DSA 1875-1: New ikiwiki packages fix information disclosure  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1875-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 31, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : ikiwiki
Vulnerability : missing input sanitising
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-2944

Josh Triplett discovered that the blacklist for potentially harmful TeX
code of the teximg module of the Ikiwiki wiki compiler was incomplete,
resulting in information disclosure.

The old stable distribution (etch) is not affected.

For the stable distribution (lenny), this problem has been fixed in
version 2.53.4.

For the unstable distribution (sid), this problem has been fixed in
version 3.1415926.

We recommend that you upgrade your ikiwiki package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_2.53.4.tar.gz
Size/MD5 checksum: 768022 d2ab889b5aa29ed5c4910aebc5d10c82
http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_2.53.4.dsc
Size/MD5 checksum: 1095 d4c29cc8a5c5e57bf73dff92738d2383

Architecture independent packages:

http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_2.53.4_all.deb
Size/MD5 checksum: 911086 6eac3777f3b38bc7e7a4a53571440b6e


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqcBysACgkQXm3vHE4uylrTEACfXVWcIirFP8onN9L+/lsqFpP8
8osAniQWmqVnSE9TSFqpgZxVV9rXqF0n
=G95e
-----END PGP SIGNATURE-----
"

DSA 1836-1: New fckeditor packages fix arbitrary code executionPrince in rent deposit lawsuit

USN-822-1: KDE-Libs vulnerabilities  

Posted by Daniela Mehler

"Ubuntu Security Notice USN-822-1 August 24, 2009
kde4libs, kdelibs vulnerabilities
CVE-2009-0945, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
kdelibs4c2a 4:3.5.10-0ubuntu1~hardy1.2

Ubuntu 8.10:
kdelibs4c2a 4:3.5.10-0ubuntu6.1
kdelibs5 4:4.1.4-0ubuntu1~intrepid1.2

Ubuntu 9.04:
kdelibs4c2a 4:3.5.10.dfsg.1-1ubuntu8.1
kdelibs5 4:4.2.2-0ubuntu5.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

It was discovered that KDE-Libs did not properly handle certain malformed
SVG images. If a user were tricked into opening a specially crafted SVG
image, an attacker could cause a denial of service or possibly execute
arbitrary code with the privileges of the user invoking the program. This
issue only affected Ubuntu 9.04. (CVE-2009-0945)

It was discovered that the KDE JavaScript garbage collector did not
properly handle memory allocation failures. If a user were tricked into
viewing a malicious website, an attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2009-1687)

It was discovered that KDE-Libs did not properly handle HTML content in the
head element. If a user were tricked into viewing a malicious website, an
attacker could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2009-1690)

It was discovered that KDE-Libs did not properly handle the Cascading Style
Sheets (CSS) attr function call. If a user were tricked into viewing a
malicious website, an attacker could cause a denial of service or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-1698)


Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0u=
buntu1~hardy1.2.diff.gz
Size/MD5: 1809719 988ba0b3fcdebaacd489ef624af90d52
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0u=
buntu1~hardy1.2.dsc
Size/MD5: 1729 c2ba26fd1969292837be77339835463e
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.or=
ig.tar.gz
Size/MD5: 18631467 5eeb6f132e386668a0395d4d426d495e

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.=
10-0ubuntu1~hardy1.2_all.deb
Size/MD5: 7326386 15016f77751a853d96fbc549bdd0a487
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.=
10-0ubuntu1~hardy1.2_all.deb
Size/MD5: 25454764 b8e521c8bfc228667701baad29f9ea0b
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0u=
buntu1~hardy1.2_all.deb
Size/MD5: 9322 8a87b3a4fed9f227bb9e2eb0c0cd4829

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.1=
0-0ubuntu1~hardy1.2_amd64.deb
Size/MD5: 26758194 806e9679c84113d44a6fdcb3827e22b6
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
10-0ubuntu1~hardy1.2_amd64.deb
Size/MD5: 1381550 739025e9a5f87b174b1b099b8c1f3e4f
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.1=
0-0ubuntu1~hardy1.2_amd64.deb
Size/MD5: 10654972 04e9b1429bb914d202bfedfc652dab2f

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.1=
0-0ubuntu1~hardy1.2_i386.deb
Size/MD5: 25990732 a09812c65c6e8d93ed21591cee340396
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
10-0ubuntu1~hardy1.2_i386.deb
Size/MD5: 1410600 4f6d363ac598ecf83ab910e920cb08b0
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.1=
0-0ubuntu1~hardy1.2_i386.deb
Size/MD5: 9614618 de2bdf46fa444443af067acdb288d758

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1=
~hardy1.2_lpia.deb
Size/MD5: 25971080 5073531043650dac33a01175fd9ba304
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu=
1~hardy1.2_lpia.deb
Size/MD5: 1375956 fbcbdc659fc44128a4bf37afdc3d466b
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1=
~hardy1.2_lpia.deb
Size/MD5: 9642602 904999dc74b11f078c50b9798be80b41

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1=
~hardy1.2_powerpc.deb
Size/MD5: 27656762 88ea3f12cee10e81fe212f604697ee87
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu=
1~hardy1.2_powerpc.deb
Size/MD5: 1393490 7b6d787cba530e950ac4e783693cbce9
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1=
~hardy1.2_powerpc.deb
Size/MD5: 10453190 a09dadf79f488712a21d49a829e26c79

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1=
~hardy1.2_sparc.deb
Size/MD5: 25026168 a2066fad04e4b92cb4374a10f3ca4912
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu=
1~hardy1.2_sparc.deb
Size/MD5: 1376552 ca7b84a5ea9c36ca36d51b113335ab70
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1=
~hardy1.2_sparc.deb
Size/MD5: 9596082 29426bec2f7943549b046d8aced4172d

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.1.4-0=
ubuntu1~intrepid1.2.diff.gz
Size/MD5: 94086 bca07843a8dbb43504199cf28f5e5e66
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.1.4-0=
ubuntu1~intrepid1.2.dsc
Size/MD5: 2308 42bc5a6639b095c402aa1336159b958a
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.1.4.o=
rig.tar.gz
Size/MD5: 11190299 18264580c1d6d978a3049a13fda36f29
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0u=
buntu6.1.diff.gz
Size/MD5: 720448 8dc9da15189485cac9374322825bccbc
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0u=
buntu6.1.dsc
Size/MD5: 2284 e99a996b350144fdf4bef83e6f339ce5
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.or=
ig.tar.gz
Size/MD5: 18631467 5eeb6f132e386668a0395d4d426d495e

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-data_4.=
1.4-0ubuntu1~intrepid1.2_all.deb
Size/MD5: 3110640 8abefbf8d9f4c168a645761589c2935e
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-doc_4.1=
.4-0ubuntu1~intrepid1.2_all.deb
Size/MD5: 68582 86eda9548527b86c791c29789ed7fe28
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.=
10-0ubuntu6.1_all.deb
Size/MD5: 7321518 162272e6155b3cd9f3ea08c566b80e5b
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.=
10-0ubuntu6.1_all.deb
Size/MD5: 25522224 a0ce548bf6862e68285df52ac391c429
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0u=
buntu6.1_all.deb
Size/MD5: 2270 650ab9bbf7f9748a9344495da23a2c82

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.1.=
4-0ubuntu1~intrepid1.2_amd64.deb
Size/MD5: 395434 02fdee1fed9ff829a045d3785730d2fd
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.1=
.4-0ubuntu1~intrepid1.2_amd64.deb
Size/MD5: 66055728 a8c41d8a9dc4e540a2c7d0c8199799a4
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.1=
.4-0ubuntu1~intrepid1.2_amd64.deb
Size/MD5: 1440484 79881c87f9bd56d377790807842c3dcb
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.1.4-0=
ubuntu1~intrepid1.2_amd64.deb
Size/MD5: 10104606 421e72c07c231a7a68bcbca2c8069062
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.1=
0-0ubuntu6.1_amd64.deb
Size/MD5: 27376386 59c3b6c1110365d63e1da80c363b96da
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
10-0ubuntu6.1_amd64.deb
Size/MD5: 1371456 f25f7f7b7fbc0c99df8ca1f2e734a64c
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.1=
0-0ubuntu6.1_amd64.deb
Size/MD5: 10929852 e55ab2261280a73df4d75b9a0112ec87

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.1.=
4-0ubuntu1~intrepid1.2_i386.deb
Size/MD5: 371576 68138ccb311714315e34a88645c29b33
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.1=
.4-0ubuntu1~intrepid1.2_i386.deb
Size/MD5: 65218012 5fd7fa06fa0d28c98f75c58b3c8130ee
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.1=
.4-0ubuntu1~intrepid1.2_i386.deb
Size/MD5: 1437924 c1df5e2b5b8aa17774b23e651b9a88ee
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.1.4-0=
ubuntu1~intrepid1.2_i386.deb
Size/MD5: 9524338 f0a135714a94aefab44f7380a40e967f
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.1=
0-0ubuntu6.1_i386.deb
Size/MD5: 26665042 cf31490fcc88f793c5ea6175b29b4df3
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
10-0ubuntu6.1_i386.deb
Size/MD5: 1404872 d383c99760eb1c92ab22a52bd6f33d4e
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.1=
0-0ubuntu6.1_i386.deb
Size/MD5: 10144008 7e596d9e1464e5d016f674fb5d73b869

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1=
~intrepid1.2_lpia.deb
Size/MD5: 376410 ffc3b92e989c2a301559ebeea2f03d6e
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu=
1~intrepid1.2_lpia.deb
Size/MD5: 65334318 d54fd6082a0ab4c1d324759379674b3d
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu=
1~intrepid1.2_lpia.deb
Size/MD5: 1440518 01b987ef5588a94e82dbffa4f5afd1a1
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~in=
trepid1.2_lpia.deb
Size/MD5: 9536660 c3369e8abf325a91ab192e1349c3ecb2
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6=
.1_lpia.deb
Size/MD5: 26674802 9de5792962f3c0bb21358f44aa000267
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu=
6.1_lpia.deb
Size/MD5: 1368306 b21739dc8c80f55ce0205efcdd2f2e08
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6=
.1_lpia.deb
Size/MD5: 10141386 ee45606aa19cc8ceaeb73c5d4e6048c5

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1=
~intrepid1.2_powerpc.deb
Size/MD5: 422856 6467cb43fcd16c4d6db7ff5053aaec1b
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu=
1~intrepid1.2_powerpc.deb
Size/MD5: 69277942 6820294b0c9505435fbff224c1a4f4f2
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu=
1~intrepid1.2_powerpc.deb
Size/MD5: 1445424 99b6afac70dead785c3211a9e92516f6
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~in=
trepid1.2_powerpc.deb
Size/MD5: 10239400 be1872cf9859bf46176a2d485584134f
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6=
.1_powerpc.deb
Size/MD5: 28217616 c2360441a42e8b9d8b91120b38d8ba51
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu=
6.1_powerpc.deb
Size/MD5: 1380892 2841eff5fc2a0a50227ca9a8d34c0a3b
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6=
.1_powerpc.deb
Size/MD5: 10748632 f6e7de17cd38ee62c1f082a4fb218949

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1=
~intrepid1.2_sparc.deb
Size/MD5: 381184 1718118e08731a9690a5ce00f0c9f88b
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu=
1~intrepid1.2_sparc.deb
Size/MD5: 64515916 f380c0a0865f4dbaad6b7e2d22d93294
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu=
1~intrepid1.2_sparc.deb
Size/MD5: 1437568 14c1a84e7a518b443b0e851ef41f9ada
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~in=
trepid1.2_sparc.deb
Size/MD5: 9653946 803926ff9f9cc59a2f728d1aef8affbd
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6=
.1_sparc.deb
Size/MD5: 25440578 311423fbaa788d51978e7857010c9242
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu=
6.1_sparc.deb
Size/MD5: 1368492 d4364357c5450b07aca1aa8981d96290
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6=
.1_sparc.deb
Size/MD5: 9800480 4dc89a5d63ce16463a822f16fb82f3d7

Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.2.2-0=
ubuntu5.1.diff.gz
Size/MD5: 102579 71b53faad8570c6ad92c0fc5e6aa4dfb
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.2.2-0=
ubuntu5.1.dsc
Size/MD5: 2305 558c2bdbbdb899c71197683df45fc75d
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.2.2.o=
rig.tar.gz
Size/MD5: 12335659 83d6a0d59e79873bbe0a5a90ef23f27e
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.df=
sg.1-1ubuntu8.1.diff.gz
Size/MD5: 724421 c73109ccdfb1d6c01eda7b6c0b4934a2
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.df=
sg.1-1ubuntu8.1.dsc
Size/MD5: 2342 8ee55c88b43902a23d127d14917511be
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.df=
sg.1.orig.tar.gz
Size/MD5: 18639393 4bcfee29b0f939415791f5032a72e7b0

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-data_4.=
2.2-0ubuntu5.1_all.deb
Size/MD5: 1991468 99747c4c57d32b9d7477ff0c418cbd1b
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.=
10.dfsg.1-1ubuntu8.1_all.deb
Size/MD5: 6751880 d7dfaf8fc4b8e658722a2beaaa3403d6
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.df=
sg.1-1ubuntu8.1_all.deb
Size/MD5: 2272 fcf90c11a73566f41fd0eb5b54c4ee8f

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.2.=
2-0ubuntu5.1_amd64.deb
Size/MD5: 280594 b0ccdd311755d4d73e4ae5c14b749c41
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.2=
.2-0ubuntu5.1_amd64.deb
Size/MD5: 44148058 a7db92bd1bcf982314b0b89c1651a39b
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.2=
.2-0ubuntu5.1_amd64.deb
Size/MD5: 1091210 b5430381f4c37424295eed580303a58c
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.2.2-0=
ubuntu5.1_amd64.deb
Size/MD5: 7069750 e38c9e852339ef6c2134421765ed4eeb
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma-dev_4.=
2.2-0ubuntu5.1_amd64.deb
Size/MD5: 102446 4370939a24e6e0783da79e4781a63b33
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma3_4.2.2=
-0ubuntu5.1_amd64.deb
Size/MD5: 611834 f61383e1830f92ed8ce2331ce4b8a366
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.1=
0.dfsg.1-1ubuntu8.1_amd64.deb
Size/MD5: 27110136 a617a5b148e5e78f3b8523198869c8b0
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
10.dfsg.1-1ubuntu8.1_amd64.deb
Size/MD5: 1360082 d22364103ba04d238e9c6ce6632132c4
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.1=
0.dfsg.1-1ubuntu8.1_amd64.deb
Size/MD5: 10782444 6fea32d8dd41bfae44c2c6392e74928d

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.2.=
2-0ubuntu5.1_i386.deb
Size/MD5: 268936 55d68e9bbd600e288721479d2b90e16e
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.2=
.2-0ubuntu5.1_i386.deb
Size/MD5: 43456236 4fe778549740544eb1304cfba184d899
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.2=
.2-0ubuntu5.1_i386.deb
Size/MD5: 1090396 db9306ddd8d1029b523ef398cb0acfcb
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.2.2-0=
ubuntu5.1_i386.deb
Size/MD5: 6775516 374ea41072ec5221589c5f022f648434
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma-dev_4.=
2.2-0ubuntu5.1_i386.deb
Size/MD5: 126910 e4dbfd8386ea15fb613d7d56c971fd5e
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma3_4.2.2=
-0ubuntu5.1_i386.deb
Size/MD5: 569616 b83e42d5f01e5e64ebb376820855771d
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.1=
0.dfsg.1-1ubuntu8.1_i386.deb
Size/MD5: 26382844 e88d283fb997e17aa96e8d7b0d6ca41e
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
10.dfsg.1-1ubuntu8.1_i386.deb
Size/MD5: 1394762 97bb37a8d0c8d60e278b671e14ee678b
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.1=
0.dfsg.1-1ubuntu8.1_i386.deb
Size/MD5: 10006808 1e023a799c01aa6826ec770afbd68c90

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5=
.1_lpia.deb
Size/MD5: 275124 9779e3644ebfe8d78b7a4e3ffbf911f1
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu=
5.1_lpia.deb
Size/MD5: 43588032 45eed1b291e0bd64bbbbbb3310d0f627
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu=
5.1_lpia.deb
Size/MD5: 1092816 f7f13887c87e7ff27ae68785010e6720
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.1_=
lpia.deb
Size/MD5: 6849342 b864a2c9fa03c050581a3102194adc1b
http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubunt=
u5.1_lpia.deb
Size/MD5: 102444 7fee9a94b561c3fc03eac8de41b9ced5
http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.=
1_lpia.deb
Size/MD5: 599800 9a75c9c7a63848de9c911e45370556e4
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1=
ubuntu8.1_lpia.deb
Size/MD5: 26385234 73d6c254de10b86ee1c4e042ad6af402
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-=
1ubuntu8.1_lpia.deb
Size/MD5: 1356828 d361a888c74d0c508876404cbcad4af5
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1=
ubuntu8.1_lpia.deb
Size/MD5: 10020040 4f9bc1c45c3dd04185de146cb1d1f4fd

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5=
.1_powerpc.deb
Size/MD5: 269632 341b2a4e4e1dc63aa429a525ac5a2cd4
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu=
5.1_powerpc.deb
Size/MD5: 43129040 2288d1735b6c017024e04702626a139d
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu=
5.1_powerpc.deb
Size/MD5: 1089846 b7ce576938df67875e4cd0e61c86f9cd
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.1_=
powerpc.deb
Size/MD5: 6201830 fa9f8330ab5390563e78f2dbdce2e3e5
http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubunt=
u5.1_powerpc.deb
Size/MD5: 102426 1cc244e9262435b1779586108b2388af
http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.=
1_powerpc.deb
Size/MD5: 554306 bc91379d58e2cc610671b092fcacbeb5
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1=
ubuntu8.1_powerpc.deb
Size/MD5: 27928600 45b14e2a27fba6bd686880d8db9df586
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-=
1ubuntu8.1_powerpc.deb
Size/MD5: 1369304 3d402371b107efa1a35551ebf4d5b502
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1=
ubuntu8.1_powerpc.deb
Size/MD5: 10611572 a85ed7be116a175427d9da3ab4d1325f

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5=
.1_sparc.deb
Size/MD5: 249574 e2e1b89231e89f4756c5abf11fc3f336
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu=
5.1_sparc.deb
Size/MD5: 40331324 5505211faa8ff8b08be22e533dd49dff
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu=
5.1_sparc.deb
Size/MD5: 1086200 4f8049b2f341873fd26ecb2b03b1ba21
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.1_=
sparc.deb
Size/MD5: 5941632 a62ca018afa73d9d42feabd7cd12e534
http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubunt=
u5.1_sparc.deb
Size/MD5: 102468 6e6a2473358e87b7866b4844659d5a85
http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.=
1_sparc.deb
Size/MD5: 529504 cc978af233ef52e1211e52ad00199cb0
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1=
ubuntu8.1_sparc.deb
Size/MD5: 25158764 020573ace30e4a179891aec0abe60149
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-=
1ubuntu8.1_sparc.deb
Size/MD5: 1356898 a5c04c3bfce3e79bac6ad5be6b97e212
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1=
ubuntu8.1_sparc.deb
Size/MD5: 9662850 c7a7204aede16a1951ec1af8a26b4d1c




--=-+qjH5I0ly92M5nppxI4g
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkqS41QACgkQLMAs/0C4zNq2cgCgulSXk/EZfIhJu7QnDqPblfji
dkgAn0+yqcVRGAZ8FKFnFJ1mODUTxDAD
=lPja
-----END PGP SIGNATURE-----
"

USN-817-1: Thunderbird vulnerabilitiesPrince in rent deposit lawsuit

RHSA-2009:1236-01 Critical: java-1.5.0-ibm security update  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Critical: java-1.5.0-ibm security update
Advisory ID: RHSA-2009:1236-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1236.html
Issue date: 2009-08-28
CVE Names: CVE-2009-2625 CVE-2009-2670 CVE-2009-2671
CVE-2009-2672 CVE-2009-2673 CVE-2009-2675
=====================================================================

1. Summary:

Updated java-1.5.0-ibm packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64
Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64
RHEL Desktop Supplementary (v. 5 client) - i386, x86_64
RHEL Supplementary (v. 5 server) - i386, ppc, s390x, x86_64

3. Description:

The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and
the IBM Java 2 Software Development Kit.

This update fixes several vulnerabilities in the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit. These
vulnerabilities are summarized on the IBM "Security alerts" page listed in
the References section. (CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,
CVE-2009-2672, CVE-2009-2673, CVE-2009-2675)

All users of java-1.5.0-ibm are advised to upgrade to these updated
packages, containing the IBM 1.5.0 SR10 Java release. All running instances
of IBM Java must be restarted for this update to take effect.

Note: The packages included in this update are identical to the packages
made available by RHEA-2009:1208 and RHEA-2009:1210 on the 13th of
August 2009. These packages are being reissued as a Red Hat Security
Advisory as they fixed a number of security issues that were not made
public until after those errata were released. Since the packages are
identical, there is no need to install this update if RHEA-2009:1208 or
RHEA-2009:1210 has already been installed.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

512896 - CVE-2009-2670 OpenJDK Untrusted applet System properties access (6738524)
512907 - CVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks (6801071)
512914 - CVE-2009-2673 OpenJDK proxy mechanism allows non-authorized socket connections (6801497)
512920 - CVE-2009-2675 Java Web Start Buffer unpack200 processing integer overflow (6830335)
512921 - CVE-2009-2625 OpenJDK XML parsing Denial-Of-Service (6845701)

6. Package List:

Red Hat Enterprise Linux AS version 4 Extras:

i386:
java-1.5.0-ibm-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-javacomm-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-jdbc-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-plugin-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el4.i386.rpm

ppc:
java-1.5.0-ibm-1.5.0.10-1jpp.4.el4.ppc.rpm
java-1.5.0-ibm-1.5.0.10-1jpp.4.el4.ppc64.rpm
java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el4.ppc.rpm
java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el4.ppc64.rpm
java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el4.ppc.rpm
java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el4.ppc64.rpm
java-1.5.0-ibm-javacomm-1.5.0.10-1jpp.4.el4.ppc.rpm
java-1.5.0-ibm-javacomm-1.5.0.10-1jpp.4.el4.ppc64.rpm
java-1.5.0-ibm-jdbc-1.5.0.10-1jpp.4.el4.ppc.rpm
java-1.5.0-ibm-plugin-1.5.0.10-1jpp.4.el4.ppc.rpm
java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el4.ppc.rpm
java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el4.ppc64.rpm

s390:
java-1.5.0-ibm-1.5.0.10-1jpp.4.el4.s390.rpm
java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el4.s390.rpm
java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el4.s390.rpm
java-1.5.0-ibm-jdbc-1.5.0.10-1jpp.4.el4.s390.rpm
java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el4.s390.rpm

s390x:
java-1.5.0-ibm-1.5.0.10-1jpp.4.el4.s390x.rpm
java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el4.s390x.rpm
java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el4.s390x.rpm
java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el4.s390x.rpm

x86_64:
java-1.5.0-ibm-1.5.0.10-1jpp.4.el4.x86_64.rpm
java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el4.x86_64.rpm
java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el4.x86_64.rpm
java-1.5.0-ibm-javacomm-1.5.0.10-1jpp.4.el4.x86_64.rpm
java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el4.x86_64.rpm

Red Hat Desktop version 4 Extras:

i386:
java-1.5.0-ibm-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-javacomm-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-jdbc-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-plugin-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el4.i386.rpm

x86_64:
java-1.5.0-ibm-1.5.0.10-1jpp.4.el4.x86_64.rpm
java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el4.x86_64.rpm
java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el4.x86_64.rpm
java-1.5.0-ibm-javacomm-1.5.0.10-1jpp.4.el4.x86_64.rpm
java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
java-1.5.0-ibm-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-javacomm-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-jdbc-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-plugin-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el4.i386.rpm

x86_64:
java-1.5.0-ibm-1.5.0.10-1jpp.4.el4.x86_64.rpm
java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el4.x86_64.rpm
java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el4.x86_64.rpm
java-1.5.0-ibm-javacomm-1.5.0.10-1jpp.4.el4.x86_64.rpm
java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
java-1.5.0-ibm-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-javacomm-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-jdbc-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-plugin-1.5.0.10-1jpp.4.el4.i386.rpm
java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el4.i386.rpm

x86_64:
java-1.5.0-ibm-1.5.0.10-1jpp.4.el4.x86_64.rpm
java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el4.x86_64.rpm
java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el4.x86_64.rpm
java-1.5.0-ibm-javacomm-1.5.0.10-1jpp.4.el4.x86_64.rpm
java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el4.x86_64.rpm

RHEL Desktop Supplementary (v. 5 client):

i386:
java-1.5.0-ibm-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-accessibility-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-javacomm-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-jdbc-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-plugin-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el5.i386.rpm

x86_64:
java-1.5.0-ibm-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-1.5.0.10-1jpp.4.el5.x86_64.rpm
java-1.5.0-ibm-accessibility-1.5.0.10-1jpp.4.el5.x86_64.rpm
java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el5.x86_64.rpm
java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el5.x86_64.rpm
java-1.5.0-ibm-javacomm-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-javacomm-1.5.0.10-1jpp.4.el5.x86_64.rpm
java-1.5.0-ibm-jdbc-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-plugin-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el5.x86_64.rpm

RHEL Supplementary (v. 5 server):

i386:
java-1.5.0-ibm-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-accessibility-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-javacomm-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-jdbc-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-plugin-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el5.i386.rpm

ppc:
java-1.5.0-ibm-1.5.0.10-1jpp.4.el5.ppc.rpm
java-1.5.0-ibm-1.5.0.10-1jpp.4.el5.ppc64.rpm
java-1.5.0-ibm-accessibility-1.5.0.10-1jpp.4.el5.ppc.rpm
java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el5.ppc.rpm
java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el5.ppc64.rpm
java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el5.ppc.rpm
java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el5.ppc64.rpm
java-1.5.0-ibm-javacomm-1.5.0.10-1jpp.4.el5.ppc.rpm
java-1.5.0-ibm-javacomm-1.5.0.10-1jpp.4.el5.ppc64.rpm
java-1.5.0-ibm-jdbc-1.5.0.10-1jpp.4.el5.ppc.rpm
java-1.5.0-ibm-plugin-1.5.0.10-1jpp.4.el5.ppc.rpm
java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el5.ppc.rpm
java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el5.ppc64.rpm

s390x:
java-1.5.0-ibm-1.5.0.10-1jpp.4.el5.s390.rpm
java-1.5.0-ibm-1.5.0.10-1jpp.4.el5.s390x.rpm
java-1.5.0-ibm-accessibility-1.5.0.10-1jpp.4.el5.s390x.rpm
java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el5.s390.rpm
java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el5.s390x.rpm
java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el5.s390.rpm
java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el5.s390x.rpm
java-1.5.0-ibm-jdbc-1.5.0.10-1jpp.4.el5.s390.rpm
java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el5.s390.rpm
java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el5.s390x.rpm

x86_64:
java-1.5.0-ibm-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-1.5.0.10-1jpp.4.el5.x86_64.rpm
java-1.5.0-ibm-accessibility-1.5.0.10-1jpp.4.el5.x86_64.rpm
java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-demo-1.5.0.10-1jpp.4.el5.x86_64.rpm
java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-devel-1.5.0.10-1jpp.4.el5.x86_64.rpm
java-1.5.0-ibm-javacomm-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-javacomm-1.5.0.10-1jpp.4.el5.x86_64.rpm
java-1.5.0-ibm-jdbc-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-plugin-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el5.i386.rpm
java-1.5.0-ibm-src-1.5.0.10-1jpp.4.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2672
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675
http://www.redhat.com/security/updates/classification/#critical
http://www.ibm.com/developerworks/java/jdk/alerts/

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2009 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFKl6AlXlSAg2UNWIIRAp6HAKCRP0Ua7K1Y+hCzkmHBwsFcM6m2EQCdH8gE
GBNVEmiZ+t+r0t9GEUvCXF4=
=m1Qu
-----END PGP SIGNATURE-----
"

RHSA-2009:1218-01 Critical: pidgin security update

RHSA-2009:1233-01 Important: kernel security update  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel security update
Advisory ID: RHSA-2009:1233-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1233.html
Issue date: 2009-08-27
CVE Names: CVE-2009-2692 CVE-2009-2698
=====================================================================

1. Summary:

Updated kernel packages that fix two security issues are now available for
Red Hat Enterprise Linux 3.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

These updated packages fix the following security issues:

* a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This
macro did not initialize the sendpage operation in the proto_ops structure
correctly. A local, unprivileged user could use this flaw to cause a local
denial of service or escalate their privileges. (CVE-2009-2692, Important)

* a flaw was found in the udp_sendmsg() implementation in the Linux kernel
when using the MSG_MORE flag on UDP sockets. A local, unprivileged user
could use this flaw to cause a local denial of service or escalate their
privileges. (CVE-2009-2698, Important)

Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google
Security Team for responsibly reporting these flaws.

All Red Hat Enterprise Linux 3 users should upgrade to these updated
packages, which contain backported patches to resolve these issues. The
system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

516949 - CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc
518034 - CVE-2009-2698 kernel: udp socket NULL ptr dereference

6. Package List:

Red Hat Enterprise Linux AS version 3:

Source:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-60.EL.src.rpm

i386:
kernel-2.4.21-60.EL.athlon.rpm
kernel-2.4.21-60.EL.i686.rpm
kernel-BOOT-2.4.21-60.EL.i386.rpm
kernel-debuginfo-2.4.21-60.EL.athlon.rpm
kernel-debuginfo-2.4.21-60.EL.i386.rpm
kernel-debuginfo-2.4.21-60.EL.i686.rpm
kernel-doc-2.4.21-60.EL.i386.rpm
kernel-hugemem-2.4.21-60.EL.i686.rpm
kernel-hugemem-unsupported-2.4.21-60.EL.i686.rpm
kernel-smp-2.4.21-60.EL.athlon.rpm
kernel-smp-2.4.21-60.EL.i686.rpm
kernel-smp-unsupported-2.4.21-60.EL.athlon.rpm
kernel-smp-unsupported-2.4.21-60.EL.i686.rpm
kernel-source-2.4.21-60.EL.i386.rpm
kernel-unsupported-2.4.21-60.EL.athlon.rpm
kernel-unsupported-2.4.21-60.EL.i686.rpm

ia64:
kernel-2.4.21-60.EL.ia64.rpm
kernel-debuginfo-2.4.21-60.EL.ia64.rpm
kernel-doc-2.4.21-60.EL.ia64.rpm
kernel-source-2.4.21-60.EL.ia64.rpm
kernel-unsupported-2.4.21-60.EL.ia64.rpm

ppc:
kernel-2.4.21-60.EL.ppc64iseries.rpm
kernel-2.4.21-60.EL.ppc64pseries.rpm
kernel-debuginfo-2.4.21-60.EL.ppc64.rpm
kernel-debuginfo-2.4.21-60.EL.ppc64iseries.rpm
kernel-debuginfo-2.4.21-60.EL.ppc64pseries.rpm
kernel-doc-2.4.21-60.EL.ppc64.rpm
kernel-source-2.4.21-60.EL.ppc64.rpm
kernel-unsupported-2.4.21-60.EL.ppc64iseries.rpm
kernel-unsupported-2.4.21-60.EL.ppc64pseries.rpm

s390:
kernel-2.4.21-60.EL.s390.rpm
kernel-debuginfo-2.4.21-60.EL.s390.rpm
kernel-doc-2.4.21-60.EL.s390.rpm
kernel-source-2.4.21-60.EL.s390.rpm
kernel-unsupported-2.4.21-60.EL.s390.rpm

s390x:
kernel-2.4.21-60.EL.s390x.rpm
kernel-debuginfo-2.4.21-60.EL.s390x.rpm
kernel-doc-2.4.21-60.EL.s390x.rpm
kernel-source-2.4.21-60.EL.s390x.rpm
kernel-unsupported-2.4.21-60.EL.s390x.rpm

x86_64:
kernel-2.4.21-60.EL.ia32e.rpm
kernel-2.4.21-60.EL.x86_64.rpm
kernel-debuginfo-2.4.21-60.EL.ia32e.rpm
kernel-debuginfo-2.4.21-60.EL.x86_64.rpm
kernel-doc-2.4.21-60.EL.x86_64.rpm
kernel-smp-2.4.21-60.EL.x86_64.rpm
kernel-smp-unsupported-2.4.21-60.EL.x86_64.rpm
kernel-source-2.4.21-60.EL.x86_64.rpm
kernel-unsupported-2.4.21-60.EL.ia32e.rpm
kernel-unsupported-2.4.21-60.EL.x86_64.rpm

Red Hat Desktop version 3:

Source:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-60.EL.src.rpm

i386:
kernel-2.4.21-60.EL.athlon.rpm
kernel-2.4.21-60.EL.i686.rpm
kernel-BOOT-2.4.21-60.EL.i386.rpm
kernel-debuginfo-2.4.21-60.EL.athlon.rpm
kernel-debuginfo-2.4.21-60.EL.i386.rpm
kernel-debuginfo-2.4.21-60.EL.i686.rpm
kernel-doc-2.4.21-60.EL.i386.rpm
kernel-hugemem-2.4.21-60.EL.i686.rpm
kernel-hugemem-unsupported-2.4.21-60.EL.i686.rpm
kernel-smp-2.4.21-60.EL.athlon.rpm
kernel-smp-2.4.21-60.EL.i686.rpm
kernel-smp-unsupported-2.4.21-60.EL.athlon.rpm
kernel-smp-unsupported-2.4.21-60.EL.i686.rpm
kernel-source-2.4.21-60.EL.i386.rpm
kernel-unsupported-2.4.21-60.EL.athlon.rpm
kernel-unsupported-2.4.21-60.EL.i686.rpm

x86_64:
kernel-2.4.21-60.EL.ia32e.rpm
kernel-2.4.21-60.EL.x86_64.rpm
kernel-debuginfo-2.4.21-60.EL.ia32e.rpm
kernel-debuginfo-2.4.21-60.EL.x86_64.rpm
kernel-doc-2.4.21-60.EL.x86_64.rpm
kernel-smp-2.4.21-60.EL.x86_64.rpm
kernel-smp-unsupported-2.4.21-60.EL.x86_64.rpm
kernel-source-2.4.21-60.EL.x86_64.rpm
kernel-unsupported-2.4.21-60.EL.ia32e.rpm
kernel-unsupported-2.4.21-60.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

Source:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-60.EL.src.rpm

i386:
kernel-2.4.21-60.EL.athlon.rpm
kernel-2.4.21-60.EL.i686.rpm
kernel-BOOT-2.4.21-60.EL.i386.rpm
kernel-debuginfo-2.4.21-60.EL.athlon.rpm
kernel-debuginfo-2.4.21-60.EL.i386.rpm
kernel-debuginfo-2.4.21-60.EL.i686.rpm
kernel-doc-2.4.21-60.EL.i386.rpm
kernel-hugemem-2.4.21-60.EL.i686.rpm
kernel-hugemem-unsupported-2.4.21-60.EL.i686.rpm
kernel-smp-2.4.21-60.EL.athlon.rpm
kernel-smp-2.4.21-60.EL.i686.rpm
kernel-smp-unsupported-2.4.21-60.EL.athlon.rpm
kernel-smp-unsupported-2.4.21-60.EL.i686.rpm
kernel-source-2.4.21-60.EL.i386.rpm
kernel-unsupported-2.4.21-60.EL.athlon.rpm
kernel-unsupported-2.4.21-60.EL.i686.rpm

ia64:
kernel-2.4.21-60.EL.ia64.rpm
kernel-debuginfo-2.4.21-60.EL.ia64.rpm
kernel-doc-2.4.21-60.EL.ia64.rpm
kernel-source-2.4.21-60.EL.ia64.rpm
kernel-unsupported-2.4.21-60.EL.ia64.rpm

x86_64:
kernel-2.4.21-60.EL.ia32e.rpm
kernel-2.4.21-60.EL.x86_64.rpm
kernel-debuginfo-2.4.21-60.EL.ia32e.rpm
kernel-debuginfo-2.4.21-60.EL.x86_64.rpm
kernel-doc-2.4.21-60.EL.x86_64.rpm
kernel-smp-2.4.21-60.EL.x86_64.rpm
kernel-smp-unsupported-2.4.21-60.EL.x86_64.rpm
kernel-source-2.4.21-60.EL.x86_64.rpm
kernel-unsupported-2.4.21-60.EL.ia32e.rpm
kernel-unsupported-2.4.21-60.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

Source:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-60.EL.src.rpm

i386:
kernel-2.4.21-60.EL.athlon.rpm
kernel-2.4.21-60.EL.i686.rpm
kernel-BOOT-2.4.21-60.EL.i386.rpm
kernel-debuginfo-2.4.21-60.EL.athlon.rpm
kernel-debuginfo-2.4.21-60.EL.i386.rpm
kernel-debuginfo-2.4.21-60.EL.i686.rpm
kernel-doc-2.4.21-60.EL.i386.rpm
kernel-hugemem-2.4.21-60.EL.i686.rpm
kernel-hugemem-unsupported-2.4.21-60.EL.i686.rpm
kernel-smp-2.4.21-60.EL.athlon.rpm
kernel-smp-2.4.21-60.EL.i686.rpm
kernel-smp-unsupported-2.4.21-60.EL.athlon.rpm
kernel-smp-unsupported-2.4.21-60.EL.i686.rpm
kernel-source-2.4.21-60.EL.i386.rpm
kernel-unsupported-2.4.21-60.EL.athlon.rpm
kernel-unsupported-2.4.21-60.EL.i686.rpm

ia64:
kernel-2.4.21-60.EL.ia64.rpm
kernel-debuginfo-2.4.21-60.EL.ia64.rpm
kernel-doc-2.4.21-60.EL.ia64.rpm
kernel-source-2.4.21-60.EL.ia64.rpm
kernel-unsupported-2.4.21-60.EL.ia64.rpm

x86_64:
kernel-2.4.21-60.EL.ia32e.rpm
kernel-2.4.21-60.EL.x86_64.rpm
kernel-debuginfo-2.4.21-60.EL.ia32e.rpm
kernel-debuginfo-2.4.21-60.EL.x86_64.rpm
kernel-doc-2.4.21-60.EL.x86_64.rpm
kernel-smp-2.4.21-60.EL.x86_64.rpm
kernel-smp-unsupported-2.4.21-60.EL.x86_64.rpm
kernel-source-2.4.21-60.EL.x86_64.rpm
kernel-unsupported-2.4.21-60.EL.ia32e.rpm
kernel-unsupported-2.4.21-60.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2009 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFKluZjXlSAg2UNWIIRAlfDAJ9/g4uxFYk4vJR9tuvtCqvvY3d+5gCgib0S
wLyJpwtkPrB7ZLrrNq8WUtI=
=4s0T
-----END PGP SIGNATURE-----
"

RHSA-2009:1223-02 Important: kernel security updateJackson’s family worried about bodysnatchers

USN-825-1: libvorbis vulnerability  

Posted by Daniela Mehler

"Ubuntu Security Notice USN-825-1 August 24, 2009
libvorbis vulnerability
CVE-2008-1420, CVE-2009-2663
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
libvorbis0a 1.2.0.dfsg-2ubuntu0.2

Ubuntu 8.10:
libvorbis0a 1.2.0.dfsg-3.1ubuntu0.8.10.1

Ubuntu 9.04:
libvorbis0a 1.2.0.dfsg-3.1ubuntu0.9.04.1

After a standard system upgrade you need to restart any applications that
use libvorbis, such as Totem and gtkpod, to effect the necessary changes.

Details follow:

It was discovered that libvorbis did not correctly handle certain malformed
ogg files. If a user were tricked into opening a specially crafted ogg file
with an application that uses libvorbis, an attacker could execute
arbitrary code with the user's privileges. (CVE-2009-2663)

USN-682-1 provided updated libvorbis packages to fix multiple security
vulnerabilities. The upstream security patch to fix CVE-2008-1420
introduced a regression when reading sound files encoded with libvorbis
1.0beta1. This update corrects the problem.

Original advisory details:

It was discovered that libvorbis did not correctly handle certain
malformed sound files. If a user were tricked into opening a specially
crafted sound file with an application that uses libvorbis, an attacker
could execute arbitrary code with the user's privileges. (CVE-2008-1420)


Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.=
2.0.dfsg-2ubuntu0.2.diff.gz
Size/MD5: 7638 5ef4a460b5fd50930d7fff2a3ae16525
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.=
2.0.dfsg-2ubuntu0.2.dsc
Size/MD5: 936 d8ad7ba3c0193a2f3316bdc5fd1d5e3a
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.=
2.0.dfsg.orig.tar.gz
Size/MD5: 1477935 3c7fff70c0989ab3c1c85366bf670818

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-de=
v_1.2.0.dfsg-2ubuntu0.2_amd64.deb
Size/MD5: 475166 de6d259598243961b3c5182c94100f1b
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_=
1.2.0.dfsg-2ubuntu0.2_amd64.deb
Size/MD5: 103952 88f017ca397bc19027405bc68a5289ce
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc=
2_1.2.0.dfsg-2ubuntu0.2_amd64.deb
Size/MD5: 94498 76e594149cea4b564987e11dbafec73a
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfil=
e3_1.2.0.dfsg-2ubuntu0.2_amd64.deb
Size/MD5: 19140 538a4089efae6cdfc04566fc58b42891

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-de=
v_1.2.0.dfsg-2ubuntu0.2_i386.deb
Size/MD5: 455682 de7271e005d596055ae7fa9b1b4bc62b
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_=
1.2.0.dfsg-2ubuntu0.2_i386.deb
Size/MD5: 98852 bd8fa74c395c206003e6e91aadf6deeb
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc=
2_1.2.0.dfsg-2ubuntu0.2_i386.deb
Size/MD5: 76234 8504521d4e73b31a0a6c609ab774e8ce
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfil=
e3_1.2.0.dfsg-2ubuntu0.2_i386.deb
Size/MD5: 19986 98e7e407c4b79bd621fa30d2b84f9b2c

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.df=
sg-2ubuntu0.2_lpia.deb
Size/MD5: 457660 14ed971b555ea3670d5dd42f611620ce
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg=
-2ubuntu0.2_lpia.deb
Size/MD5: 99468 07e87d8d7af71050d53166ced47504fe
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.df=
sg-2ubuntu0.2_lpia.deb
Size/MD5: 76374 6c8d29103543fb88fd1a062f1bfe5b0d
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.d=
fsg-2ubuntu0.2_lpia.deb
Size/MD5: 19988 34bea1bc33491a9f6fc23cfbbe2e6fdd

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.df=
sg-2ubuntu0.2_powerpc.deb
Size/MD5: 484518 642acb42cf899742df77c023f611a5c3
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg=
-2ubuntu0.2_powerpc.deb
Size/MD5: 108862 1b97fcc0cf8d5d761f4527ceec4ae6c5
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.df=
sg-2ubuntu0.2_powerpc.deb
Size/MD5: 83746 b063ec251329025e942c2957c7bec973
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.d=
fsg-2ubuntu0.2_powerpc.deb
Size/MD5: 23846 9ea8d0f1d7e2feda361483667ee8c98b

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.df=
sg-2ubuntu0.2_sparc.deb
Size/MD5: 462056 23faf950e87cdc4ca8afbb7e0ebf8efb
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg=
-2ubuntu0.2_sparc.deb
Size/MD5: 99760 70afdb67c094d2f0335d6b0fc8613e39
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.df=
sg-2ubuntu0.2_sparc.deb
Size/MD5: 80730 e90392526ecb5627c47d0a0d7b0712c5
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.d=
fsg-2ubuntu0.2_sparc.deb
Size/MD5: 19260 3cb72f75781984eb6d348f09e4892dea

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.=
2.0.dfsg-3.1ubuntu0.8.10.1.diff.gz
Size/MD5: 8801 f3917fc3cf6a8e35febf6b334cda2cdf
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.=
2.0.dfsg-3.1ubuntu0.8.10.1.dsc
Size/MD5: 1388 4ba46a758620e3fe5d938cfe97ed038f
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.=
2.0.dfsg.orig.tar.gz
Size/MD5: 1477935 3c7fff70c0989ab3c1c85366bf670818

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-de=
v_1.2.0.dfsg-3.1ubuntu0.8.10.1_amd64.deb
Size/MD5: 479182 1eeb2b5e550c6f815c33324df5554f76
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_=
1.2.0.dfsg-3.1ubuntu0.8.10.1_amd64.deb
Size/MD5: 108578 e960e8b794da2927d930f1cf4334ec23
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc=
2_1.2.0.dfsg-3.1ubuntu0.8.10.1_amd64.deb
Size/MD5: 95710 84bbe4ccb1f4b302c0710c2c86f5b89a
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfil=
e3_1.2.0.dfsg-3.1ubuntu0.8.10.1_amd64.deb
Size/MD5: 20338 34698dc57acb94faa3464a9f0b5d2c50

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-de=
v_1.2.0.dfsg-3.1ubuntu0.8.10.1_i386.deb
Size/MD5: 459476 9281d6ab6f50761dff11d81a8579a884
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_=
1.2.0.dfsg-3.1ubuntu0.8.10.1_i386.deb
Size/MD5: 101988 77988363a0bf4a683b941cae203e6e5e
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc=
2_1.2.0.dfsg-3.1ubuntu0.8.10.1_i386.deb
Size/MD5: 77430 430623540170ef59f74808456daecd5f
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfil=
e3_1.2.0.dfsg-3.1ubuntu0.8.10.1_i386.deb
Size/MD5: 21394 f46e5ee13b6c7c8adebad46f274caa43

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.df=
sg-3.1ubuntu0.8.10.1_lpia.deb
Size/MD5: 461190 ef1e6948c399b4b4d34b4993ca1a0fd8
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg=
-3.1ubuntu0.8.10.1_lpia.deb
Size/MD5: 102700 685a266d67332245778e49e208ab60eb
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.df=
sg-3.1ubuntu0.8.10.1_lpia.deb
Size/MD5: 77588 266965c986c24dc8acbf9f0ecee6121e
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.d=
fsg-3.1ubuntu0.8.10.1_lpia.deb
Size/MD5: 21222 4df718e05f80a23ebb5accc4a627933f

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.df=
sg-3.1ubuntu0.8.10.1_powerpc.deb
Size/MD5: 490558 ffe86da6864c8d83c7f7b5931c9ef0e4
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg=
-3.1ubuntu0.8.10.1_powerpc.deb
Size/MD5: 114702 b8e2d3ab8557085c3c834ae57ca68490
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.df=
sg-3.1ubuntu0.8.10.1_powerpc.deb
Size/MD5: 85080 d1d00cca1f654d523fa6a6f054a89df8
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.d=
fsg-3.1ubuntu0.8.10.1_powerpc.deb
Size/MD5: 25152 ea2c19f249936b64a5110b2330394533

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.df=
sg-3.1ubuntu0.8.10.1_sparc.deb
Size/MD5: 465326 78eaf19b4bb88f020a41699894f1d502
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg=
-3.1ubuntu0.8.10.1_sparc.deb
Size/MD5: 104264 4a602b8bebfb44f3cfa7add1187af42a
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.df=
sg-3.1ubuntu0.8.10.1_sparc.deb
Size/MD5: 82016 4ed85df7024e4b2d9826a8191b3cf112
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.d=
fsg-3.1ubuntu0.8.10.1_sparc.deb
Size/MD5: 20786 d7b24c2778ce94510823f86fd94d1e04

Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.=
2.0.dfsg-3.1ubuntu0.9.04.1.diff.gz
Size/MD5: 8809 9a4601ba8d5ef852360032dc4f28135b
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.=
2.0.dfsg-3.1ubuntu0.9.04.1.dsc
Size/MD5: 1388 7bf6c7ee35a1ca2b0d4b25e8188585b5
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis_1.=
2.0.dfsg.orig.tar.gz
Size/MD5: 1477935 3c7fff70c0989ab3c1c85366bf670818

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-de=
v_1.2.0.dfsg-3.1ubuntu0.9.04.1_amd64.deb
Size/MD5: 479242 f585f7e7ae50de3569efc48dfed2dd55
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_=
1.2.0.dfsg-3.1ubuntu0.9.04.1_amd64.deb
Size/MD5: 108562 3ba8aada28f378b9776e0c8305e271fc
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc=
2_1.2.0.dfsg-3.1ubuntu0.9.04.1_amd64.deb
Size/MD5: 95702 68add631494d9a565d58a8b22a5f9bf0
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfil=
e3_1.2.0.dfsg-3.1ubuntu0.9.04.1_amd64.deb
Size/MD5: 20328 da6cc0a70f79cfa253445d563ee5c250

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis-de=
v_1.2.0.dfsg-3.1ubuntu0.9.04.1_i386.deb
Size/MD5: 459624 8e285a17020f6b93dc375af4f8284920
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbis0a_=
1.2.0.dfsg-3.1ubuntu0.9.04.1_i386.deb
Size/MD5: 102166 6148fa7ea86461915751f0dba2ef00c6
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisenc=
2_1.2.0.dfsg-3.1ubuntu0.9.04.1_i386.deb
Size/MD5: 77442 505253f72260e8f365ce68d947acab36
http://security.ubuntu.com/ubuntu/pool/main/libv/libvorbis/libvorbisfil=
e3_1.2.0.dfsg-3.1ubuntu0.9.04.1_i386.deb
Size/MD5: 21392 fee6650bfc4b4463a5a71e3dd12528bf

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.df=
sg-3.1ubuntu0.9.04.1_lpia.deb
Size/MD5: 461294 24968b96a1ddafaef908011c82a6b9ee
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg=
-3.1ubuntu0.9.04.1_lpia.deb
Size/MD5: 102760 30ee010aefe3420151f6ace2e4a92b2b
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.df=
sg-3.1ubuntu0.9.04.1_lpia.deb
Size/MD5: 77590 b6c9b556dfb4eae270f45fd1e9670700
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.d=
fsg-3.1ubuntu0.9.04.1_lpia.deb
Size/MD5: 21216 791d88d0551b48a2f6af17612c4e096e

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.df=
sg-3.1ubuntu0.9.04.1_powerpc.deb
Size/MD5: 490584 dc808a4fd3fdabfb9a76a10ec23f6529
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg=
-3.1ubuntu0.9.04.1_powerpc.deb
Size/MD5: 114712 cdfdd11b2c932cb2a017c27d1001fbc1
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.df=
sg-3.1ubuntu0.9.04.1_powerpc.deb
Size/MD5: 85096 6cb5a1202e3db005ce69d7f2e0f8813c
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.d=
fsg-3.1ubuntu0.9.04.1_powerpc.deb
Size/MD5: 25156 9ddf20413d09f546d061b3a0b093ad1e

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis-dev_1.2.0.df=
sg-3.1ubuntu0.9.04.1_sparc.deb
Size/MD5: 465382 4de8bfe56cdcbf0490c2a69de7bca0e9
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg=
-3.1ubuntu0.9.04.1_sparc.deb
Size/MD5: 104286 6a238cd48456d2bd4b1b6dad87a0b506
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisenc2_1.2.0.df=
sg-3.1ubuntu0.9.04.1_sparc.deb
Size/MD5: 81958 ce25c1cc928142e84a20c8f37caecf52
http://ports.ubuntu.com/pool/main/libv/libvorbis/libvorbisfile3_1.2.0.d=
fsg-3.1ubuntu0.9.04.1_sparc.deb
Size/MD5: 20758 976ef82da1d5cb2de170dc5dcf4532b9




--=-RLE2PbdtdgD8VavUj9pe
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkqS47cACgkQLMAs/0C4zNqPoACdE2K34irSWbkFAXfgtL4Hs/8s
8MgAoJDn2t7bmNAeJ2l8liPKbDZpD/h7
=KP3p
-----END PGP SIGNATURE-----
"

USN-816-1: fetchmail vulnerabilityPrince in rent deposit lawsuit

DSA 1874-1: New nss packages fix several vulnerabilities  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1874-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 26, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : nss
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2009-2404 CVE-2009-2408 CVE-2009-2409

Several vulnerabilities have been discovered in the Network Security
Service libraries. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2009-2404

Moxie Marlinspike discovered that a buffer overflow in the regular
expression parser could lead to the execution of arbitrary code.

CVE-2009-2408

Dan Kaminsky discovered that NULL characters in certificate
names could lead to man-in-the-middle attacks by tricking the user
into accepting a rogue certificate.

CVE-2009-2409

Certificates with MD2 hash signatures are no longer accepted
since they're no longer considered cryptograhically secure.


The old stable distribution (etch) doesn't contain nss.

For the stable distribution (lenny), these problems have been fixed in
version 3.12.3.1-0lenny1.

For the unstable distribution (sid), these problems have been fixed in
version 3.12.3.1-1.

We recommend that you upgrade your nss packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1-0lenny1.dsc
Size/MD5 checksum: 1401 1dbc1107598064214fa689733495c56c
http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1.orig.tar.gz
Size/MD5 checksum: 5320607 750839c9c018a0984fd94f7a9cc3dd7f
http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1-0lenny1.diff.gz
Size/MD5 checksum: 52489 96f62370296f7d18a9748429ac99525f

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_alpha.deb
Size/MD5 checksum: 3048842 6b764e28ae56542572a4275e50c4d303
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_alpha.deb
Size/MD5 checksum: 267250 b00f4c63a8d27a54fb562029411daf0e
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_alpha.deb
Size/MD5 checksum: 1204106 c8ba098d6cc0af39ab93cd728ca7bb19
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_alpha.deb
Size/MD5 checksum: 342544 2191bbcd5708f719392c8489bde7a0c6

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_amd64.deb
Size/MD5 checksum: 256944 7a31770b748ff56ba45ac55044960b6d
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_amd64.deb
Size/MD5 checksum: 1069628 eea22c2ccef5375689fe581de8152a61
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_amd64.deb
Size/MD5 checksum: 321374 1b86ac1f27fee3287f1418973595a4e9
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_amd64.deb
Size/MD5 checksum: 3099080 f4112f9f06d87e6139097a27e1419664

arm architecture (ARM)

http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_arm.deb
Size/MD5 checksum: 2900162 21604ffa61b7f5049f0f919030fec0f0
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_arm.deb
Size/MD5 checksum: 1011344 78bc0d853274ca2fc9f36752ed9f9c51
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_arm.deb
Size/MD5 checksum: 308766 e7547e80f6726b91611f9b92d83aa6b3
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_arm.deb
Size/MD5 checksum: 254374 ead00e7f25c47cc4b8b1ed99801c4ab9

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_armel.deb
Size/MD5 checksum: 257820 a17086cca6fdaf26e5a6b3fb84ae476d
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_armel.deb
Size/MD5 checksum: 308198 f24e01f4b2396193a314a965555374e8
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_armel.deb
Size/MD5 checksum: 1017054 d1086599e6a1904548804d538f90c810
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_armel.deb
Size/MD5 checksum: 2923084 b5e1d56b749941124c8b91f063d44c19

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_hppa.deb
Size/MD5 checksum: 263122 b611c51dae677b42befac5f2e638d941
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_hppa.deb
Size/MD5 checksum: 347148 c725c156c6cd17d09421e066548c673d
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_hppa.deb
Size/MD5 checksum: 1169014 d5858e4c11ca0b88f59c24af1a251eea
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_hppa.deb
Size/MD5 checksum: 2948790 92a46a3cd9b2db3c7f0d07d817a03ba4

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_i386.deb
Size/MD5 checksum: 957706 21a666157a0a208d8405df062b3276d2
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_i386.deb
Size/MD5 checksum: 304016 9771905fcb4acd6855158c8645722762
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_i386.deb
Size/MD5 checksum: 2913468 89b7116120a075a7795615d062bd7450
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_i386.deb
Size/MD5 checksum: 254478 7747ea82c2d9e93c6a610d60094fb316

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_ia64.deb
Size/MD5 checksum: 267008 94a0fe98c183a728df7e64826f8b2c46
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_ia64.deb
Size/MD5 checksum: 410780 a834a4f57ddc003570c6eaaafbc87032
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_ia64.deb
Size/MD5 checksum: 2797788 1a1f375f7713f69acdf01e77f779b28b
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_ia64.deb
Size/MD5 checksum: 1489492 a468da7ac4219e564793d06978a6be07

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_mips.deb
Size/MD5 checksum: 257808 fc1a4db95e71876cf0ffbe0b49327148
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_mips.deb
Size/MD5 checksum: 3049346 fc35475e7157e1859c154556ecb648b3
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_mips.deb
Size/MD5 checksum: 318740 fbafbce5a6d9498d8cd1fe1d8f1eaebc
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_mips.deb
Size/MD5 checksum: 1038702 0723e7d8621b7d65517cc3945a9790be

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_mipsel.deb
Size/MD5 checksum: 1028286 81e4bcd025b2ee3996de08b9fdb0b23a
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_mipsel.deb
Size/MD5 checksum: 317082 8b16e198a97ffb60df698767fef8cc35
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_mipsel.deb
Size/MD5 checksum: 2999704 d1f9bf1211ec7aa9458dcdd673a4a709
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_mipsel.deb
Size/MD5 checksum: 257740 82ed6773d6e942a70f1274e4a241bdd9

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_powerpc.deb
Size/MD5 checksum: 255174 6abcf8f6d427c29f704ca156dc201113
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_powerpc.deb
Size/MD5 checksum: 1029684 997fec6bb01c10e9e3c6aa15f0f78386
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_powerpc.deb
Size/MD5 checksum: 334590 1c8056037d5bccdad7977b49d3910065
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_powerpc.deb
Size/MD5 checksum: 2946754 1739d7e55a79d8e85dc5e668180846ae

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_s390.deb
Size/MD5 checksum: 1178522 0e72b044e78bca218a8d55c20c16e8d5
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_s390.deb
Size/MD5 checksum: 3020690 7115f25dbf7c31c55e768d48a29c8b46
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_s390.deb
Size/MD5 checksum: 258572 f8bf00777c295c76b0071a1354b011fa
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_s390.deb
Size/MD5 checksum: 346234 accf6855c0b8ea6d087bf062b2ac1d7b

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_sparc.deb
Size/MD5 checksum: 317482 f2f321d58890c1edb386ebc224ac052e
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_sparc.deb
Size/MD5 checksum: 996192 cf17776aa8674a8c7e71527b6534b0e2
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_sparc.deb
Size/MD5 checksum: 257464 2452b9eef9a3c0b786d4dc4afc2d16ae
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_sparc.deb
Size/MD5 checksum: 2712012 910e98017dabb5adcc109f05f94b1a56


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqVhkcACgkQXm3vHE4uylpTzACgw3nQF03hRSfcEOdoLuFPoEB6
3qsAoLX3vrb6zwD2aC/NYwDAg6X3mTgf
=u47A
-----END PGP SIGNATURE-----
"

DSA 1867-1: New kdelibs packages fix several vulnerabilitiesPrince in rent deposit lawsuit

DSA 1873-1: New xulrunner packages fix spoofing vulnerabilities  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1873-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 26, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : xulrunner
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-2654

Juan Pablo Lopez Yacubian discovered that incorrect handling of invalid
URLs could be used for spoofing the location bar and the SSL certificate
status of a web page.

Xulrunner is no longer supported for the old stable distribution (etch).

For the stable distribution (lenny), this problem has been fixed in
version 1.9.0.13-0lenny1.

For the unstable distribution (sid), this problem has been fixed in
version 1.9.0.13-1.

We recommend that you upgrade your xulrunner packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.13-0lenny1.dsc
Size/MD5 checksum: 1784 3cb69f62da64dd1811ba2390cda7ad70
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.13.orig.tar.gz
Size/MD5 checksum: 44087336 54f6301790198d83d9781a8d107d903f
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.13-0lenny1.diff.gz
Size/MD5 checksum: 116763 193df5562df81a7d2cc54624fd2a0f51

Architecture independent packages:

http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.13-0lenny1_all.deb
Size/MD5 checksum: 1463692 3b7d737dad1999992c031048c503b67f

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_alpha.deb
Size/MD5 checksum: 3650174 f2d621d2e631411a1893b76416f35698
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_alpha.deb
Size/MD5 checksum: 163726 4cb583d327edcd3edc684fa0426caab1
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_alpha.deb
Size/MD5 checksum: 51076842 1350fb7090a2690e36b8709f653b561b
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_alpha.deb
Size/MD5 checksum: 111814 4bb1d9a1370d0622e866ff6210f18066
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_alpha.deb
Size/MD5 checksum: 9490426 215edc3094a23db0c6adabd50884a3a0
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_alpha.deb
Size/MD5 checksum: 936830 ff33f0f1af57ae59db2aaa6598985adf
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_alpha.deb
Size/MD5 checksum: 221362 1d2d8cbb54b693fde85dd515b55d9922
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_alpha.deb
Size/MD5 checksum: 431216 d2ddb135a2c4a8cc03c1be10f6ca82f8
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_alpha.deb
Size/MD5 checksum: 71488 368acbceaa33290726ee9f91b1f389f8

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_amd64.deb
Size/MD5 checksum: 151740 9106bb0c5d9e8625604f613f5194ae1a
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_amd64.deb
Size/MD5 checksum: 373904 0bc676e23d286be9271b3fd364a9c836
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_amd64.deb
Size/MD5 checksum: 101310 221078690fc300a9fcf87a26bd4800bb
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_amd64.deb
Size/MD5 checksum: 3286694 f72eb5cd02d92766474a20579aa74a8b
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_amd64.deb
Size/MD5 checksum: 7717078 a49f4154a3e5e4a6522ca7ea58d0cf79
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_amd64.deb
Size/MD5 checksum: 69392 3730969373079331b269890cb104629e
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_amd64.deb
Size/MD5 checksum: 222702 c98d1bbf8f80c512a7eea7f94eaf8952
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_amd64.deb
Size/MD5 checksum: 889904 a7c23d16ff8d30bc16767f6af21c23e3
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_amd64.deb
Size/MD5 checksum: 50310800 c8555989c076088e089e838de0c358f0

arm architecture (ARM)

http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_arm.deb
Size/MD5 checksum: 67760 647d54e6c11674dac17de983be62ba50
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_arm.deb
Size/MD5 checksum: 221772 ab8d0eea1b0bf9b6c200803b4192f629
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_arm.deb
Size/MD5 checksum: 83654 fc7e855940039a4fff5eb80c625beebe
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_arm.deb
Size/MD5 checksum: 350400 534ba7ef0348ff992af810ffeb1f76d8
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_arm.deb
Size/MD5 checksum: 140512 690f123b67cbe0e7e274d747797e352e
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_arm.deb
Size/MD5 checksum: 6787090 aba34ff0035b27bb484ff0836704fc7f
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_arm.deb
Size/MD5 checksum: 815226 1a9276433c4f7e874361fbe5da86f729
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_arm.deb
Size/MD5 checksum: 49271924 62555f78d84da2a81b92464eab212c84
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_arm.deb
Size/MD5 checksum: 3579964 0de1b683c71a22bed53ac594622c0468

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_armel.deb
Size/MD5 checksum: 223226 ae31e5e725a09f487b0476485fb705f9
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_armel.deb
Size/MD5 checksum: 823178 93fa22f50efadbca49e10a4486f7a6c9
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_armel.deb
Size/MD5 checksum: 3569696 47bfedd77b1ccbece88d409689446e18
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_armel.deb
Size/MD5 checksum: 84234 cffb345d34eb558d3f5f146271f9b6ce
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_armel.deb
Size/MD5 checksum: 69972 3ab93baf817484f69bab714f051aaa99
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_armel.deb
Size/MD5 checksum: 352934 14daf47f48e323cec7e1a808ec0a8f28
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_armel.deb
Size/MD5 checksum: 142542 b3d32666b9f5b5380e70bf10103645a0
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_armel.deb
Size/MD5 checksum: 50103556 f3931dc067555d273bb2f7af74c97b6b
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_armel.deb
Size/MD5 checksum: 6948592 46428e5f62b429da082113b8da76564e

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_hppa.deb
Size/MD5 checksum: 158262 bf0a5603b559f81e51b3e8fe835d5eff
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_hppa.deb
Size/MD5 checksum: 51211330 caec065a57aa72660a0a73c237e652f3
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_hppa.deb
Size/MD5 checksum: 71492 da5e96bc768535373f3df6797b79e888
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_hppa.deb
Size/MD5 checksum: 412516 3cba0886d4220c295ff51d6fce4a874f
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_hppa.deb
Size/MD5 checksum: 223092 4872c51582be0e1972239ec1ef56d7ad
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_hppa.deb
Size/MD5 checksum: 3629140 aac13891915a46ed202713dcaa1ffdd2
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_hppa.deb
Size/MD5 checksum: 899436 1f8368b4f8d577904f586f84c3f5250a
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_hppa.deb
Size/MD5 checksum: 9503478 e1e18573037291f60981240e81a5a80e
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_hppa.deb
Size/MD5 checksum: 106514 eb881ae75b3fe865b5e8f78db5141565

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_i386.deb
Size/MD5 checksum: 78942 d69b8b65d1c250d24d21e7961242ce4d
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_i386.deb
Size/MD5 checksum: 67614 3ef0065dbf512988f310b379ecbb0c7b
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_i386.deb
Size/MD5 checksum: 222934 5671e70f2de1832fd1b2f96decdb2de7
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_i386.deb
Size/MD5 checksum: 350452 fcfb729d77cdfcaa34d1dbce66c2b90c
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_i386.deb
Size/MD5 checksum: 851486 7cbad5a2fb4453b08fb8a4a4543f238b
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_i386.deb
Size/MD5 checksum: 3564388 bc2223a0931115a4d3ecc6bb0062ed03
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_i386.deb
Size/MD5 checksum: 49481952 b12493504db71e8379ea0eac86d9869b
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_i386.deb
Size/MD5 checksum: 141078 fd880d99a562d8e07b83dd885f8c4a56
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_i386.deb
Size/MD5 checksum: 6594618 e8043afeed3bcd924d6fab356965b69c

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_ia64.deb
Size/MD5 checksum: 179980 719fac1e4f7c966ae583fb0dc370f14f
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_ia64.deb
Size/MD5 checksum: 75864 0f1777d61ada527ef5b8116b2b3097d1
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_ia64.deb
Size/MD5 checksum: 811252 bf630847aff060fcd1a9867139c33dd9
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_ia64.deb
Size/MD5 checksum: 121340 a22aa06f1fad6e084b896e8bf3ef69c8
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_ia64.deb
Size/MD5 checksum: 3396354 d694cff83fe82d7125af3bca844e2434
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_ia64.deb
Size/MD5 checksum: 11292004 8874413465733b654819940cebc9ce0a
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_ia64.deb
Size/MD5 checksum: 49653978 993621bd3d1b2cdc05663f8941ae90b8
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_ia64.deb
Size/MD5 checksum: 222916 aeeb890a09b31ed3c9d4b56db64a9b80
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_ia64.deb
Size/MD5 checksum: 542196 7dcca5c07da0ee93bf746b49d58c703c

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_mips.deb
Size/MD5 checksum: 96912 8aeb2510afea5d1f92ff7810cf4ae8f1
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_mips.deb
Size/MD5 checksum: 144496 3fe45b281a226a094732bb2bae46fd3c
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_mips.deb
Size/MD5 checksum: 379912 e1d1da46d473c72f1a462aecbeba45a5
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_mips.deb
Size/MD5 checksum: 51839016 804b5b45b4899b1f96fb02ff558b1017
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_mips.deb
Size/MD5 checksum: 918304 1c49ffadf9f71ad385932389ef10624f
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_mips.deb
Size/MD5 checksum: 7661930 dde7ba616bfeef980f71f0a07c158026
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_mips.deb
Size/MD5 checksum: 222762 181364c559aaf7a91899d16dabe4fcb3
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_mips.deb
Size/MD5 checksum: 69692 0f5c37b1b56abbf4583fa347afb3f5cc
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_mips.deb
Size/MD5 checksum: 3612680 13b571b9dc508ff6f49471e180ccbf8f

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_mipsel.deb
Size/MD5 checksum: 378170 4f6003e95c9a9326c3d331a83fbc0c07
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_mipsel.deb
Size/MD5 checksum: 49952368 ea9e3bb040ec093988b53745a55dd170
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_mipsel.deb
Size/MD5 checksum: 96570 cbcaf650c878d4e1e5759614e65e4372
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_mipsel.deb
Size/MD5 checksum: 7371816 4e0cd58aec00a343d0964254b4d4be6d
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_mipsel.deb
Size/MD5 checksum: 222906 6c08a02a49459bfb64876f40fe910d5b
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_mipsel.deb
Size/MD5 checksum: 3307316 2982b19df977a71f65f5aa180294bc3c
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_mipsel.deb
Size/MD5 checksum: 69374 654f66b755959297882b8719e673cb36
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_mipsel.deb
Size/MD5 checksum: 900092 438dc2616c421125d23af5ff72794226
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_mipsel.deb
Size/MD5 checksum: 144774 0ba7ddcd1cadb1ec34e2295cf3222cd1

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_powerpc.deb
Size/MD5 checksum: 94598 0555d823fb826f33f955e2bc155f39af
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_powerpc.deb
Size/MD5 checksum: 222912 5c58ab00c1c27713fe3ae42142647a85
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_powerpc.deb
Size/MD5 checksum: 888022 194f79d5ce4448c04908cbaa103b0483
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_powerpc.deb
Size/MD5 checksum: 7270354 8a754bf9937966182d61179c73200e07
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_powerpc.deb
Size/MD5 checksum: 362116 eaaa7e43204f7565d618907240a0a533
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_powerpc.deb
Size/MD5 checksum: 152068 ad2ff0c3674e5d1f321d62b1327c3223
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_powerpc.deb
Size/MD5 checksum: 51365442 9d24613bc7c49884c20a07d14f3f07b2
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_powerpc.deb
Size/MD5 checksum: 72542 8c09d7d4ef509da594af64f85ccce9ca
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_powerpc.deb
Size/MD5 checksum: 3282570 7ba98adc2a29b38f779ceb93c4a9f420

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_s390.deb
Size/MD5 checksum: 105364 3f1e74e0623c971c41234822c44808a5
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_s390.deb
Size/MD5 checksum: 51156554 62fb601d05680608773383f5755fc271
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_s390.deb
Size/MD5 checksum: 8381832 24aa30f03b5f8ea822f9679614021d68
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_s390.deb
Size/MD5 checksum: 155884 daa6d5ca41f2a17ea2c62a88491383cf
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_s390.deb
Size/MD5 checksum: 909310 a382ee499cea150ef460a74baf528764
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_s390.deb
Size/MD5 checksum: 3305188 0828ab7702dc77530a331a45da049d22
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_s390.deb
Size/MD5 checksum: 72364 1d508c1eb2518d24993a011a026c9952
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_s390.deb
Size/MD5 checksum: 406306 b7cee75289784de2c682c4f5abd0b5cb
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_s390.deb
Size/MD5 checksum: 222908 76f9c545195fb95ad53419b037b35583

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_sparc.deb
Size/MD5 checksum: 3575950 9760510e902b131e94d6057733c69566
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_sparc.deb
Size/MD5 checksum: 49350930 9cc7507d39a67b4fd06267dbf2bd93e3
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_sparc.deb
Size/MD5 checksum: 349936 398ae95c0067f213383696b86b341b36
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_sparc.deb
Size/MD5 checksum: 222994 f28fbfc9107b7a13e0695a4888fe8f75
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_sparc.deb
Size/MD5 checksum: 143022 945475c4924eef6eee00f8738aaea153
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_sparc.deb
Size/MD5 checksum: 68862 ebe2658e7020e3d866644d1151d4dd07
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_sparc.deb
Size/MD5 checksum: 7169696 3356fafabab8464291700a09f78c59c1
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_sparc.deb
Size/MD5 checksum: 88016 6d500d79d352c9d9b1e1fb451cba45a3
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_sparc.deb
Size/MD5 checksum: 821482 625b551efab2c8854443878748ce17c0

These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqVg+YACgkQXm3vHE4uylra+gCbBazHHfxnqAeYLdlOS5Y2708z
GvwAoMeQF/X5nHp5alQ5n533IKheiWSj
=0J39
-----END PGP SIGNATURE-----
"

DSA 1836-1: New fckeditor packages fix arbitrary code executionPrince in rent deposit lawsuit