel-1.4.1… 3a31219897f8038bb3b5415fba847d7c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/koffice-extra-1.4.1… c87f63ad83caee0a6fcb439888525361 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/koffice-illustratio… f44487854f5db1ab28450fbba3369dc9 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/koffice-presentatio… f48709f2361458bf3f1e54abf2800a54 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/koffice-spreadsheet… 586b8a4e36d86def75efa82bc2c8080b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/koffice-wordprocess… 27d1ce251e15cc9ac54a6842c6822695 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/pdftohtml-0.36-130.… c9972c827561139a292a8b7281fc6260 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/poppler-0.4.2-3.11.… a626a70e69a78722654e2ff2d544dc06 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/poppler-devel-0.4.2… 67ef5d7d094b4c49cda53de59a1ff999 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/poppler-glib-0.4.2-… a0ac4c32905bc83cf217e33204634e1e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/poppler-qt-0.4.2-3.… 51cf1ceb6ac86752032a22e0099279eb openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-libs-… b788beaf2e2ae37361bdc5b420dfa075 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-libs-… ced7d6bd72465631ba01e75efc3145c8 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/kdegraphic… 9fbf877336127b6518eb8b1bb39bd50e http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/xpdf-3.02-… d51f6a35885be7ffe42c2f84e9e6fa29 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/xpdf-tools… c66872283fe775d18e7bb2dadeaa09cf openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/kdegraphics3-pdf-3.5.5-4… 427260240fdba45fc8df5c1e0be6bddf SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/kdegraphics3-pdf-3.5.1-2… 281c836d80a8608a34bd863a5daefc67 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/libextractor-0.5.10-12.8… fdc62e80dbf5985ec926d7ee77adacaf ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/libextractor-devel-0.5.1… d9f97225b832a9a72e988cae6bf4cb7d SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/cups-1.1.23-21.16.x… d5a78603c1442bf65c2f208533cb9764 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/cups-client-1.1.23-… 99f705eba6147315d51c0533b2fb6e83 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/cups-devel-1.1.23-2… c09fadb67d9a0e6480e5bac1b9830523 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/cups-libs-1.1.23-21… 7291280656b0d5d3350d1b1220b2b9c0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/cups-libs-32bit-1.1… 3ee9c987513ab47c9b1a9874a72e6d2a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/libextractor-0.5.2-… b5fe187c730fdf3a70eeb48ccd095334 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/libextractor-devel-… 0e70401d95af40abf551c1951d08741a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xpdf-3.00-92.12.x86… 8ad7892c5583102078e0280ade50f761 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xpdf-config-3.00-92… 10dee48a17eacc8677efb10ca7edfba8 Sources: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/koffice-1.6.3… 16cdde69c54cb6e4c43fa90dee334acf http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/xpdf-3.02-19.… f673a5531c0b28d5a85babd208c133e0 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/gpdf-2.10.0-82.4.src.rpm b3f4d5fe9c6b97c99e6067e2fef89c07 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/koffice-1.6.0-0.5.src.rpm 7f352604cfc9c8a0b17b145fb1de5f64 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/poppler-0.5.4-33.5.src.rpm 2f9dafedeeeed6fd8939ca5c916d8eb5 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/xpdf-3.01-58.5.src.rpm 22c4bf37a00ec2db9d06dd903329652f SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/gpdf-2.10.0-40.5.src.rpm bc3d105f128fdee4689f3793b0ee2264 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/koffice-1.4.2-25.6.src.rpm 996eed216c8233d537c35a421b23f210 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/libextractor-0.5.10-12.8.sr… 055e78d4bc54cee074d5bf4e66a0783e ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/pdftohtml-0.36-145.7.src.rpm 83a2c6366986951cc45b08c4aa1de787 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/poppler-0.4.4-19.15.src.rpm 3b383c32560ee43846ca821c3d601719 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/xpdf-3.01-21.13.src.rpm 6e32dc03d7230b35fa868187196fc4c1 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/cups-1.1.23-21.16.src.… 863cbf45b51218986fde130175997631 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/gpdf-2.10.0-12.9.src.r… 0dfd0683799e36e611f3d5cb6bbe99a3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/koffice-1.4.1-10.8.src… 016563ef574d633c7cbc1f4bd002c4c1 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/libextractor-0.5.2-3.1… d246a7e37d0bf061d003987bf8fb75be ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/pdftohtml-0.36-130.9.s… 443b872f66b3409564c5f1710e8111d4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/poppler-0.4.2-3.11.src… 764a22bd492efa02b9d8ee785a912078 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/xpdf-3.00-92.12.src.rpm 74e9c8db3aecad8e589fc526b5596c13 openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/cups-1.2.12-2… fe08192401ae80dff9ebdd0a55c301b7 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/poppler-0.5.4… e9044572d4467639b5b3a1c228943b8e openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/cups-1.2.7-12.7.src.rpm afd13575bdd1f91c36efe37cfcd430a9 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/cups-1.1.23-40.32.src.rpm 81e2fa96bf4264f16c99f71c0c3da776 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: UnitedLinux 1.0 http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… SuSE Linux Openexchange Server 4 http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… Open Enterprise Server http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… Novell Linux POS 9 http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… SuSE Linux Enterprise Server 8 http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… SuSE Linux Standard Server 8 http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… SuSE Linux School Server http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… SUSE LINUX Retail Solution 8 http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… SUSE SLES 9 http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… SLES SDK 9 http://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.… SUSE Linux Enterprise Server 10 SP1 http://support.novell.com/techcenter/psdb/43ad7b3569dba59e7ba07677edc01cad.… http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… http://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.… http://support.novell.com/techcenter/psdb/3867a5092daac43cd6a92e6107d9fbce.… SLE SDK 10 SP1 http://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.… http://support.novell.com/techcenter/psdb/3867a5092daac43cd6a92e6107d9fbce.… SUSE Linux Enterprise Desktop 10 SP1 http://support.novell.com/techcenter/psdb/43ad7b3569dba59e7ba07677edc01cad.… http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… http://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.… http://support.novell.com/techcenter/psdb/3867a5092daac43cd6a92e6107d9fbce.… SuSE Linux Desktop 1.0 http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.… http://support.novell.com/techcenter/psdb/da3498f05433976cc548cc4eaf8349c8.… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: Please consult our weekly security summary report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security(a)opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe(a)opensuse.org>. opensuse-security-announce(a)opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe(a)opensuse.org>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBRzsYnney5gA9JdPZAQLdoQgAioiZyQ4JhB9oEBTXvvxR4yI+1c4CmfKe ev3BJUI5qUpD1Q70vOEXHEtDeVQPkgBJ+sBnKLHieL2OXm8DE2+vIRm0nw6BGBPa avxGaQhtwuQiSuJkQWVEBYlatueqNCwb00Gj0lIg1AY0lMDyz0Z9nzIla9BVvIEE blY3JhXacRbWDlneXjSyYKlKSvKUjvGYqFNuRSN4h4hukEPJQG0rydZX7ldkO5IC DkLnw95mDMCBaN6KSCnp7yfLYHHGuql4ZKgH2MICqh+Ofh6oIF1lOBOQToTGYlnc TTp36JWNYpl7NkVqhvDpWojcZx+3HhKuhrfnDXJGyK5JDGXdiTsZ7A== =VHaT -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:2007:059)
by Marcus Meissner 09 Nov '07

09 Nov '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: kernel Announcement ID: SUSE-SA:2007:059 Date: Fri, 09 Nov 2007 16:00:00 +0000 Affected Products: openSUSE 10.3 Vulnerability Type: remote denial of service Severity (1-10): 7 SUSE Default Package: yes Cross-References: CVE-2006-6058, CVE-2007-4997 Content of This Advisory: 1) Security Vulnerability Resolved: kernel update Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The Linux kernel on openSUSE 10.3 was updated to fix a critical locking problem in the reiserfs code which lead to process deadlocks. This kernel update also fixes the following two security problems: - CVE-2006-6058: A local denial of service when mounting MINIX filesystems was fixed. - CVE-2007-4997: A 2 byte buffer underflow in the ieee80211 stack was fixed, which might be used by attackers in the local WLAN reach to crash the machine. and the following non security bugs: - Kernel update to 2.6.22.12 including fixes for: genirq, x86_64, Infiniband, networking, hwmon, device removal bug [#332612] - patches.drivers/alsa-hdsp-zero-division: hdsp - Fix zero division (mainline: 2.6.24-rc1) - patches.drivers/libata-ata_piix-properly_terminate_DMI_system_list: Fix improperly terminated array - patches.rt/patch-2.6.22.1-rt4.openSUSE: updated existing patch (RT only) - patches.drivers/alsa-hda-robust-probe: hda-intel - Improve HD-audio codec probing robustness [#172330] - patches.drivers/alsa-hda-probe-blacklist: hda-intel - Add probe_mask blacklist [#172330] - patches.fixes/megaraid_mbox-dell-cerc-support: Dell CERC support for megaraid_mbox [#267134] - patches.suse/reiserfs-use-reiserfs_error.diff: updated existing patch [#299604] - patches.arch/acpi_gpe_suspend_cleanup-fix.patch: ACPI: Call acpi_enable_wakeup_device at power_off (updated) [#299882] - patches.suse/ocfs2-15-fix-heartbeat-write.diff: Fix heartbeat block writing [#300730] - patches.suse/ocfs2-14-fix-notifier-hang.diff: Fix kernel hang during cluster initialization [#300730] - patches.arch/acpi_autoload_bay.patch: updated existing patch [#302482] - patches.suse/zc0301_not_claim_logitech_quickcamera.diff: stop the zc0301 driver from claiming the Logitech QuickCam [#307055] - patches.fixes/aux-at_vector_size.patch: Fixed kernel auxv vector overflow in some binfmt_misc cases [#310037] - patches.fixes/nfs-name-len-limit: NFS: Fix an Oops in encode_lookup() [#325913] - patches.arch/acpi_lid-resume.patch: ACPI: button: send initial lid state after add and resume [#326814] - patches.fixes/remove-transparent-bridge-sizing: PCI: remove transparent bridge sizing [#331027] - patches.fixes/fat_optimize-count-freeclus.patch: Make scan of FAT table faster [#331600] - patches.suse/reiserfs-remove-first-zero-hint.diff: reiserfs: remove first_zero_hint (updated) [#331814] - patches.drivers/aic7xxx-add-suspend-resume-support: aic7xxx: Add suspend/resume support [#332048] - patches.drivers/alsa-emu10k1-spdif-mem-fix: emu10k1 - Fix memory corruption [#333314] - patches.drivers/alsa-hda-stac-avoid-zero-nid: Fix error probing with STAC codecs [#333320] - patches.arch/acpi_ec_fix_battery.patch: Fix battery/EC issues on Acer and Asus laptops [#334806] - patches.suse/reiserfs-make-per-inode-xattr-locking-more-fine-grained.diff: fixed a bad unlock in reiserfs_xattr_get() [#336669] - patches.fixes/ramdisk-2.6.23-corruption_fix.diff: rd: fix data corruption on memory pressure [#338643] - patches.drivers/add-wacom-pnp_devices.patch: wacom tablet pnp IDs to 8250_pnp.c [#339288] 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes If you are using the GRUB bootloader, please review the /boot/grub/menu.lst file after the update for correctness. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kernel-bigsm… 1a12e1aacec911f5c08279f5ef98847f http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kernel-debug… 4a53ab56b281fd86dd0d206d512731f7 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kernel-defau… 960032b6e3c89616bb12e2e92cb8aef6 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kernel-sourc… 390ad049b12300321fe35bcdb88b7c31 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kernel-syms-… 3056141e73f37a521c52bb55fcd76006 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kernel-xen-2… 89d63df290a8f2e2dc7ceb85f77d6533 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kernel-xenpa… 443f87738be5368e7bb28936157c6c01 Power PC Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/kernel-defaul… b776981525527e92dc461b20cd54a4e5 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/kernel-kdump-… 35391438b5df1eb49874929b41063b89 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/kernel-ppc64-… 3052960e883737aa3c29a9633e1e0ea8 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/kernel-source… e1aaee8d102ab448f1e2111b7c3bcb87 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/kernel-syms-2… f3a79e7be26c2ed4f4112cee14bb7a78 x86-64 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/kernel-deb… 867bdea7dfd4a643a424e46b82bbe912 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/kernel-def… 0df6d8269e9b2674c34fb609942fbf32 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/kernel-sou… 5cfd1c3745f1d7ad329eb94393df990e http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/kernel-sym… 5c368bbe01e6667f8234677a010d5764 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/kernel-xen… b5b3b7cb20914407296ec87e8437cf20 Sources: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-bigsmp… b6c70308122a82a656574d4198437ee0 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-debug-… f1bd6bd6399346959919679c15766bdd http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-defaul… 7fb25a4f00225b2430eb41221e09bacc http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-kdump-… f1941735af850af06c542469c6b16a3d http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-ppc64-… f89babffcbfc64cc8efbe16283ddfdca http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-source… a1c6fa14f08682419b8f4f5fc5e0b8a4 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-syms-2… 75c585e0a4276542dd6828080aa7f29c http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-xen-2.… cf5c174deb9b4588e3b7708236d9cb8c http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-xenpae… b7685baa4f3cabcbe5c9291edfde1c39 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security(a)opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe(a)opensuse.org>. opensuse-security-announce(a)opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe(a)opensuse.org>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iQEVAwUBRzR18ney5gA9JdPZAQLiHAf+NfKtRwQFfblmrIXE55s8/p7X2jfAdalY /1H3J/uBi4ols6a6hnvbeI+obuF7x3wxtv/fVWAsMCI/jAKJ8Jqm9Qtx9T88ARKX XFjrGrA4RGrF7XwCM5l8RAhsaMgujS3MvzU1M/tydu3f4BWIIkSwsrX3FZeq/3jr M65NPHgjx3m/vxuqPv4za7os8aiCe3EyBgydd4k/yvnOIbjSG1vNG7gFlteytxJp eM2N5pgz1gbw/Yi2NyUDLP5wVa5CXHBe90RBhRj7IT6w8eryxaKbbUQG1BJakik6 hUTgdH5cFyPII0h8aKJ2FvLlveEnhHuoCmbsa5VBLxcAPaZyesfVpQ== =65+4 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE Security Announcement: cups (SUSE-SA:2007:058)
by Ludwig Nussel 31 Oct '07

31 Oct '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: cups Announcement ID: SUSE-SA:2007:058 Date: Wed, 31 Oct 2007 16:00:00 +0000 Affected Products: SUSE LINUX 10.0 SUSE LINUX 10.1 openSUSE 10.2 openSUSE 10.3 Vulnerability Type: remote code execution Severity (1-10): 9 SUSE Default Package: yes Cross-References: CVE-2007-4351 Content of This Advisory: 1) Security Vulnerability Resolved: cups potential code execution Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: - See SUSE Security Summary Report 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion A missing length check in the IPP implementation of cups could lead to a buffer overflow. Attackers could exploit that to crash cupsd or to potentially even execute arbitrary code with root privileges (CVE-2007-4351). On SUSE Linux 10.1 and 10.0 as well as on all SLES based products only crashing cupsd is possible. A cummulative update that integrates other fixes for SLES will be released later. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please close and restart all running instances of cupsd after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-1.2.12-… fe5e0f5b0099ef1077e896fc4a8138a0 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-client-… 69b4d4cad3c0fbe6b0ed860f3096f1c2 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-devel-1… 0d31f2a4e389a7af21ade0de1a37d970 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-libs-1.… f8dde214c471623211f6674b42a2d6e3 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-1.2.7-12.5.i586.rpm bdb1169e9cf5b4be5010494c4ef978a6 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-client-1.2.7-12.5.i58… d14d4ee918718c4d6ba028fdaac37019 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-devel-1.2.7-12.5.i586… 7c16813b78df2935e9a0979188d5512f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-libs-1.2.7-12.5.i586.… 9502b104e136a510d0699d35c369ba40 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-1.1.23-40.29.i586.rpm c813be9aac53f1d9e3c0e8f9419314fa ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-client-1.1.23-40.29.i… 41fb8c468ab12b5b3beb57b05e87ccbd ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-devel-1.1.23-40.29.i5… a58bd5492bc9d5bc4f301b11e52c70dc ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-libs-1.1.23-40.29.i58… d5986d1b82b5d4b380cc48b11e183cb4 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/cups-1.1.23-21.14.i58… 93ea977863b7c8641a7417d16b022d60 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/cups-client-1.1.23-21… 107251d4caf6b62c8af134dd05bc390f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/cups-devel-1.1.23-21.… 84bee07754ab9de0b88ad19315ec8626 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/cups-libs-1.1.23-21.1… 93fe59a41332524cf48f3f16c27cd75f Power PC Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-1.2.12-2… 951bf61b958376012041c71d6bb9081a http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-client-1… ba0e8463a1a53a860c4252087daf158d http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-devel-1.… bcd6e08c139cb5ae7a2da3983642cb36 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-libs-1.2… 23a6b874a9be3c2f26696d9588535628 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-1.2.7-12.5.ppc.rpm b3bf7e60454961bb64acb97d4d8f31dc ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-client-1.2.7-12.5.ppc.… 0826dfe7405be0396b0bc3a06e6b05fb ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-devel-1.2.7-12.5.ppc.r… 79315219721bb2cdde478a61296f3551 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-libs-1.2.7-12.5.ppc.rpm 8a51e1e0996260d327c84a407d945468 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-1.1.23-40.29.ppc.rpm adb4ad098158649bd8fa1dac4b25f144 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-client-1.1.23-40.29.pp… 1b28235f7dfb972a2a05edb561de42e5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-devel-1.1.23-40.29.ppc… 3118d04cdee7bec039fe95628f5642ff ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-libs-1.1.23-40.29.ppc.… 529b452529f7ef92223ce70671bb0fbd SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/cups-1.1.23-21.14.ppc.… e09710312104c868cb3e7d58ca3d211e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/cups-client-1.1.23-21.… 5e1073c0d63fe78f5481a1cf6647e0a3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/cups-devel-1.1.23-21.1… 2875190815f6486c407c19c5ba802ad5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/cups-libs-1.1.23-21.14… 90909d3bd88fc6a1a2650dbf2f76a081 x86-64 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-1.2.1… 4abe7c1bdc49af27a4b9a6b54a458af6 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-clien… e0602891495437f0ece837650232eff8 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-devel… a051e26848864271e69227b9d7008379 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-libs-… 657b1f64b0d3936da825274df1f086bd http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-libs-… 5e4f08c31ca4966c460a5260a87b54d6 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-1.2.7-12.5.x86_64.r… c7852fc1ed7641535028f9dbccbb6037 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-client-1.2.7-12.5.x… 9cfb8d6f213f68347d018944e6782a40 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-devel-1.2.7-12.5.x8… 0af8220f3a0596e580ad0f8b167a0871 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-libs-1.2.7-12.5.x86… 90896bf60377fe3c4421a0679c8cdc2c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-libs-32bit-1.2.7-12… 3cf65ace8539dc93a62a29c525638959 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-1.1.23-40.29.x86_64… a43dfb201dd1fc2d3da41532970c59fa ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-client-1.1.23-40.29… ed2715561b7a0c5f7ea130531a2f75f7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-devel-1.1.23-40.29.… 39a6035507d2f47905ce4b06541ddd91 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-libs-1.1.23-40.29.x… a52fae450bd66c02aeb6811665ad4286 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-libs-32bit-1.1.23-4… 8813be2ea77f237f7a96e7e2f2ab5060 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/cups-1.1.23-21.14.x… efdb12aefeb27fdb6c5782044d994315 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/cups-client-1.1.23-… 880917450c020222a07cc454fcf6be9b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/cups-devel-1.1.23-2… c06502dc968bb5c7aaba180a213f5fd7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/cups-libs-1.1.23-21… eb245a29f6497aff083150a00fe0c48b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/cups-libs-32bit-1.1… 5bee362bef9be0a4c5ab6b7ecad8ad06 Sources: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/cups-1.2.12-2… b43acb5d7f52eaa69d508b77146aa1aa openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/cups-1.2.7-12.5.src.rpm 9f347989ffd512a0bb92acc8bd3bd7a0 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/cups-1.1.23-40.29.src.rpm 1fbc9ef67357483c8a56a5369b6dcea6 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/cups-1.1.23-21.14.src.… 63df10b69954c95591a86224e1c85263 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: - See SUSE Security Summary Report ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security(a)opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe(a)opensuse.org>. opensuse-security-announce(a)opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe(a)opensuse.org>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iQEVAwUBRyiSYHey5gA9JdPZAQLajAgAl4VtoZOGjFpRQ7A42m2iFPjMEQqYxVq5 Ygi4ZsqFJRUnT5ytUnFrZicHgx5e9mbKkAOBPs4FxxLSzq4CrSwd1D6qbOaBOw33 Y0tPirG5fb56aYwITqZ84YZkV0Ta8dc+RJsaSn/shGdbptew8lbZH4fETxzY3WgD Jh5QEpjw5ONGql9+jaft2xzf/yXTLCYjjsab/1CzyTOyX4cJb/k0kdl+luPY2zCd HKo/skTEJtF6JWn3owsOEChzgJ1OoYcAKwa67DTcXCxbQ+H5vF5n23mVZ5TnDXYq 05kwWDR6ZCUTtsfpHFNFbdSGarypoP37y4oF87WKZbQUSypn1WCMJQ== =H7Yn -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE Security Summary Report SUSE-SR:2007:023
by Marcus Meissner 31 Oct '07

31 Oct '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2007:023 Date: Wed, 31 Oct 2007 16:00:00 +0000 Cross-References: CVE-2007-4029, CVE-2007-4033, CVE-2007-4065 CVE-2007-4066, CVE-2007-4985, CVE-2007-4986 CVE-2007-4987, CVE-2007-4988, CVE-2007-5197 Content of this advisory: 1) Solved Security Vulnerabilities: - mono BigInteger overflow - GraphicsMagick/ImageMagick integer overflows - t1lib buffer overflow - libvorbis crash and denial of service problems 2) Pending Vulnerabilities, Solutions, and Work-Arounds: None listed this week. 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for the following incidents are already available on our FTP server and via the YaST Online Update. - Mono BigInteger overflow Mono was updated to fix a buffer overflow in Mono's BigInteger implementation. This issue is tracked by the Mitre CVE ID CVE-2007-5197 and was fixed for all affected products. - GraphicsMagick/ImageMagick integer overflows GraphicsMagick and ImageMagick were updated to fix several security vulnerabilities. - CVE-2007-4985: infinite loop while parsing images - CVE-2007-4986: integer overflows that can lead to code execution - CVE-2007-4987: one-byte buffer overflow that can lead to code execution - CVE-2007-4988: integer overflows that can lead to code execution They were updated for all SUSE Linux based products containing ImageMagick or GraphicsMagick. - t1lib buffer overflow A buffer overflow in t1lib could potentially be exploited to execute arbitrary code via specially crafted files (CVE-2007-4033). t1lib has been updated on all affected products. - libvorbis crash and denial of service problems Specially crafted OGG files could crash libvorbis or make it run into an endless loop (CVE-2007-4029, CVE-2007-4065, CVE-2007-4066). libvorbis was updated for all affected SUSE Linux distributions. ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds None listed this week. ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and included at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security(a)opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe(a)opensuse.org>. opensuse-security-announce(a)opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe(a)opensuse.org>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iQEVAwUBRyiYHHey5gA9JdPZAQKcaggAhk4FZu46y3A/LJEbZlZqvqZs15Y12Imm QH+W0fOvqkAbXqNZ7fdBQtrbiYUOSYFNgN+bdz7VI63FBvFmbaEIz9H5RewK05y7 rdoxcOBcTQ7pcYw/fpV8o/7enUQJ55h+IyUNHq1ohGjNFxCEXoEfpYzrD0vJNRgo ArtuiAWqh9Oy8gAj87TZxguNCkj9BwO8eBRc/suuW1GN/tCYSJmjgw7Mhfh9ExPX 4XyCIce9wGHs/INsszLdpHPdEkgiQir6qPlcr8AX71zMVcqXykmF7tDoWnhMawop 9EONZze4oHqm1Fy2WoN5gXYT3OUxWpNKghFf77MD8o17IbVQhR9xaQ== =LchU -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE Security Summary Report SUSE-SR:2007:022
by Marcus Meissner 26 Oct '07

26 Oct '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2007:022 Date: Fri, 26 Oct 2007 16:00:00 +0000 Cross-References: CVE-2007-4565, CVE-2007-4619, CVE-2007-4752 CVE-2007-5191, CVE-2007-5540, CVE-2007-5541 Content of this advisory: 1) Solved Security Vulnerabilities: - fetchmail remote denial of service attack - flac integer overflows - opera 9.24 security update - util-linux mount setuid/setgid checking problem - util-linux mount buffer overflow - openssh X11 cookie and SIGALRM fixes 2) Pending Vulnerabilities, Solutions, and Work-Arounds: None listed this week. 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for the following incidents are already available on our FTP server and via the YaST Online Update. - fetchmail remote denial of service attack A remote denial-of-service attack was fixed in fetchmail. This issue is tracked by the Mitre CVE ID CVE-2007-4565 and was fixed for all SUSE Linux based products. - flac integer overflows Multiple integer overflows in flac could potentially be exploited by attackers via specially crafted files to execute code in the context of the user opening the file (CVE-2007-4619). flac was updated on all affected distributions. - Opera 9.24 security update Opera was updated to version 9.24 to fix numerous defects including some security problems. (CVE-2007-5540,CVE-2007-5541) Opera is on SUSE Linux 10.0, 10.1, openSUSE 10.2 and 10.3 and was updated there. - util-linux mount setuid/setgid checking problem Ludwig Nussel identified a problem in the handling of "user" mounts in util-linux. The return value of setuid() was not checked. This can only trigger if a mount point is listed as "user" in /etc/fstab and if helpers are called. But those helpers have to be setuid root anyway, so this problem is only academic in the current setup and so just considered a regular bug. We have fixed this bug for openSUSE 10.3 and future products. This issue is tracked by Mitre CVE ID CVE-2007-5191. - util-linux mount buffer overflow Cryptographic enhancements in the losetup code in /sbin/mount done by us during the openSUSE 10.3 development introduced a stack based buffer overflow, which could potentially be used to execute code. We have a released an updated util-linux package for openSUSE 10.3 fixing this bug. This would have likely have been caught by the stack overflow protection mechanisms, but we have not cross checked this. - openssh X11 cookie and SIGALRM fixes A bug in was fixed in openssh's X11 cookie handling code. It does not properly handle the situation when an untrusted cookie cannot be created and uses a trusted X11 cookie instead. This allows attackers to violate the intended policy and gain privileges by causing an X client to be treated as trusted. (CVE-2007-4752) Additionally this update fixes a bug introduced with the last security update for openssh. When the SSH daemon wrote to stderr (for instance, to warn about the presence of a deprecated option like PAMAuthenticationViaKbdInt in its configuration file), SIGALRM was blocked for SSH sessions. This resulted in problems with processes which rely on SIGALRM, such as ntpdate. ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds None listed this week. ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and included at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security(a)opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe(a)opensuse.org>. opensuse-security-announce(a)opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe(a)opensuse.org>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iQEVAwUBRyHu0Xey5gA9JdPZAQKb3wgAgT/yI7tnlqGjd2IJ93tdFZFsDvI5WF9F +ozR66g4JGLFzNLSlyFdINCfLZVBX/bcR4uzMFsNH04aqOvJ2xUh7xP9ksEPcdyE njUc/CtqtTAZ0OG4LzJuopgfEHJHxhUql5HVslohxBk+fmzQxArSqgha5a86GrUo C+kuZ6luq20wXsveRPjGST0MdoNsUNObdIGtrb+f1UydxRiSO0O1WZBS+dWesA+M NwsqiyvFLwUOcDE+KKJetQJBrm/mxun1bvwZk/ttkNA1QhgnM9F7MC+t5lq6qgpX oxwhOEWVgXYlT6XCVCBzgVWpzIK2be+Y707bBSXqOAIJFGwJQ43PaQ== =Y9kC -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE Security Announcement: MozillaFirefox,mozilla,seamonkey (SUSE-SA:2007:057)
by Marcus Meissner 25 Oct '07

25 Oct '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: MozillaFirefox,mozilla,seamonkey Announcement ID: SUSE-SA:2007:057 Date: Thu, 25 Oct 2007 18:00:00 +0000 Affected Products: SUSE LINUX 10.0 SUSE LINUX 10.1 openSUSE 10.2 openSUSE 10.3 UnitedLinux 1.0 SuSE Linux Enterprise Server 8 SuSE Linux Openexchange Server 4 SuSE Linux Standard Server 8 SuSE Linux School Server SUSE LINUX Retail Solution 8 SUSE SLES 9 Novell Linux Desktop 9 Open Enterprise Server Novell Linux POS 9 SUSE Linux Enterprise Desktop 10 SP1 SUSE Linux Enterprise Server 10 SP1 Vulnerability Type: remote code execution Severity (1-10): 8 SUSE Default Package: yes Cross-References: CVE-2006-2894, CVE-2006-4965, CVE-2007-1095 CVE-2007-2292, CVE-2007-3511, CVE-2007-3844 CVE-2007-3845, CVE-2007-4841, CVE-2007-5334 CVE-2007-5337, CVE-2007-5338, CVE-2007-5339 CVE-2007-5340, MFSA 2007-20, MFSA 2007-25 MFSA 2007-26, MFSA 2007-27, MFSA 2007-28 MFSA 2007-29, MFSA 2007-30, MFSA 2007-31 MFSA 2007-32, MFSA 2007-33, MFSA 2007-34 MFSA 2007-35, MFSA 2007-36 Content of This Advisory: 1) Security Vulnerability Resolved: various Mozilla browser security problems Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Various problems were identified and fixed in the Mozilla family of browsers. The Mozilla Firefox Browser was updated to security update version 2.0.0.8 for SUSE Linux Enterprise 10, SUSE Linux 10.1, openSUSE 10.2 and 10.3. On Novell Linux Desktop 9 the fixes were back ported to the 1.5.0.12 Firefox version. Mozilla Seamonkey was updated to 1.1.5 on openSUSE 10.2 and 10.3, the older products received backports to Mozilla Seamonkey 1.0.9. MozillaThunderbird updates are not yet available. Following security problems were fixed: - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create "about:blank" windows and populate them in certain ways (including implicit "about:blank" document creation through data: or javascript: URLs in a new window). - MFSA 2007-29: Crashes with evidence of memory corruption As part of the Firefox 2.0.0.8 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. - CVE-2007-5339 Browser crashes - CVE-2007-5340 JavaScript engine crashes - MFSA 2007-30 / CVE-2007-1095: onUnload Tailgating Michal Zalewski demonstrated that onUnload event handlers had access to the address of the new page about to be loaded, even if the navigation was triggered from outside the page content such as by using a bookmark, pressing the back button, or typing an address into the location bar. If the bookmark contained sensitive information in the URL the attacking page might be able to take advantage of it. An attacking page would also be able to redirect the user, perhaps to a phishing page that looked like the site the user thought they were about to visit. - MFSA 2007-31 / CVE-2007-2292: Digest authentication request splitting Security researcher Stefano Di Paola reported that Firefox did not properly validate the user ID when making an HTTP request using Digest Authentication to log into a web site. A malicious page could abuse this to inject arbitrary HTTP headers by including a newline character in the user ID followed by the injected header data. If the user were connecting through a proxy the attacker could inject headers that a proxy would interpret as two separate requests for different hosts. - MFSA 2007-32 / CVE-2007-3511 / CVE-2006-2894: File input focus stealing vulnerability A user on the Sla.ckers.org forums named hong reported that a file upload control could be filled programmatic by switching page focus to the label before a file upload form control for selected keyboard events. An attacker could use this trick to steal files from the users' computer if the attacker knew the full path names to the desired files and could create a pretext that would convince the user to type long enough to produce all the necessary characters. - MFSA 2007-33 / CVE-2007-5334: XUL pages can hide the window titlebar Mozilla developer Eli Friedman discovered that web pages written in the XUL markup language (rather than the usual HTML) can hide their window's titlebar. It may have been possible to abuse this ability to create more convincing spoof and phishing pages. - MFSA 2007-34 / CVE-2007-5337: Possible file stealing through sftp protocol On Linux machines with gnome-vfs support the smb: and sftp: URI schemes are available in Firefox. Georgi Guninski showed that if an attacker can store the attack page in a mutually accessible location on the target server (/tmp perhaps) and lure the victim into loading it, the attacker could potentially read any file owned by the victim from known locations on that server. - MFSA 2007-35 / CVE-2007-5338: XPCNativeWraper pollution using Script object Mozilla security researcher moz_bug_r_a4 reported that it was possible to use the Script object to modify XPCNativeWrappers in such a way that subsequent access by the browser chrome--such as by right-clicking to open a context menu--can cause attacker-supplied javascript to run with the same privileges as the user. This is similar to MFSA 2007-25 fixed in Firefox 2.0.0.5 Only Windows is affected by: - MFSA 2007-27 / CVE-2007-3845: Unescaped URIs passed to external programs This problem affects Windows only due to their handling of URI launchers. - MFSA 2007-28 / CVE-2006-4965: Code execution via QuickTime Media-link files Linux does not have .lnk files, nor Quicktime. Not affected. - MFSA 2007-36 / CVE-2007-4841 URIs with invalid %-encoding mishandled by Windows This problem does not affected Linux. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please close and restart all running instances of Mozilla after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFiref… fcd6aebb85486f2fd1f5f21f6be6f7c5 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/MozillaFiref… c0a5f55e55819330bbaedb1562d3b3ab http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-1.… e28e54f197e18a1437f7e4e2d61f7716 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-do… 8ce609f4f23e125a3fde4e098c2f8387 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-ir… fc5ef53403ab657af5f3a03cf0dea515 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-ma… 84e622b990a471319a6e155fe78c7a71 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-sp… 5668c7e37f7d3f7ab958659efbf6393f http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/seamonkey-ve… 7cab38da286e5c6b61eee35253159b2d openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-2.0.0.8-1.1… 63b9dcf5769346e9fa63cc5bc58cbf2f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/MozillaFirefox-translation… 86c8f71674d54597867bbfef0523f455 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-1.1.5-0.1.i586.r… 56ae1f2a6d01b66e7b828811baef386f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-dom-inspector-1.… f90f8b1a40acb84af586070b2b36a3c7 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-irc-1.1.5-0.1.i5… b6f30d4a98dd664f531f9c7b0c5361a7 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-mail-1.1.5-0.1.i… 12f05e3f903e3588a33e129ad5afa2ba ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-spellchecker-1.1… 8c5ae9dfe961c2dd22c5858e34f1ddcd ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/seamonkey-venkman-1.1.5-0.… 4b9d7b965de396aba2dae8d44e02d2ed SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/MozillaFirefox-2.0.0.8-1.2… 0c79e6ed846f58ee38f2195899700783 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/MozillaFirefox-translation… 2b1f78a24b7c604e491f874b4ee010eb ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-1.0.9-1.5.i586.r… 136302b1383bfa10e6963ac51c487156 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-calendar-1.0.9-1… e1cb5dd0e2f58ddfcf1e6aeba8188f2c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-dom-inspector-1.… 540c5555216bbfb8e083cadacf97cd56 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-irc-1.0.9-1.5.i5… 0289839942737ac0942dd2a9f5eefe9b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-mail-1.0.9-1.5.i… 0795a2047ccf35a566480a9b66de3b95 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-spellchecker-1.0… e85070685e2a7306c942880786261678 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/seamonkey-venkman-1.0.9-1.… 29dba3d7132a130c2a7fe454556ed8a9 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaFirefox-2.0.0.… b443c59893edc2831856b44cb45d6818 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaFirefox-transl… ed267848820945045e32a853fee275d9 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-1.8_seamonkey… 66fce2adb0f9afae473ef0fe95dced71 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-calendar-1.8_… 2bd9fd5b7441f14d102f67b7dfd59ba9 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-devel-1.8_sea… d9f3f1505fcfb25af2980ac738ede92e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-dom-inspector… 60e214cfb4c3a4786e2cd1a3238c5aeb ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-irc-1.8_seamo… c17c89b837b176c532dd4df5d5fe208c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-ko-1.75-3.5.i… d4175069e22129dc9355d7db0492f250 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-mail-1.8_seam… 98a94679da3e405c7ed1ff7ae9405224 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-spellchecker-… 2c6a412a94f5912907b0c6bcd07124e5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-venkman-1.8_s… f4f5da1e91972d8d188757389dcb5057 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-zh-CN-1.7-6.5… 5fb2bf8cb496278cc3311c6db64551ff ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/mozilla-zh-TW-1.7-6.5… 39e86845e27e9923476a8cde8da90eff Power PC Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/MozillaFirefo… 9c9ac689cc29aae1488c7ad7b92d0bdd http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/MozillaFirefo… 21e9f77bbb3c20814137327f6eaee9f9 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-1.1… cc32112a9f89abba812147e40d0255d0 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-dom… 2c925817e2a4c98463cb9c09237a6cb5 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-irc… facd6df5c71d962063177fc348bb767f http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-mai… 03df79f55ac1616296b7e0742013e8ad http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-spe… f06ae78053dd6cf62454fd1f39123633 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/seamonkey-ven… c478ed242f3224ff7fe30d77967e7bee openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/MozillaFirefox-2.0.0.8-1.1.… 6cc2e85621a7f5bd5e4b7d079cf7205b ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/MozillaFirefox-translations… f34326ed73827774922995a0091ea4c4 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-1.1.5-0.1.ppc.rpm f82ae91873004c2aca4a6886df913ac7 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-dom-inspector-1.1… 5e54828377b091f9630628f5b1f22312 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-irc-1.1.5-0.1.ppc… f6fee9249b8b8ed0169f45a31845e54d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-mail-1.1.5-0.1.pp… 0bb3655011a19a1b5c8e20a275151eaa ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-spellchecker-1.1.… 06d93fdc67ea905637258c00a69f0a6d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-venkman-1.1.5-0.1… fdab90f20d0e9603cdde5ae40c59ec78 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/MozillaFirefox-2.0.0.8-1.2.… 04972567fc2d1b3c9a1cd48de0a6a719 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/MozillaFirefox-translations… b221dcecab11e53206be8d2b68af2897 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-1.0.9-1.5.ppc.rpm 4ebcb7702a69f0296fec491e8e06eb8f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-calendar-1.0.9-1.… bd1952ecd073cf8431f2444a3e4d4645 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-dom-inspector-1.0… d3b6f079dd977541fb12b3c931581e49 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-irc-1.0.9-1.5.ppc… 82c041d37045a1eb1faba6a0b793d29b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-mail-1.0.9-1.5.pp… 66c77272f5d36f3b7338afc5b4c7f5a8 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-spellchecker-1.0.… 2754235ca272e2f471d23dfe298b976c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-venkman-1.0.9-1.5… 4cb01eb812c293bfadaf636d91ba2f6b SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/MozillaFirefox-2.0.0.8… 53176a31ec82d1433b9c85bdb5e4d55d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/MozillaFirefox-transla… 73cd0d20c927925d0c5fb8313e8e7761 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-1.8_seamonkey_… f2f91a58e1141ef80c23528aca6ea4f7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-calendar-1.8_s… 9d48e1cc4486f0456c85a286acdfdd2f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-devel-1.8_seam… 6ce5464cbf1d814d79f3572735668bc3 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-dom-inspector-… dba8224a3018683fb25ef153f5c9216f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-irc-1.8_seamon… d3a6233e9be5b73a13c77116b9be6659 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-ko-1.75-3.5.pp… 6aec834bdb366e4132c14186a8af7a5e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-mail-1.8_seamo… 74db865b27ddf466507a9f53927977f2 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-spellchecker-1… 863dfd26f01216c2a355d8a6873509a8 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-venkman-1.8_se… 6655b800453b4352a7f0767fbdc16c99 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-zh-CN-1.7-6.5.… 3b1227b6646d573e0b36667cdbf8b431 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/mozilla-zh-TW-1.7-6.5.… ea3f2ec400ef34feb6181584dd2df51f x86-64 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/MozillaFir… 286bc8449e069e29d0185180ae9af95a http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/MozillaFir… 423752fd83adb06750f5463ef86c4b94 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-… 535f222a51cf9b2b02b87d1e4662e562 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-… 3e04002a25b7bb9fe4a4219e3a7fd177 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-… 21936c9d7ca8a79e825608ff8ed6e87f http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-… f555ef7f3ff24402f806eda5abc0750f http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-… c2843979e9fa2e847e48e39b1561fc90 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/seamonkey-… 248795e918196b3b6dd0b74e32747ea2 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/MozillaFirefox-2.0.0.8-1… 6feaf265388a8e0d74f56d0b339c1b7b ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/MozillaFirefox-translati… cc00f89ee535e0ead4036646b4a5b8aa ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-1.1.5-0.1.x86_… 8791bfe757b4397d347be1e85be8c92d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-dom-inspector-… 301c934989919c637aa6585c9b93ddaa ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-irc-1.1.5-0.1.… 8391c2b342d00def8fec429bed80597c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-mail-1.1.5-0.1… 56679451877bd2819907849119cae823 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-spellchecker-1… 126d4df4e4cfe9e727572fc3ea29cf6f ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/seamonkey-venkman-1.1.5-… 4f93cb97a2eb9e27b28356cd22acc358 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-1.0.9-1.5.x86_… b1b6e0fb86137856bcb99f9eadc8b311 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-calendar-1.0.9… 9022c6152510f336e4a2dfea4be2d2fa ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-dom-inspector-… 8369f700d85a46e6cac2a144c0b83eba ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-irc-1.0.9-1.5.… b9996f34dcd09395e11dfe7978136a46 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-mail-1.0.9-1.5… 76404dc283e649d15d12cae9c20479e2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-spellchecker-1… 7822779669eedc3a963cc073339b7ad7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/seamonkey-venkman-1.0.9-… 900c48a2079694f4163efa8e868846a4 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-1.8_seamonk… c6e7c2fb0c20d62384a5705882980246 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-calendar-1.… 100a0e68b16325739f04e37112174ef5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-devel-1.8_s… 1f2f19a68a3bc76920f1acdc1b57f64d ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-dom-inspect… a37b87151167c84a2879fa21171f6869 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-irc-1.8_sea… 27bdbef4228a6e38f043fb62d098d6ca ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-ko-1.75-3.5… 0329e13cf39f6b049b0eb6d77e0a5d3e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-mail-1.8_se… bea94ac34f30deba19495135d401057f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-spellchecke… cbf92cb5ba4e9c8f8c759211dd98abb5 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-venkman-1.8… 58366db4cf007ece188dc0b684653f43 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-zh-CN-1.7-6… ff54d8d75657211b988c5f066290da47 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/mozilla-zh-TW-1.7-6… 991b44d1019e1691a226f4c4c34d01e7 Sources: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/MozillaFirefo… 504257c7bb91d92c8c57f1d19a744885 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/seamonkey-1.1… 3084f6f2578a126f4fc2ee09c4e99956 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/MozillaFirefox-2.0.0.8-1.1.… ec010caa558bf186407aa6c01a0c86b9 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/seamonkey-1.1.5-0.1.src.rpm 08b9664a84a9cd3e230fc548d1f700fa SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/seamonkey-1.0.9-1.5.src.rpm da54807f0d499f28af2cb1618eead8e0 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/MozillaFirefox-2.0.0.8… 1fda55bec5840d4665ad497c29f1a607 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-1.8_seamonkey_… f259a9c634aa3b2a14f8896ce0d34f76 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-ko-1.75-3.5.sr… e7ecbfb4143f47767e179a1f2d9e7c94 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-zh-CN-1.7-6.5.… a5096f53ac8f021e43fb0268c7d33839 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/mozilla-zh-TW-1.7-6.5.… 6871a8338eb79ad9b0c7f61a53429cef Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: Open Enterprise Server http://support.novell.com/techcenter/psdb/bc8dbb4aea45ba7fac544f7e63f7898b.… Novell Linux POS 9 http://support.novell.com/techcenter/psdb/bc8dbb4aea45ba7fac544f7e63f7898b.… SUSE SLES 9 http://support.novell.com/techcenter/psdb/bc8dbb4aea45ba7fac544f7e63f7898b.… UnitedLinux 1.0 http://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.… SuSE Linux Openexchange Server 4 http://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.… SuSE Linux Enterprise Server 8 http://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.… SuSE Linux Standard Server 8 http://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.… SuSE Linux School Server http://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.… SUSE LINUX Retail Solution 8 http://support.novell.com/techcenter/psdb/605742757aa7f9e469593be4df1322b6.… Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/bc8dbb4aea45ba7fac544f7e63f7898b.… http://support.novell.com/techcenter/psdb/94e7e87449ed25841acaf9b535567347.… SUSE Linux Enterprise Server 10 SP1 http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.… SUSE Linux Enterprise Desktop 10 SP1 http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security(a)opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe(a)opensuse.org>. opensuse-security-announce(a)opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe(a)opensuse.org>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iQEVAwUBRyDAd3ey5gA9JdPZAQI/owf/RDz3IenjVSKxGZJ+Ve0s8BvQ0z36Q9FY v3cZb8AVmqXT9h0gF6BAm+f5LhgTBuwYCuwz33QrjiVu6Y0CuKwBa/BT8Ie0soxK nogf9IUUaykal3CEO8ReAxTA4u5amPZ7k+biIrYsJSWMaSqyDzwxyXFImPPiFYZf B7WQ3aoQqylMqqEXYUPAy0n8yULVRpDBdOBJIep2HcOpgi4ZPc2DQq1B5xWNWPri Sb9sJ4V2t73RVluHiw1tB/oJ/uneTY5670g1N6VFYvBLEDluzRQPMqA5pejLbN/M K4o+Jp9hjUaySC02RBMCqTzgF3JzznShobMCRHLGhbGNHpW1nvfDEg== =vPDr -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE Security Summary Report SUSE-SR:2007:021
by Marcus Meissner 19 Oct '07

19 Oct '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2007:021 Date: Fri, 19 Oct 2007 17:00:00 +0000 Cross-References: CVE-2006-1861, CVE-2006-3467, CVE-2007-4074 CVE-2007-4224, CVE-2007-4569, CVE-2007-4924 CVE-2007-4995, CVE-2007-5208 Content of this advisory: 1) Solved Security Vulnerabilities: - hplip command injection - kdelibs3, kdebase3 security update - NX security update for PCF handling - festival daemon command injection - opal denial of service problem - openssl DTLS problem 2) Pending Vulnerabilities, Solutions, and Work-Arounds: - None listed this week. 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for the following incidents are already available on our FTP server and via the YaST Online Update. - hplip command injection The daemon 'hpssd' could be exploited by users to execute arbitrary commands as root. hpssd only runs on systems that have HP all-in-one devices configured. In the default configuration the problem is not remotely exploitable as hpssd only listens on local interfaces (CVE-2007-5208). This issue has been fixed for SUSE Linux 10.0-10.3, and SUSE Linux Enterprise Desktop 10. - kdelibs3, kdebase3 security update kdebase3 and kdelibs3 were updated on all affected SUSE Linux products to fix the following problems: - Users could log in as root without having to enter the password if auto login was enabled and if kdm was configured to require the root password to shutdown the system (CVE-2007-4569). - Javascript code could modify the URL in the address bar to make the currently displayed web site appear to come from a different site (CVE-2007-4224). - NX security update for PCF handling The XFree code contained in NX was prone to integer overflows (CVE-2006-1861) and insufficiently protected against specially crafted PCF files (CVE-2006-3467). NX has been updated on SUSE Linux 10.0-10.3, it is not contained on other distributions. - festival daemon command injection The festival daemon runs as root (if started). The default config doesn't have a password set. A local attacker could therefore connect to the daemon to have commands executed as root (CVE-2007-4074). festival has been updated on all affected products. - opal denial of service problem The opal library contained a bug in the SIP protocol handler that could be exploited by attackers to crash applications using opal (CVE-2007-4924). Opal has been updated on openSUSE 10.2, 10.3 and SUSE Linux Desktop 10. - openssl DTLS problem A buffer overflow in the DTLS implementation of openssl could be exploited by attackers to potentially execute arbitrary code (CVE-2007-4995). openssl has been updated on all distributions that contain DTLS support. It is questionable if the DTLS support even worked before or used by applications at all, so we were likely not affected. ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds None listed this week. ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that it has not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and included at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security(a)opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe(a)opensuse.org>. opensuse-security-announce(a)opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe(a)opensuse.org>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iQEVAwUBRxi+Eney5gA9JdPZAQJLPAf/UMbdLsBuHBCkOTZAfw0EnVg9g9t1lvKe EaRLCzJVcG0UK4vIs+ngcZC0egKVIMBBwJOinZqoWzahPw0t5nd+zPt2Lj29aets EpKaSIRX4jleiGy80Ry2B6HwONU3JYWzAtz6iX+hlpu8IJIoWD4CGvAD1sElz3IV 0tdxAPqcpZtNjOQ9Bt/fZmxSfzblc0p10TiMON+dMZpQWi8KxqhCrKoCvPUL71ub cWf+lHdAmuQVw3Ap3K9jhtoF/i94026KO+KLpmKqw/b96XfTN36/kmSyVq1ALwWI GC5oWsW2jYq6/v2TNWi1+/eFfScoVSJgLR5wmjSVe48Cnfg1fRfFlg== =Hml1 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE Security Announcement: IBM Java (SUSE-SA:2007:056)
by Marcus Meissner 18 Oct '07

18 Oct '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: IBM Java Announcement ID: SUSE-SA:2007:056 Date: Thu, 18 Oct 2007 18:00:00 +0000 Affected Products: UnitedLinux 1.0 SuSE Linux Enterprise Server 8 SuSE Linux Openexchange Server 4 SuSE Linux Standard Server 8 SuSE Linux School Server SUSE LINUX Retail Solution 8 SUSE SLES 9 Open Enterprise Server Novell Linux POS 9 SUSE Linux Enterprise Desktop 10 SP1 SLE SDK 10 SP1 SUSE Linux Enterprise Server 10 SP1 Vulnerability Type: remote code execution Severity (1-10): 8 SUSE Default Package: yes Cross-References: CVE-2007-2788, CVE-2007-2789, CVE-2007-3004 CVE-2007-3005, CVE-2007-3655, CVE-2007-3922 Content of This Advisory: 1) Security Vulnerability Resolved: IBM Java security update Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The IBM Java JRE/SDK has been brought to release 1.5.0 SR5a and 1.4.2 SR 9.0, containing several bugfixes, including the following security fixes: - CVE-2007-2788,CVE-2007-2789,CVE-2007-3004,CVE-2007-3005: A buffer overflow vulnerability in the image parsing code in the Java(TM) Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. A second vulnerability may allow an untrusted applet or application to cause the Java Virtual Machine to hang. - CVE-2007-3655: A buffer overflow vulnerability in the Java Web Start URL parsing code may allow an untrusted application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications with the privileges of the user running the Java Web Start application. - CVE-2007-3922: A security vulnerability in the Java Runtime Environment Applet Class Loader may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the local host, as if it were loaded from the system that the applet is running on. This may allow the untrusted remote applet the ability to exploit any security vulnerabilities existing in the services it has connected to. For more information see: http://www-128.ibm.com/developerworks/java/jdk/alerts/ 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes None. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: UnitedLinux 1.0 http://support.novell.com/techcenter/psdb/4931a7f4cae4a43064c21ec2362f54e5.… http://support.novell.com/techcenter/psdb/1d3d4cc05bdfc425f875a1d8a7ef9b7e.… SuSE Linux Openexchange Server 4 http://support.novell.com/techcenter/psdb/4931a7f4cae4a43064c21ec2362f54e5.… http://support.novell.com/techcenter/psdb/1d3d4cc05bdfc425f875a1d8a7ef9b7e.… Open Enterprise Server http://support.novell.com/techcenter/psdb/1d3d4cc05bdfc425f875a1d8a7ef9b7e.… Novell Linux POS 9 http://support.novell.com/techcenter/psdb/1d3d4cc05bdfc425f875a1d8a7ef9b7e.… SuSE Linux Enterprise Server 8 http://support.novell.com/techcenter/psdb/4931a7f4cae4a43064c21ec2362f54e5.… http://support.novell.com/techcenter/psdb/1d3d4cc05bdfc425f875a1d8a7ef9b7e.… SuSE Linux Standard Server 8 http://support.novell.com/techcenter/psdb/4931a7f4cae4a43064c21ec2362f54e5.… http://support.novell.com/techcenter/psdb/1d3d4cc05bdfc425f875a1d8a7ef9b7e.… SuSE Linux School Server http://support.novell.com/techcenter/psdb/4931a7f4cae4a43064c21ec2362f54e5.… http://support.novell.com/techcenter/psdb/1d3d4cc05bdfc425f875a1d8a7ef9b7e.… SUSE LINUX Retail Solution 8 http://support.novell.com/techcenter/psdb/4931a7f4cae4a43064c21ec2362f54e5.… http://support.novell.com/techcenter/psdb/1d3d4cc05bdfc425f875a1d8a7ef9b7e.… SUSE SLES 9 http://support.novell.com/techcenter/psdb/1d3d4cc05bdfc425f875a1d8a7ef9b7e.… SLE SDK 10 SP1 http://support.novell.com/techcenter/psdb/51fd7d03020fe413e43cda8f60442612.… SUSE Linux Enterprise Server 10 SP1 http://support.novell.com/techcenter/psdb/51fd7d03020fe413e43cda8f60442612.… http://support.novell.com/techcenter/psdb/5544d25cb52fbadcc4de5bfd2d3654a1.… SUSE Linux Enterprise Desktop 10 SP1 http://support.novell.com/techcenter/psdb/5544d25cb52fbadcc4de5bfd2d3654a1.… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security(a)opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe(a)opensuse.org>. opensuse-security-announce(a)opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe(a)opensuse.org>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iQEVAwUBRxeBt3ey5gA9JdPZAQKC/Af/VhaJNxs9RBByvXvQxu0lhEvhpYyvUzx/ AELeO6ijNNivueLwC9moDHFRGOdYgMlKSpiRIYgIULUXv96mUdJu12UCBcDBLf9j S4kz28NDmLwywP8IykokbUivvpFyBkAGaf+l5DmbQPRAjfdEhDK2AyrRKUHP32yt Xgh6ibEcV82adMSh98dldFS6U7Ak4D5X79RN/xX2QLj8gezGJLfUWcoPAKVPf/// Isc7Kat6+ub29Tj531y7tPo3L/iD8Hax/xSV1ZaCU/Fr/2lDbmc7qcrA5z0/woko jKJ1pwjggJuBHI/1M1eCJc4/jQClDKxpw9SoIiw146ZK/MPm6E2l7A== =oC8B -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] SUSE Security Announcement: Sun Java (SUSE-SA:2007:055)
by Marcus Meissner 17 Oct '07

17 Oct '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: Sun Java Announcement ID: SUSE-SA:2007:055 Date: Wed, 17 Oct 2007 16:00:00 +0000 Affected Products: SUSE LINUX 10.0 SUSE LINUX 10.1 openSUSE 10.2 openSUSE 10.3 SuSE Linux Desktop 1.0 SUSE SLES 9 Novell Linux Desktop 9 Open Enterprise Server Novell Linux POS 9 SUSE Linux Enterprise Desktop 10 SP1 SUSE Linux Enterprise Server 10 SP1 Vulnerability Type: remote code execution Severity (1-10): 8 SUSE Default Package: yes Cross-References: CVE-2007-5232, CVE-2007-5236, CVE-2007-5237 CVE-2007-5238, CVE-2007-5239, CVE-2007-5240 CVE-2007-5273, CVE-2007-5274 Content of This Advisory: 1) Security Vulnerability Resolved: various Sun Java security problems Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The Sun JAVA JDK 1.5.0 was upgraded to release 13, and the Sun JAVA SDK 1.4.2 was upgraded to update 16 to fix various bugs, including the following security bugs: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1 CVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applets outbound connections via a DNS rebinding attack. http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1 CVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application. CVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulnerabilities". CVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities." http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1 CVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications. http://sunsolve.sun.com/search/document.do?assetkey=1-26-103071-1 CVE-2007-5240: Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen. http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1 CVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applets outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applets socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. CVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. The full set of changes is available on Suns website: - Sun Java 1.5.0: http://java.sun.com/j2se/1.5.0/ReleaseNotes.html - Sun Java 1.4.2: http://java.sun.com/j2se/1.4.2/ReleaseNotes.html 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please restart all running programs using Java. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_5_0-s… db79c4b7fefdedc43ae31216662089aa http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_5_0-s… aa911ba5a8c0e2fafd45e38164e4af0d http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_5_0-s… 3dbd86f1ff61d0dde4de6b874252d0ae http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_5_0-s… 6f35206472e3e321c98e5b0338398525 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_5_0-s… bc934a367636b5eabaa18d0bceb66647 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_5_0-s… 7c4d3fe8bec5086f476e8f7d67519f1e http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_5_0-s… 11c007724936143c8bd3081c7e113f31 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_6_0-s… a7a76e2199b7196d959322d1ede447e4 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_6_0-s… 6a0d9549ac0d234d1327060f847f00a2 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_6_0-s… 521979eca3b309fe439218f548b18cf5 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_6_0-s… d3fbb5c1cbf2b45e6d9de607182ffa0b http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_6_0-s… 88ab5ee341f989038c8b3e350b52025a http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/java-1_6_0-s… 2eecb5bd39340350b884bbfce47cdbdd openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-1.4.2_updat… a7efad3e5ad87bfb4f10809459b43b86 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-alsa-1.4.2_… 0fafec8320d1afe966513f22d1473d6c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-demo-1.4.2_… 88cfa97299aaac439cd41e5660f9ed44 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-devel-1.4.2… d7209a3e6b987037f7ff73fce37618b4 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-jdbc-1.4.2_… 4a9107905a31e33583c410830795c3cb ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-plugin-1.4.… 8c04bfaa1e59161e06b4c905b39f3740 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-src-1.4.2_u… 2767ee2c20a1e82c9e92a429d57bbfc8 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-1.5.0_updat… 3e7f6fb52e64f0a1aa0b3bb4360941b1 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-alsa-1.5.0_… 666f310b8f72b7e8325a1b2bf3430cd9 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-demo-1.5.0_… b662b4746e76e2e80211f9b1530a0634 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-devel-1.5.0… 9bb9d91771e91a5e468d844d0833b944 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_… 79576c335b53b7645f4d034030fe364a ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-plugin-1.5.… 093e8507edd582053f97ae2c5292f11a ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-src-1.5.0_u… b09f8e8cdb00523fd2120260cfaf76ce SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-1.4.2.16-0.… 85abbe35d4fe5b9d46806a30e5724765 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-alsa-1.4.2.… 72a2101f9b44a80859fef741a9568335 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-demo-1.4.2.… f3da91699e32b8f4efed47ab1904deb1 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-devel-1.4.2… 63c3f1709c2ddf5c4c5fcf89943d3d4a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-jdbc-1.4.2.… d8cc04eff3e6d30750ef857de41faaa5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-plugin-1.4.… 88b08a78c8c3428fba59b024e5ddf732 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-src-1.4.2.1… ab4ec1f49cf394491ea17a7bb9746b7b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-1.5.0_13-0.… f6e8dacb468b9617ce46c5446705daf5 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-alsa-1.5.0_… 296a4397c28146a2387e4cfe9709c525 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-demo-1.5.0_… c01241555425922bc31dde995fa98fa9 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-devel-1.5.0… 7964aff93873c0713f55d2949febbff2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_… 0a4a38a7d5cbfe00de8a939c894a0797 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-plugin-1.5.… 60c0c9109cf701d1296bde511c62943b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-src-1.5.0_1… f963b9ed78462021302748ff118e63cf SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-1.4.2.… 0b3bddd090547a8674d50562d58cee3e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-alsa-1… 9dee1984300abae07c056fd0b12bfb9a ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-demo-1… 11b0264e7ddde51586f86bc574e8d7d1 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-devel-… d78f492982b2d6a4c9a1aba4adc8b6a0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-jdbc-1… baacffd2da282a30ffb27fdc90252761 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-plugin… be6892b45b38e800db814040ffe8d71f ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-src-1.… c292662e7104be22cbe7be03a326600b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-1.5.0_… 74988aaca3b417bfa46a5d1b7427b5e7 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-alsa-1… 593d088ee887455ee6343321458a967c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-demo-1… a7c4737d11727f47d84b426bc78d0883 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-devel-… 29648a2a07b5b94d301adf7e4688cb84 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-jdbc-1… f9ad29f623d6b7bea7eed82db8dc5fdc ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-plugin… 126b66bce2f1d100fe04f5d69b4ed86d x86-64 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/java-1_5_0… 2b3d17258e5c52c79736354025ccc3db http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/java-1_5_0… e7ac5c9bc69ff16adf73f96bd5340d75 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/java-1_5_0… 2e0a5db66a70d108f2b9f089909f4cd0 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/java-1_5_0… 36e4a433ef8618bd16359d5688d6cbb1 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/java-1_5_0… 967ac70d8e29fb54b59962efad59b422 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/java-1_5_0… ddd051b7bd431e71c1a95254d23fe1b9 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/java-1_6_0… 8db5de7456ea27a3d1b1406efde06cf9 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/java-1_6_0… 542661a072e69c76aeb7082e93f7e2be http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/java-1_6_0… 1bc5403185c10c4e8ba752f19f1e9230 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/java-1_6_0… 3e78ec6c9da25d00f8785212f524c4bc http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/java-1_6_0… 77cee98b8e536b626f54f1184dd1ca70 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-1.5.0_upd… f49c281144167f7585352785eeed8b2c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-alsa-1.5.… bb7f3c5019e3df98d43ef77ba4057ffb ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-demo-1.5.… 78a5bacc4b2ffaf672be426d0ff4cb45 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-devel-1.5… df154e99311eef828712f92bddc56493 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-jdbc-1.5.… 0536f4ad33b35890c5c7af2ea8bbdaef ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-src-1.5.0… 09bb7442b933182238dad1eac71aa2fd SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-1.5.0_13-… f71266d1ccbd005af6e803cc984a5ae9 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-alsa-1.5.… d6fd39e09f164848b3b4c0e4daf14794 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-demo-1.5.… 44e66182712ab0ff589186bfef13624b ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-devel-1.5… d12f0248268dabeb02fe49871558bdea ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-jdbc-1.5.… 6a5198f6ac0559e74b414ea161029f8c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-src-1.5.0… 0b688823b5ace814b3ad3ebc4d26b435 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-1.5.… 633c0b9b9dac1c5257f4a2a1e4c0a566 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-alsa… f5d8a857bd44d2f7c5bb6039b6565a35 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-demo… 7737177c66ea30965a6db96cac1091ef ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-deve… 4116c82843731dcfa9bd1e945c636e56 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-jdbc… 4cd8e3b461888d8aa89e03ce4f39deb7 Sources: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/java-1_5_0-su… 21b729da38aba2488f508f4cf86657ab http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/java-1_6_0-su… c4f0c86f0b6e92b1cf8e60921db80f4d openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/java-1_4_2-sun-1.4.2_update… 1ae678ae3f162787b90dc599791dfc01 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/java-1_5_0-sun-1.5.0_update… 8c89054e3cb97b2f871b08816839428d SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/java-1_4_2-sun-1.4.2.16-0.2… bcc140caa84525ec7080a68a394b2b93 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/java-1_5_0-sun-1.5.0_13-0.1… db4f03f243b70ad7e153cfc655c8fd1c SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/java-1_4_2-sun-1.4.2.1… a8d79480c516c205452dcf3f991ec509 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/java-1_5_0-sun-1.5.0_1… bea6119a5a9f6836600274d1992e7326 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: Open Enterprise Server http://support.novell.com/techcenter/psdb/9d8cb03291c8cdf9cfec381e38bd6b88.… Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/9d8cb03291c8cdf9cfec381e38bd6b88.… Novell Linux POS 9 http://support.novell.com/techcenter/psdb/9d8cb03291c8cdf9cfec381e38bd6b88.… SuSE Linux Desktop 1.0 http://support.novell.com/techcenter/psdb/9d8cb03291c8cdf9cfec381e38bd6b88.… SUSE SLES 9 http://support.novell.com/techcenter/psdb/9d8cb03291c8cdf9cfec381e38bd6b88.… SUSE Linux Enterprise Server 10 SP1 http://support.novell.com/techcenter/psdb/9846044890f44374e747f617724ca6c9.… SUSE Linux Enterprise Desktop 10 SP1 http://support.novell.com/techcenter/psdb/9846044890f44374e747f617724ca6c9.… ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security(a)suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build(a)suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security(a)suse.de) the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security(a)opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe(a)opensuse.org>. opensuse-security-announce(a)opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe(a)opensuse.org>. ===================================================================== SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. The <security(a)suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iQEVAwUBRxYgo3ey5gA9JdPZAQKDLQgAjaOUGBXwiXc93rSMP1bpXVFTRz6zjcEA q+nPqqK8HTV+aTVWf5OyMzneyFkqEMx8woXtVggM4Wb8XlwTM6AKOPtNx8rpO0xv xNzgVSybcArvxrzRKbZs//Cu3ouBLnzTEVsZWmsJmb9YOVTDPGKqxg3uwQ2UQEN0 NmqBr3PMDrlSHxN0Y9AaQoXmwGQK52/nDudtpxkEP/PFCyNe56Qbp1pn3itv0lY8 5DjEP22FwB4pW7dWsHdSvf400PhEAItF3n3qSke9m31U34q2QitbGnvEsBy8BPKs NjAa3DV3/wzwv9QHCQJNrBvEkpJOZaZZQq/ecgNE+73r0iUjQXfSxw== =zHuO -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] Advance notice of discontinuation of regular support for SLES 8
by Marcus Meissner 15 Oct '07

15 Oct '07

Dear opensuse-security-announce subscribers and SUSE Linux Enterprise customers, SUSE Security announces that the regular maintenance, security and L3 support for the SUSE LINUX Enterprise 8 line of products will end after November 2007. The SUSE LINUX Enterprise 8 line consists of the following products: - SUSE LINUX Enterprise Server 8 - SUSE LINUX Openexchange Server 4.0 - SUSE LINUX Openexchange Server 4.1 - SUSE LINUX Retail Solution 8 - SUSE LINUX Standard Server 8 - SUSE LINUX Desktop 1.0 - UnitedLinux 1.0 All updates published will continue to be available for self-service download until November 2012. We will however be offering Extended Support for 2 years for the SUSE Linux Enterprise Server 8 product only. The extended support has following limits: - The offer is limited to the processor platforms Intel 32bit (i386) and IBM S/390 31bit (s390). - Only critical security problems will be fixed, others depending evaluation. - A certain sub-set of packages is no longer fixed. This list includes binary only software like Acrobat Reader, Java, and also some opensource software (Mozilla, PHP4, ucdsnmpd, snort, SpamAssassin, PostgreSQL). - Additional update rights need to be purchased for the extension to be activated. Please contact a Novell sales representative for more information if you are interested. Following SUSE Linux Enterprise product lines will continue to be available with following end dates: SUSE Linux Enterprise Server 9 - General Support until July 2009 (and Novell Linux Desktop 9) Extended Support until July 2011 SUSE Linux Enterprise 10 - General Support until July 2011 Extended Support until July 2013 To learn more about SUSE Linux business products, please visit http://www.novell.com/linux/suse/ For a detailed list of the life cycles of our Enterprise Products please visit http://support.novell.com/lifecycle/ and http://support.novell.com/lifecycle/lcSearchResults.jsp?sl=suse If you have any questions regarding this announcement, please do not hesitate your sales or support representative or to contact SUSE Security at <security(a)suse.de>.

1 0