USN-905-1: sudo vulnerabilities  

Posted by Daniela Mehler

"Ubuntu Security Notice USN-905-1 February 26, 2010
sudo vulnerabilities
CVE-2010-0426, CVE-2010-0427
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
sudo 1.6.8p12-1ubuntu6.1
sudo-ldap 1.6.8p12-1ubuntu6.1

Ubuntu 8.04 LTS:
sudo 1.6.9p10-1ubuntu3.6
sudo-ldap 1.6.9p10-1ubuntu3.6

Ubuntu 8.10:
sudo 1.6.9p17-1ubuntu2.2
sudo-ldap 1.6.9p17-1ubuntu2.2

Ubuntu 9.04:
sudo 1.6.9p17-1ubuntu3.1
sudo-ldap 1.6.9p17-1ubuntu3.1

Ubuntu 9.10:
sudo 1.7.0-1ubuntu2.1
sudo-ldap 1.7.0-1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that sudo did not properly validate the path for the
'sudoedit' pseudo-command. A local attacker could exploit this to execute
arbitrary code as root if sudo was configured to allow the attacker to use
sudoedit. The sudoedit pseudo-command is not used in the default
installation of Ubuntu. (CVE-2010-0426)

It was discovered that sudo did not reset group permissions when the
'runas_default' configuration option was used. A local attacker could
exploit this to escalate group privileges if sudo was configured to allow
the attacker to run commands under the runas_default account. The
runas_default configuration option is not used in the default installation
of Ubuntu. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04.
(CVE-2010-0427)


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12-1ubuntu6.1.diff.gz
Size/MD5: 36465 14d0df16c74cd33e67550cc3011e79bb
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12-1ubuntu6.1.dsc
Size/MD5: 618 d3ff741b9d7e1d3e01abd562318018c2
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12.orig.tar.gz
Size/MD5: 585643 b29893c06192df6230dd5f340f3badf5

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12-1ubuntu6.1_amd64.deb
Size/MD5: 177298 33ba18356cb72b861d6ecda89529b0fb
http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.8p12-1ubuntu6.1_amd64.deb
Size/MD5: 189148 aeefad19f406872cac0eded167f4e065

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12-1ubuntu6.1_i386.deb
Size/MD5: 162882 b873dc9cb110544216feef747d32e5a2
http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.8p12-1ubuntu6.1_i386.deb
Size/MD5: 174316 293c645a4a4d57ccb27e473b5ea9c508

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12-1ubuntu6.1_powerpc.deb
Size/MD5: 171444 ad26abb760441edbf15f7e098b1e1532
http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.8p12-1ubuntu6.1_powerpc.deb
Size/MD5: 183624 8d045143fc6daf29a153184055bfea53

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12-1ubuntu6.1_sparc.deb
Size/MD5: 167550 c27e7f387cb19b5bf3d932957181b5a6
http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.8p12-1ubuntu6.1_sparc.deb
Size/MD5: 180092 fc286f32e79a3010f81f20413168aa04

Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.6.diff.gz
Size/MD5: 29374 e6db1630f2b05c8e9839f4fe4aca266a
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.6.dsc
Size/MD5: 702 20547db3a024d46b8217acf1e83b83ef
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p10.orig.tar.gz
Size/MD5: 579302 16db2a1213159a1fac8239eab58108f5

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.6_amd64.deb
Size/MD5: 188358 23215819c29dc7de3a4af5ca1a57032c
http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9p10-1ubuntu3.6_amd64.deb
Size/MD5: 200026 7c6057e1ed38e8cda9a4d205faf1ac13

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.6_i386.deb
Size/MD5: 176538 1e833016ee022766c2ca1a7e29b596ed
http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9p10-1ubuntu3.6_i386.deb
Size/MD5: 187408 0e0472b16b1add85df28b0675589956d

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.6_lpia.deb
Size/MD5: 177632 8b2edc241c35137afd81c396a0043431
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p10-1ubuntu3.6_lpia.deb
Size/MD5: 188378 ad2a9d36a94c36e1bcecc1bca64b2d95

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.6_powerpc.deb
Size/MD5: 188556 9f0e4fb02064fc1b40829de2c1e92805
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p10-1ubuntu3.6_powerpc.deb
Size/MD5: 202394 ef74f61e9c34ee11ef51d38377a0be55

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.6_sparc.deb
Size/MD5: 182512 24f0ed4658aae0c538ca564e4c5950c3
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p10-1ubuntu3.6_sparc.deb
Size/MD5: 193640 a2b3b6604ff6c4546e5a8d061fdb7cab

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.2.diff.gz
Size/MD5: 26459 e127fb89620f45f5d9184bd87b45464a
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.2.dsc
Size/MD5: 1098 2959f2bc61d7ccecfb8fc554b446d463
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17.orig.tar.gz
Size/MD5: 593534 60daf18f28e2c1eb7641c4408e244110

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.2_amd64.deb
Size/MD5: 191296 c1d1c53708d512a746da226117d130d0
http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu2.2_amd64.deb
Size/MD5: 202256 f4d5961be5ef3eee80906f2c6d39a4b8

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.2_i386.deb
Size/MD5: 179370 d21813fed543bfed0e0704a1ce0341ef
http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu2.2_i386.deb
Size/MD5: 188842 55a32e9081772f8611e1006d3ddcfb50

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.2_lpia.deb
Size/MD5: 180432 ab0bcf69bfba1bc48e9a6a3ba3030c5f
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu2.2_lpia.deb
Size/MD5: 189652 8dc329d7a87d2d5bf2eb70071361b792

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.2_powerpc.deb
Size/MD5: 188732 81d7e525bdfb3421d46e5c7623963e63
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu2.2_powerpc.deb
Size/MD5: 201208 69d7905dce680b3d9f30f6476e486ae6

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.2_sparc.deb
Size/MD5: 184208 1d87f6e84ad37cceb1ab1b16083336ad
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu2.2_sparc.deb
Size/MD5: 193944 b6c81515751ff1b11d6b7b8bf9893206

Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.1.diff.gz
Size/MD5: 26464 d01e9f40ceb7ee72cd544dccc0ff61ec
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.1.dsc
Size/MD5: 1098 7d36e3ce35d2745b8ad1ee6f3341713d
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17.orig.tar.gz
Size/MD5: 593534 60daf18f28e2c1eb7641c4408e244110

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.1_amd64.deb
Size/MD5: 191292 db0dd72e435fc48ac109d67b9d896573
http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu3.1_amd64.deb
Size/MD5: 202254 5ba756fd3ddf796ea948f0f3da4cdd80

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.1_i386.deb
Size/MD5: 179392 d8984ef79dfd27e314343b3e8f42bb41
http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu3.1_i386.deb
Size/MD5: 188846 ce40b21ebc2e2a95be415c768661a785

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.1_lpia.deb
Size/MD5: 180456 6fded1767a6b44cf99f25a82476a52da
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu3.1_lpia.deb
Size/MD5: 189674 e271b1fa6d7f17917163dbb37863eb2e

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.1_powerpc.deb
Size/MD5: 188744 039f52f42d3eeded8ce75e96e276e53d
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu3.1_powerpc.deb
Size/MD5: 201216 2a649addcffab0eaa94f36a45c3848cd

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.1_sparc.deb
Size/MD5: 184136 ca187dd7a7b3eca1b6788bb8b7615f7e
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu3.1_sparc.deb
Size/MD5: 193798 ebf79bbc5f19b50d8ffa60bad381966b

Updated packages for Ubuntu 9.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.1.diff.gz
Size/MD5: 23742 31fa50ea42efb75a6995ce43e05f8d3a
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.1.dsc
Size/MD5: 1117 ac9f701eef71f472756479f9c07d5ff3
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0.orig.tar.gz
Size/MD5: 744311 5fd96bba35fe29b464f7aa6ad255f0a6

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.1_amd64.deb
Size/MD5: 310278 7f1b840d6412b168c70d2f136cb0a3a5
http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.1_amd64.deb
Size/MD5: 333962 a01561815cf0e835cb889663eaf81d06

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.1_i386.deb
Size/MD5: 297694 d514dde2dfc8ec32c92de9d71d8f5832
http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.1_i386.deb
Size/MD5: 319300 e3a4e6d67ed8644c9bed06337cadc156

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.1_lpia.deb
Size/MD5: 297858 82f884376f3ab60cd35466d70446514d
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.1_lpia.deb
Size/MD5: 319686 f9ec4970846681134c868621c8d5989e

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.1_powerpc.deb
Size/MD5: 305874 88b6f4ad953f85c7b32898b7b3823163
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.1_powerpc.deb
Size/MD5: 328914 b973b5fa801148e11d3747ab89b84a3f

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.1_sparc.deb
Size/MD5: 301460 e5cf051efacfdca66a3aa186d01f5a80
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.1_sparc.deb
Size/MD5: 323606 b82e9af9f7f18ebf31aee38835aaf901




--sdtB3X0nJg68CQEu
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkuIQKUACgkQW0JvuRdL8BpcKgCfSpFpPtzyjYRez2CWbQUhHA8p
io4An3V5QdXBD18j7zAdJYS3JK7sbG8W
=ewhg
-----END PGP SIGNATURE-----
"

USN-890-5: XML-RPC for C and C++ vulnerabilitiesRonnie Wood is selling his house

RHSA-2010:0115-01 Moderate: pidgin security update  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: pidgin security update
Advisory ID: RHSA-2010:0115-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0115.html
Issue date: 2010-02-18
CVE Names: CVE-2010-0277 CVE-2010-0420 CVE-2010-0423
=====================================================================

1. Summary:

Updated pidgin packages that fix three security issues are now available
for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously.

An input sanitization flaw was found in the way Pidgin's MSN protocol
implementation handled MSNSLP invitations. A remote attacker could send a
specially-crafted INVITE request that would cause a denial of service
(memory corruption and Pidgin crash). (CVE-2010-0277)

A denial of service flaw was found in Finch's XMPP chat implementation,
when using multi-user chat. If a Finch user in a multi-user chat session
were to change their nickname to contain the HTML "br" element, it would
cause Finch to crash. (CVE-2010-0420)

Red Hat would like to thank Sadrul Habib Chowdhury of the Pidgin project
for responsibly reporting the CVE-2010-0420 issue.

A denial of service flaw was found in the way Pidgin processed emoticon
images. A remote attacker could flood the victim with emoticon images
during mutual communication, leading to excessive CPU use. (CVE-2010-0423)

These packages upgrade Pidgin to version 2.6.6. Refer to the Pidgin release
notes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog

All Pidgin users are advised to upgrade to these updated packages, which
correct these issues. Pidgin must be restarted for this update to take
effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

554335 - CVE-2010-0277 pidgin MSN protocol plugin memory corruption
565786 - CVE-2010-0420 pidgin: Finch XMPP MUC Crash
565792 - CVE-2010-0423 pidgin: Smiley Denial of Service

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/pidgin-2.6.6-1.el4.src.rpm

i386:
finch-2.6.6-1.el4.i386.rpm
finch-devel-2.6.6-1.el4.i386.rpm
libpurple-2.6.6-1.el4.i386.rpm
libpurple-devel-2.6.6-1.el4.i386.rpm
libpurple-perl-2.6.6-1.el4.i386.rpm
libpurple-tcl-2.6.6-1.el4.i386.rpm
pidgin-2.6.6-1.el4.i386.rpm
pidgin-debuginfo-2.6.6-1.el4.i386.rpm
pidgin-devel-2.6.6-1.el4.i386.rpm
pidgin-perl-2.6.6-1.el4.i386.rpm

ia64:
finch-2.6.6-1.el4.ia64.rpm
finch-devel-2.6.6-1.el4.ia64.rpm
libpurple-2.6.6-1.el4.ia64.rpm
libpurple-devel-2.6.6-1.el4.ia64.rpm
libpurple-perl-2.6.6-1.el4.ia64.rpm
libpurple-tcl-2.6.6-1.el4.ia64.rpm
pidgin-2.6.6-1.el4.ia64.rpm
pidgin-debuginfo-2.6.6-1.el4.ia64.rpm
pidgin-devel-2.6.6-1.el4.ia64.rpm
pidgin-perl-2.6.6-1.el4.ia64.rpm

ppc:
finch-2.6.6-1.el4.ppc.rpm
finch-devel-2.6.6-1.el4.ppc.rpm
libpurple-2.6.6-1.el4.ppc.rpm
libpurple-devel-2.6.6-1.el4.ppc.rpm
libpurple-perl-2.6.6-1.el4.ppc.rpm
libpurple-tcl-2.6.6-1.el4.ppc.rpm
pidgin-2.6.6-1.el4.ppc.rpm
pidgin-debuginfo-2.6.6-1.el4.ppc.rpm
pidgin-devel-2.6.6-1.el4.ppc.rpm
pidgin-perl-2.6.6-1.el4.ppc.rpm

x86_64:
finch-2.6.6-1.el4.x86_64.rpm
finch-devel-2.6.6-1.el4.x86_64.rpm
libpurple-2.6.6-1.el4.x86_64.rpm
libpurple-devel-2.6.6-1.el4.x86_64.rpm
libpurple-perl-2.6.6-1.el4.x86_64.rpm
libpurple-tcl-2.6.6-1.el4.x86_64.rpm
pidgin-2.6.6-1.el4.x86_64.rpm
pidgin-debuginfo-2.6.6-1.el4.x86_64.rpm
pidgin-devel-2.6.6-1.el4.x86_64.rpm
pidgin-perl-2.6.6-1.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/pidgin-2.6.6-1.el4.src.rpm

i386:
finch-2.6.6-1.el4.i386.rpm
finch-devel-2.6.6-1.el4.i386.rpm
libpurple-2.6.6-1.el4.i386.rpm
libpurple-devel-2.6.6-1.el4.i386.rpm
libpurple-perl-2.6.6-1.el4.i386.rpm
libpurple-tcl-2.6.6-1.el4.i386.rpm
pidgin-2.6.6-1.el4.i386.rpm
pidgin-debuginfo-2.6.6-1.el4.i386.rpm
pidgin-devel-2.6.6-1.el4.i386.rpm
pidgin-perl-2.6.6-1.el4.i386.rpm

x86_64:
finch-2.6.6-1.el4.x86_64.rpm
finch-devel-2.6.6-1.el4.x86_64.rpm
libpurple-2.6.6-1.el4.x86_64.rpm
libpurple-devel-2.6.6-1.el4.x86_64.rpm
libpurple-perl-2.6.6-1.el4.x86_64.rpm
libpurple-tcl-2.6.6-1.el4.x86_64.rpm
pidgin-2.6.6-1.el4.x86_64.rpm
pidgin-debuginfo-2.6.6-1.el4.x86_64.rpm
pidgin-devel-2.6.6-1.el4.x86_64.rpm
pidgin-perl-2.6.6-1.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/pidgin-2.6.6-1.el4.src.rpm

i386:
finch-2.6.6-1.el4.i386.rpm
finch-devel-2.6.6-1.el4.i386.rpm
libpurple-2.6.6-1.el4.i386.rpm
libpurple-devel-2.6.6-1.el4.i386.rpm
libpurple-perl-2.6.6-1.el4.i386.rpm
libpurple-tcl-2.6.6-1.el4.i386.rpm
pidgin-2.6.6-1.el4.i386.rpm
pidgin-debuginfo-2.6.6-1.el4.i386.rpm
pidgin-devel-2.6.6-1.el4.i386.rpm
pidgin-perl-2.6.6-1.el4.i386.rpm

ia64:
finch-2.6.6-1.el4.ia64.rpm
finch-devel-2.6.6-1.el4.ia64.rpm
libpurple-2.6.6-1.el4.ia64.rpm
libpurple-devel-2.6.6-1.el4.ia64.rpm
libpurple-perl-2.6.6-1.el4.ia64.rpm
libpurple-tcl-2.6.6-1.el4.ia64.rpm
pidgin-2.6.6-1.el4.ia64.rpm
pidgin-debuginfo-2.6.6-1.el4.ia64.rpm
pidgin-devel-2.6.6-1.el4.ia64.rpm
pidgin-perl-2.6.6-1.el4.ia64.rpm

x86_64:
finch-2.6.6-1.el4.x86_64.rpm
finch-devel-2.6.6-1.el4.x86_64.rpm
libpurple-2.6.6-1.el4.x86_64.rpm
libpurple-devel-2.6.6-1.el4.x86_64.rpm
libpurple-perl-2.6.6-1.el4.x86_64.rpm
libpurple-tcl-2.6.6-1.el4.x86_64.rpm
pidgin-2.6.6-1.el4.x86_64.rpm
pidgin-debuginfo-2.6.6-1.el4.x86_64.rpm
pidgin-devel-2.6.6-1.el4.x86_64.rpm
pidgin-perl-2.6.6-1.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/pidgin-2.6.6-1.el4.src.rpm

i386:
finch-2.6.6-1.el4.i386.rpm
finch-devel-2.6.6-1.el4.i386.rpm
libpurple-2.6.6-1.el4.i386.rpm
libpurple-devel-2.6.6-1.el4.i386.rpm
libpurple-perl-2.6.6-1.el4.i386.rpm
libpurple-tcl-2.6.6-1.el4.i386.rpm
pidgin-2.6.6-1.el4.i386.rpm
pidgin-debuginfo-2.6.6-1.el4.i386.rpm
pidgin-devel-2.6.6-1.el4.i386.rpm
pidgin-perl-2.6.6-1.el4.i386.rpm

ia64:
finch-2.6.6-1.el4.ia64.rpm
finch-devel-2.6.6-1.el4.ia64.rpm
libpurple-2.6.6-1.el4.ia64.rpm
libpurple-devel-2.6.6-1.el4.ia64.rpm
libpurple-perl-2.6.6-1.el4.ia64.rpm
libpurple-tcl-2.6.6-1.el4.ia64.rpm
pidgin-2.6.6-1.el4.ia64.rpm
pidgin-debuginfo-2.6.6-1.el4.ia64.rpm
pidgin-devel-2.6.6-1.el4.ia64.rpm
pidgin-perl-2.6.6-1.el4.ia64.rpm

x86_64:
finch-2.6.6-1.el4.x86_64.rpm
finch-devel-2.6.6-1.el4.x86_64.rpm
libpurple-2.6.6-1.el4.x86_64.rpm
libpurple-devel-2.6.6-1.el4.x86_64.rpm
libpurple-perl-2.6.6-1.el4.x86_64.rpm
libpurple-tcl-2.6.6-1.el4.x86_64.rpm
pidgin-2.6.6-1.el4.x86_64.rpm
pidgin-debuginfo-2.6.6-1.el4.x86_64.rpm
pidgin-devel-2.6.6-1.el4.x86_64.rpm
pidgin-perl-2.6.6-1.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pidgin-2.6.6-1.el5.src.rpm

i386:
finch-2.6.6-1.el5.i386.rpm
libpurple-2.6.6-1.el5.i386.rpm
libpurple-perl-2.6.6-1.el5.i386.rpm
libpurple-tcl-2.6.6-1.el5.i386.rpm
pidgin-2.6.6-1.el5.i386.rpm
pidgin-debuginfo-2.6.6-1.el5.i386.rpm
pidgin-perl-2.6.6-1.el5.i386.rpm

x86_64:
finch-2.6.6-1.el5.i386.rpm
finch-2.6.6-1.el5.x86_64.rpm
libpurple-2.6.6-1.el5.i386.rpm
libpurple-2.6.6-1.el5.x86_64.rpm
libpurple-perl-2.6.6-1.el5.x86_64.rpm
libpurple-tcl-2.6.6-1.el5.x86_64.rpm
pidgin-2.6.6-1.el5.i386.rpm
pidgin-2.6.6-1.el5.x86_64.rpm
pidgin-debuginfo-2.6.6-1.el5.i386.rpm
pidgin-debuginfo-2.6.6-1.el5.x86_64.rpm
pidgin-perl-2.6.6-1.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pidgin-2.6.6-1.el5.src.rpm

i386:
finch-devel-2.6.6-1.el5.i386.rpm
libpurple-devel-2.6.6-1.el5.i386.rpm
pidgin-debuginfo-2.6.6-1.el5.i386.rpm
pidgin-devel-2.6.6-1.el5.i386.rpm

x86_64:
finch-devel-2.6.6-1.el5.i386.rpm
finch-devel-2.6.6-1.el5.x86_64.rpm
libpurple-devel-2.6.6-1.el5.i386.rpm
libpurple-devel-2.6.6-1.el5.x86_64.rpm
pidgin-debuginfo-2.6.6-1.el5.i386.rpm
pidgin-debuginfo-2.6.6-1.el5.x86_64.rpm
pidgin-devel-2.6.6-1.el5.i386.rpm
pidgin-devel-2.6.6-1.el5.x86_64.rpm

RHEL Optional Productivity Applications (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/pidgin-2.6.6-1.el5.src.rpm

i386:
finch-2.6.6-1.el5.i386.rpm
finch-devel-2.6.6-1.el5.i386.rpm
libpurple-2.6.6-1.el5.i386.rpm
libpurple-devel-2.6.6-1.el5.i386.rpm
libpurple-perl-2.6.6-1.el5.i386.rpm
libpurple-tcl-2.6.6-1.el5.i386.rpm
pidgin-2.6.6-1.el5.i386.rpm
pidgin-debuginfo-2.6.6-1.el5.i386.rpm
pidgin-devel-2.6.6-1.el5.i386.rpm
pidgin-perl-2.6.6-1.el5.i386.rpm

x86_64:
finch-2.6.6-1.el5.i386.rpm
finch-2.6.6-1.el5.x86_64.rpm
finch-devel-2.6.6-1.el5.i386.rpm
finch-devel-2.6.6-1.el5.x86_64.rpm
libpurple-2.6.6-1.el5.i386.rpm
libpurple-2.6.6-1.el5.x86_64.rpm
libpurple-devel-2.6.6-1.el5.i386.rpm
libpurple-devel-2.6.6-1.el5.x86_64.rpm
libpurple-perl-2.6.6-1.el5.x86_64.rpm
libpurple-tcl-2.6.6-1.el5.x86_64.rpm
pidgin-2.6.6-1.el5.i386.rpm
pidgin-2.6.6-1.el5.x86_64.rpm
pidgin-debuginfo-2.6.6-1.el5.i386.rpm
pidgin-debuginfo-2.6.6-1.el5.x86_64.rpm
pidgin-devel-2.6.6-1.el5.i386.rpm
pidgin-devel-2.6.6-1.el5.x86_64.rpm
pidgin-perl-2.6.6-1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-0277.html
https://www.redhat.com/security/data/cve/CVE-2010-0420.html
https://www.redhat.com/security/data/cve/CVE-2010-0423.html
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLfWbxXlSAg2UNWIIRAgLAAKCEtE/CEkgrqcKYIrjuldrc1T3eWgCdEL0q
vNisx8G/HxTE3EihiGtuYRE=
=tu7N
-----END PGP SIGNATURE-----
"

RHSA-2010:0122-01 Important: sudo security update

RHSA-2010:0122-01 Important: sudo security update  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Important: sudo security update
Advisory ID: RHSA-2010:0122-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0122.html
Issue date: 2010-02-26
CVE Names: CVE-2010-0426 CVE-2010-0427
=====================================================================

1. Summary:

An updated sudo package that fixes two security issues is now available for
Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

The sudo (superuser do) utility allows system administrators to give
certain users the ability to run commands as root.

A privilege escalation flaw was found in the way sudo handled the sudoedit
pseudo-command. If a local user were authorized by the sudoers file to use
this pseudo-command, they could possibly leverage this flaw to execute
arbitrary code with the privileges of the root user. (CVE-2010-0426)

The sudo utility did not properly initialize supplementary groups when the
"runas_default" option (in the sudoers file) was used. If a local user
were authorized by the sudoers file to perform their sudo commands under
the account specified with "runas_default", they would receive the root
user's supplementary groups instead of those of the intended target user,
giving them unintended privileges. (CVE-2010-0427)

Users of sudo should upgrade to this updated package, which contains
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

567337 - CVE-2010-0426 sudo: sudoedit option can possibly allow for arbitrary code execution
567622 - CVE-2010-0427 sudo: Fails to reset group permissions if runas_default set

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/sudo-1.6.9p17-6.el5_4.src.rpm

i386:
sudo-1.6.9p17-6.el5_4.i386.rpm
sudo-debuginfo-1.6.9p17-6.el5_4.i386.rpm

x86_64:
sudo-1.6.9p17-6.el5_4.x86_64.rpm
sudo-debuginfo-1.6.9p17-6.el5_4.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/sudo-1.6.9p17-6.el5_4.src.rpm

i386:
sudo-1.6.9p17-6.el5_4.i386.rpm
sudo-debuginfo-1.6.9p17-6.el5_4.i386.rpm

ia64:
sudo-1.6.9p17-6.el5_4.ia64.rpm
sudo-debuginfo-1.6.9p17-6.el5_4.ia64.rpm

ppc:
sudo-1.6.9p17-6.el5_4.ppc.rpm
sudo-debuginfo-1.6.9p17-6.el5_4.ppc.rpm

s390x:
sudo-1.6.9p17-6.el5_4.s390x.rpm
sudo-debuginfo-1.6.9p17-6.el5_4.s390x.rpm

x86_64:
sudo-1.6.9p17-6.el5_4.x86_64.rpm
sudo-debuginfo-1.6.9p17-6.el5_4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-0426.html
https://www.redhat.com/security/data/cve/CVE-2010-0427.html
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLh6uDXlSAg2UNWIIRAhhJAJ49T7Ti+KIYKerJG/GGnMZHGFVkgwCgijUM
FJatlE21Yc9aqgmpeMl/d58=
=8gCr
-----END PGP SIGNATURE-----
"

RHSA-2010:0114-01 Critical: acroread security and bug fix update

USN-904-1: Squid vulnerability  

Posted by Daniela Mehler

"Ubuntu Security Notice USN-904-1 February 24, 2010
squid vulnerability
CVE-2010-0639
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
squid 2.6.18-1ubuntu3.2

Ubuntu 8.10:
squid 2.7.STABLE3-1ubuntu2.3

Ubuntu 9.04:
squid 2.7.STABLE3-4.1ubuntu1.2

Ubuntu 9.10:
squid 2.7.STABLE6-2ubuntu2.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that Squid incorrectly handled certain malformed packets
received on the HTCP port. A remote attacker could exploit this with a
specially-crafted packet and cause Squid to crash, resulting in a denial of
service.


Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18-1ubunt=
u3.2.diff.gz
Size/MD5: 301187 e352f67cfcdcbc3bf270875aecc775a8
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18-1ubunt=
u3.2.dsc
Size/MD5: 806 4dee5ce3f288403aa1a28a85690de97a
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18.orig.t=
ar.gz
Size/MD5: 1725660 d7ff75f7b75ba7bc28ea453fe4b94434

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.6.18=
-1ubuntu3.2_all.deb
Size/MD5: 482340 adc3f60189a4208b4ec9126fc54820c2

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18-1ubunt=
u3.2_amd64.deb
Size/MD5: 715938 38d8381c95599a170be2e8dfd0471889
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1=
8-1ubuntu3.2_amd64.deb
Size/MD5: 114676 3a27cb2f55ee7f4c5565e0bf67d90ee7
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6=
.18-1ubuntu3.2_amd64.deb
Size/MD5: 94490 fbd6ae8daf4bc72a5725d639591d0484

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.18-1ubunt=
u3.2_i386.deb
Size/MD5: 642834 56d087fc33e9de4f1944d0c720f5570e
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1=
8-1ubuntu3.2_i386.deb
Size/MD5: 113762 2212278b587d0e38f9b0c5f4c06d1c07
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6=
.18-1ubuntu3.2_i386.deb
Size/MD5: 93614 2cb1363bd52e160b744a54806bc6978c

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.6.18-1ubuntu3.2_lpia.=
deb
Size/MD5: 644986 3d1f57b9eee3d95d8ecb4656699d4bde
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.6.18-1ubuntu3=
.2_lpia.deb
Size/MD5: 113622 403d50a549e58b603a7567b5a60324c9
http://ports.ubuntu.com/pool/universe/s/squid/squidclient_2.6.18-1ubunt=
u3.2_lpia.deb
Size/MD5: 93526 b9d9133a7199c0dee043576829594606

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.6.18-1ubuntu3.2_power=
pc.deb
Size/MD5: 729140 afb918cc13f4a842621b56e5aba87628
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.6.18-1ubuntu3=
.2_powerpc.deb
Size/MD5: 115538 1ab14d707d114fd0a675507137ba813b
http://ports.ubuntu.com/pool/universe/s/squid/squidclient_2.6.18-1ubunt=
u3.2_powerpc.deb
Size/MD5: 95136 3f648a1b035bec6aa7953f93809c1a05

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.6.18-1ubuntu3.2_sparc=
.deb
Size/MD5: 669908 ac01974762287523d0adeae1077129d0
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.6.18-1ubuntu3=
.2_sparc.deb
Size/MD5: 114230 8a4d8a4384c4df0b3ed1873868ce72d9
http://ports.ubuntu.com/pool/universe/s/squid/squidclient_2.6.18-1ubunt=
u3.2_sparc.deb
Size/MD5: 94730 8a058729200b6e8725795568fd123018

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1=
ubuntu2.3.diff.gz
Size/MD5: 304376 3c70568351a24f145d8fe5027a944e1b
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1=
ubuntu2.3.dsc
Size/MD5: 1253 b52f87f9524d112e7f88a542735d0f67
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3.o=
rig.tar.gz
Size/MD5: 1782040 a4d7608696e2b617aa5853c7d23e25b0

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.7.ST=
ABLE3-1ubuntu2.3_all.deb
Size/MD5: 496078 dca2adc70af4a98066dbfa96fbd1c48c

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1=
ubuntu2.3_amd64.deb
Size/MD5: 771794 8bdc3cb3aca2f010b2fdeedb2789b8e7
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.S=
TABLE3-1ubuntu2.3_amd64.deb
Size/MD5: 120092 b3a785104158d97329b72c005f010765

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-1=
ubuntu2.3_i386.deb
Size/MD5: 695944 eefb763cfc398f3ee77490af702b6560
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.S=
TABLE3-1ubuntu2.3_i386.deb
Size/MD5: 118844 98b701e1e309eaf921321bba23edeb1b

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.3_=
lpia.deb
Size/MD5: 694254 37161a01410f1438bea5bde80d34aba1
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ub=
untu2.3_lpia.deb
Size/MD5: 118752 8fa60705f60d48594c172ad06fbbf5c3

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.3_=
powerpc.deb
Size/MD5: 778250 67f638b231ab7b31a04d4b93fa1c19f6
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ub=
untu2.3_powerpc.deb
Size/MD5: 120642 a2393624a37d09b21eae6eaebe4e0b27

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-1ubuntu2.3_=
sparc.deb
Size/MD5: 719276 c6bf5deb351f532be316ec00327ec9ce
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-1ub=
untu2.3_sparc.deb
Size/MD5: 119612 eb93a27fb9f156a5460176eed2cc3c9a

Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-4=
.1ubuntu1.2.diff.gz
Size/MD5: 309852 2900f23b740735580929377caeb67757
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-4=
.1ubuntu1.2.dsc
Size/MD5: 1261 7adb44be45d1032eff7c5edd72855112
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3.o=
rig.tar.gz
Size/MD5: 1782040 a4d7608696e2b617aa5853c7d23e25b0

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.7.ST=
ABLE3-4.1ubuntu1.2_all.deb
Size/MD5: 496736 f33216314327cd0007d922d8e778d0aa

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-4=
.1ubuntu1.2_amd64.deb
Size/MD5: 772994 5bc0e3d1af2611db9971b82dbf55df92
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.S=
TABLE3-4.1ubuntu1.2_amd64.deb
Size/MD5: 120800 efa403d3b1886a06c13601390fbf87ac

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE3-4=
.1ubuntu1.2_i386.deb
Size/MD5: 696876 3262b8b1860edc9c2ca6178d893eecf1
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.S=
TABLE3-4.1ubuntu1.2_i386.deb
Size/MD5: 119500 22ce2859f38572c8eca0c5a257a1ca75

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1.=
2_lpia.deb
Size/MD5: 695532 915b0c7c46312c0eed3f7bf1edd20e96
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-4.1=
ubuntu1.2_lpia.deb
Size/MD5: 119420 0f3ad306ce2482ffc76d55be61dfb7dd

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1.=
2_powerpc.deb
Size/MD5: 779690 f1d6cfca1303254c1531b26c5c0e321f
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-4.1=
ubuntu1.2_powerpc.deb
Size/MD5: 121352 801d8f81923dbf9dbb24802316390b1c

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE3-4.1ubuntu1.=
2_sparc.deb
Size/MD5: 719892 c02d2fec68501abbf2b95a04eef4cf9e
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE3-4.1=
ubuntu1.2_sparc.deb
Size/MD5: 120268 12dd77fef419f5c45d42b4502d33d5c0

Updated packages for Ubuntu 9.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6-2=
ubuntu2.2.diff.gz
Size/MD5: 304860 30639dda9a29914a67cc782f72e64c85
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6-2=
ubuntu2.2.dsc
Size/MD5: 1272 ba20fefe599cb882e1b88d4c827ed9f2
http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6.o=
rig.tar.gz
Size/MD5: 1786189 b6bcacd9c58e6e9e18d0ff44d20c50d9

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.7.ST=
ABLE6-2ubuntu2.2_all.deb
Size/MD5: 351846 8114bb93dbbb447af9879635048675e5

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6-2=
ubuntu2.2_amd64.deb
Size/MD5: 815856 cb83ba028269d6773ebd8cdc0c86dafb
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.S=
TABLE6-2ubuntu2.2_amd64.deb
Size/MD5: 123060 603a897ca75e6974aa7fc2b7bd6fe2f4

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.7.STABLE6-2=
ubuntu2.2_i386.deb
Size/MD5: 764274 ef752bb786daa086245d3ea8da3d63c1
http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.7.S=
TABLE6-2ubuntu2.2_i386.deb
Size/MD5: 122216 ae2b57fa8bffb8182df7e2f5d5ac188e

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE6-2ubuntu2.2_=
lpia.deb
Size/MD5: 762330 8ea039b7840fd4f5e3c6992087a58507
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE6-2ub=
untu2.2_lpia.deb
Size/MD5: 121994 a761d93f297982302f6abd09eb8f5e91

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE6-2ubuntu2.2_=
powerpc.deb
Size/MD5: 829872 66e0ace5a7d85088cb00de18aa500996
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE6-2ub=
untu2.2_powerpc.deb
Size/MD5: 123884 5a90b258808f5932d22e528d9c3a910c

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/s/squid/squid_2.7.STABLE6-2ubuntu2.2_=
sparc.deb
Size/MD5: 843674 fdc8dc569a21b0308366d24d7848fd25
http://ports.ubuntu.com/pool/universe/s/squid/squid-cgi_2.7.STABLE6-2ub=
untu2.2_sparc.deb
Size/MD5: 123540 948dd3b52ddf10b1f81cc2f6db43c1ce




--=-oyqJVzDMAK+Eb49/lqI2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEABECAAYFAkuFX3sACgkQLMAs/0C4zNqbJgCguUSST21sj61L41OfyI+e8nlK
2PIAni40f3oKhSmSCs7m8zUJuvHXNeon
¨GY
-----END PGP SIGNATURE-----
"

Ronnie Wood is selling his houseUSN-890-5: XML-RPC for C and C++ vulnerabilities

DSA 2003-1: New Linux 2.6.18 packages fix several vulnerabilities  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------------------------
Debian Security Advisory DSA-2003-1 security@debian.org
http://www.debian.org/security/ Dann Frazier
February 22, 2010 http://www.debian.org/security/faq
- ----------------------------------------------------------------------

Package : linux-2.6
Vulnerability : privilege escalation/denial of service
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2009-3080 CVE-2009-3726 CVE-2009-4005 CVE-2009-4020
CVE-2009-4021 CVE-2009-4536 CVE-2010-0007 CVE-2010-0410
CVE-2010-0415 CVE-2010-0622

NOTE: This kernel update marks the final planned kernel security
update for the 2.6.18 kernel in the Debian release 'etch'.
Although security support for 'etch' officially ended on
Feburary 15th, 2010, this update was already in preparation
before that date. A final update that includes fixes for these
issues in the 2.6.24 kernel is also in preparation and will be
released shortly.

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following
problems:

CVE-2009-3080

Dave Jones reported an issue in the gdth SCSI driver. A missing
check for negative offsets in an ioctl call could be exploited by
local users to create a denial of service or potentially gain
elevated privileges.

CVE-2009-3726

Trond Myklebust reported an issue where a malicious NFS server
could cause a denial of service condition on its clients by
returning incorrect attributes during an open call.

CVE-2009-4005

Roel Kluin discovered an issue in the hfc_usb driver, an ISDN
driver for Colognechip HFC-S USB chip. A potential read overflow
exists which may allow remote users to cause a denial of service
condition (oops).

CVE-2009-4020

Amerigo Wang discovered an issue in the HFS filesystem that would
allow a denial of service by a local user who has sufficient
privileges to mount a specially crafted filesystem.

CVE-2009-4021

Anana V. Avati discovered an issue in the fuse subsystem. If the
system is sufficiently low on memory, a local user can cause the
kernel to dereference an invalid pointer resulting in a denial of
service (oops) and potentially an escalation of privileges.

CVE-2009-4536

Fabian Yamaguchi reported an issue in the e1000 driver for Intel
gigabit network adapters which allow remote users to bypass packet
filters using specially crafted ethernet frames.

CVE-2010-0007

Florian Westphal reported a lack of capability checking in the
ebtables netfilter subsystem. If the ebtables module is loaded,
local users can add and modify ebtables rules.

CVE-2010-0410

Sebastian Krahmer discovered an issue in the netlink connector
subsystem that permits local users to allocate large amounts of
system memory resulting in a denial of service (out of memory).

CVE-2010-0415

Ramon de Carvalho Valle discovered an issue in the sys_move_pages
interface, limited to amd64, ia64 and powerpc64 flavors in Debian.
Local users can exploit this issue to cause a denial of service
(system crash) or gain access to sensitive kernel memory.

CVE-2010-0622

Jermome Marchand reported an issue in the futex subsystem that
allows a local user to force an invalid futex state which results
in a denial of service (oops).

This update also fixes a regression introduced by a previous security
update that caused problems booting on certain s390 systems.

For the oldstable distribution (etch), this problem has been fixed in
version 2.6.18.dfsg.1-26etch2.

We recommend that you upgrade your linux-2.6, fai-kernels, and
user-mode-linux packages.

The following matrix lists additional source packages that were rebuilt for
compatability with or to take advantage of this update:

Debian 4.0 (etch)
fai-kernels 1.17+etch.26etch2
user-mode-linux 2.6.18-1um-2etch.26etch2

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-26etch2.diff.gz
Size/MD5 checksum: 5524814 7d130709d4e511e7e4656da2451f1f87
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-26etch2.dsc
Size/MD5 checksum: 5673 571c1ffbdbfe1681087e1298fdfca95d

Architecture independent packages:

http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-26etch2_all.deb
Size/MD5 checksum: 3593424 693c92052b3593129ff2eaab0b4e1e30
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-26etch2_all.deb
Size/MD5 checksum: 59218 c88b14065b28f990826bee042ad7d815
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-26etch2_all.deb
Size/MD5 checksum: 3721138 b3c6b7e7cd57832097fbb8623dea8e74
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-26etch2_all.deb
Size/MD5 checksum: 1867420 4bba6a0ecce93a9ed767e1eac85c9b22
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-26etch2_all.deb
Size/MD5 checksum: 41471202 a194dff960abdc394759617b1cec833b
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-26etch2_all.deb
Size/MD5 checksum: 1092796 93a2c28e51d0107c132042502ca421ca

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch2_alpha.deb
Size/MD5 checksum: 58590 3e7ce57fb1666206bef232d2dae61e0c
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-26etch2_alpha.deb
Size/MD5 checksum: 58618 1418421d5bb7ed3c777e715d521cfc94
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-26etch2_alpha.deb
Size/MD5 checksum: 269964 d6f60e56d88e7bc6e747f11f3a092be8
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-26etch2_alpha.deb
Size/MD5 checksum: 23467854 890dcfb45d5c294782cfba481ba28cf8
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-26etch2_alpha.deb
Size/MD5 checksum: 23486146 cf5f492de0d3b95c104688af41507f0d
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-26etch2_alpha.deb
Size/MD5 checksum: 271438 377e64344139093fdd953be06a52b4fb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch2_alpha.deb
Size/MD5 checksum: 3056666 4d4c20a663961a9876c3d394ec2be2df
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-26etch2_alpha.deb
Size/MD5 checksum: 269088 9fab01f5a024c1565de5bf56bf1ae5f1
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-26etch2_alpha.deb
Size/MD5 checksum: 23840840 423eeb0a1a176f9aa7dacc8d31fc662d
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch2_alpha.deb
Size/MD5 checksum: 3032594 d4985e6b8053cc3db8c0c7f9c3f408ff
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-26etch2_alpha.deb
Size/MD5 checksum: 23545602 ef92253acd09d2912a37f5269d22d249
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-26etch2_alpha.deb
Size/MD5 checksum: 269528 39e457bf1e855949511ec2e72af742bd

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
Size/MD5 checksum: 16868252 ee80d06b63146a8ce3eb9b3e1308b035
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
Size/MD5 checksum: 58562 2fd76c2ea505f03467cb8b10a128e68d
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
Size/MD5 checksum: 16821598 403b0975de890cb54ffa78723b885413
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-26etch2_amd64.deb
Size/MD5 checksum: 3339518 efbea954d3dba3b14ed4a946aa07eb5d
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
Size/MD5 checksum: 276768 729c58b0e6fe7370ef560b6473d8cc7b
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-26etch2_amd64.deb
Size/MD5 checksum: 3362482 6144288edd4b3323467754247c548462
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
Size/MD5 checksum: 15265034 e62db0183d0a20364689ae1e299eda8d
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch2_amd64.deb
Size/MD5 checksum: 3196466 040fc42bf648b266e20fd2167c8fddeb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch2_amd64.deb
Size/MD5 checksum: 58588 1f5469f32baeb0c254734844683639de
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
Size/MD5 checksum: 276144 9894a87be9f8f246d588f9d2f13edd65
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
Size/MD5 checksum: 275988 6ba8cee4ae3a1e97f1f119de3c00cc27
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
Size/MD5 checksum: 1656540 34136f91c651f85b68a968dc2a92fe21
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
Size/MD5 checksum: 58614 532d4522c684b11a301aad882c2de18a
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
Size/MD5 checksum: 15278248 d9743b0ad844642939e4b59f1ac4882d
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
Size/MD5 checksum: 276280 0b696cbf9c223280dac38b74fcd929eb
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
Size/MD5 checksum: 58576 37dda62cbf5e937dc9c18f142e4f2766
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
Size/MD5 checksum: 1688578 d6d9b304ac68e159074548a1235ef202
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch2_amd64.deb
Size/MD5 checksum: 3173510 207be7a723806f298077014137426b51

arm architecture (ARM)

http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch2_arm.deb
Size/MD5 checksum: 3416842 1c1859099a68d2e9e80dbe346153061f
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-arm_2.6.18.dfsg.1-26etch2_arm.deb
Size/MD5 checksum: 58710 ec9b95dbc1df3b482fe6c4fe9fafa8a5
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s3c2410_2.6.18.dfsg.1-26etch2_arm.deb
Size/MD5 checksum: 5020934 94f451055d316f633bc2db3f2c62ff03
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-ixp4xx_2.6.18.dfsg.1-26etch2_arm.deb
Size/MD5 checksum: 242960 756c6f690fd001b7a9bbafed3b86d06b
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch2_arm.deb
Size/MD5 checksum: 58666 b57304c2fc4d79702421ec17a7bb5ad7
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-ixp4xx_2.6.18.dfsg.1-26etch2_arm.deb
Size/MD5 checksum: 8878884 3e088eb4497996943f628eea68117281
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-footbridge_2.6.18.dfsg.1-26etch2_arm.deb
Size/MD5 checksum: 238046 50e7ca22a4518d6a26e43a4118117bc5
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-footbridge_2.6.18.dfsg.1-26etch2_arm.deb
Size/MD5 checksum: 7578534 67ecffb68bc3b622b18841eb3aa19ce1
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s3c2410_2.6.18.dfsg.1-26etch2_arm.deb
Size/MD5 checksum: 208064 70108064c38c883663bc03a6db12bc27
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-iop32x_2.6.18.dfsg.1-26etch2_arm.deb
Size/MD5 checksum: 7935286 2f8b5346acd0200686e9099cd52583b0
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-rpc_2.6.18.dfsg.1-26etch2_arm.deb
Size/MD5 checksum: 203128 753f35c3648efbc9afa7a0891ddafbff
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-rpc_2.6.18.dfsg.1-26etch2_arm.deb
Size/MD5 checksum: 4593036 3cb807ec55fd4b0ef9a0b37789fb1bc9
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-iop32x_2.6.18.dfsg.1-26etch2_arm.deb
Size/MD5 checksum: 238382 f84017f283186f036bc99a1ab5f165fb

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-26etch2_hppa.deb
Size/MD5 checksum: 203384 e7878c82df62eb0317c3e7e755f73ec0
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-26etch2_hppa.deb
Size/MD5 checksum: 11004160 8eb8f762e0b7c9a716dea4486fec88f4
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-26etch2_hppa.deb
Size/MD5 checksum: 202658 60c16e7d024108d544cefaf10c051c22
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch2_hppa.deb
Size/MD5 checksum: 58664 c383ca0f103b14998d277f50991df63e
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-26etch2_hppa.deb
Size/MD5 checksum: 10562766 c8737f075273047316ce0db86c0da0a7
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-26etch2_hppa.deb
Size/MD5 checksum: 201312 ca2bec6ed4dbdd849ba328926f6028b5
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-26etch2_hppa.deb
Size/MD5 checksum: 11404158 ceefbede0cc30b42067f670813655463
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-26etch2_hppa.deb
Size/MD5 checksum: 202646 9a8f530a9cbb7bf2ecbb1489c9227453
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-26etch2_hppa.deb
Size/MD5 checksum: 11813688 4ce5c7173dfe01a8ce81fc00cb859235
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch2_hppa.deb
Size/MD5 checksum: 3026784 0743461ea063011192d1012d16879ec5
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-26etch2_hppa.deb
Size/MD5 checksum: 58696 98e347f8d87e4e7b6660fc0cd85c08a1

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 284334 61e1f8473bdc4856e2634ff293672fd6
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 58560 2ed5fe8d175457d93a319bc7ee952a9d
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 3154278 619618aa8706f4367ac08063c1b9f4c7
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 14295894 4d5f25608fec1620e4e794e1a8e52668
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 3059602 7e53208a8a34c086c63e88186da83e95
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 16516800 a66c25ce2fd838ddd1e66e2b49f962f5
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 16840132 3d86df2706e3c7dd6bbdaf7a701f56af
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 16195826 09fcc72dcdc03d855f10ecc4445a09e9
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 58634 2861ac39f4daceddd382564c394b46e9
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 14284500 40549f308e8d0606ec9318a198493a9e
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 58570 f9304d56dbf44420e1c2fbf8747b4e38
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 283676 e7d133a5ad5929609999975303ff5bb6
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 16384538 d8970b85a23a9c78c019a6378c710bf7
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 1304900 41b08f00ef96eb35a7dff09a0a731849
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 16414450 43d891947b3e939699d2a86039df3d4e
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 16343498 dbf74416f24e2335d88e3222e57154fa
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 286570 efccf0d5a72f36d0c5db24645dc4123b
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 16479532 df92eac7772f1f3de60a25e08aa00607
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 284486 ea1fec578c1e693b504dac67ff40c769
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 1333122 c62950e99d052efd58fe619a14953bc7
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 275310 7e75b3fd69c50dc1cb6851416aa641ab
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 284610 05ae2f640f9472bd954f35ec27f5aa37
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 3173726 657e1290db9a855c4a8fa78a7c776d50
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 282966 8c264f1eb67132f217b93809a7a673f7
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 276942 3b13c5cebc124fef10b71672cf92ceb6
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 3175958 f9fad639ddb47a449e48d70fd0bcad0d
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 58582 d1f5a549c0a4e21863e764a84285479c
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch2_i386.deb
Size/MD5 checksum: 277270 98ddf34ccebd116947d898b600e006ab

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-26etch2_ia64.deb
Size/MD5 checksum: 28021328 c9d8cb38c61deb990571bd39fe1acd46
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-26etch2_ia64.deb
Size/MD5 checksum: 58600 1e548e1b36f15d958e88de5611a834a2
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-26etch2_ia64.deb
Size/MD5 checksum: 28191294 53ce5ebc7b9fe527e289015d24796b9d
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch2_ia64.deb
Size/MD5 checksum: 3087232 746e4dcb06ab898fde2c4e17296904ea
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-26etch2_ia64.deb
Size/MD5 checksum: 259982 6a70f88fefb8333ce3a3bd7bc581c2b6
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch2_ia64.deb
Size/MD5 checksum: 58582 12cd8745267a18f27142e11823fbf2e1
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-26etch2_ia64.deb
Size/MD5 checksum: 260056 bc3d28b3d93e7b439c9cbe391fa039ca

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch2_mips.deb
Size/MD5 checksum: 3354708 68d0f60e3e4abce8ba788bf97bc30d3d
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-26etch2_mips.deb
Size/MD5 checksum: 6100096 804c036f65374e446941633cd60fd365
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-26etch2_mips.deb
Size/MD5 checksum: 8293296 f8ea6cbd2dbaf581e77d044e07ff84dd
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-26etch2_mips.deb
Size/MD5 checksum: 15657604 cd1c3f7523af39875d482966f6655c2f
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-26etch2_mips.deb
Size/MD5 checksum: 9058206 57534c2f6c516d95c737441d33f91558
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mips_2.6.18.dfsg.1-26etch2_mips.deb
Size/MD5 checksum: 58630 3bb00a2094611ea579316edcf6078d2d
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-26etch2_mips.deb
Size/MD5 checksum: 15631492 8eb8324f58111276dbe1f5c96658ef7a
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-26etch2_mips.deb
Size/MD5 checksum: 187446 9ce4f17a356822abe0166b67bc83819d
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch2_mips.deb
Size/MD5 checksum: 58582 dd4ca39eb0c937be019022ca12948170
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-26etch2_mips.deb
Size/MD5 checksum: 187504 6169c0c0dd8ac90b7a5821e71ef4bf17
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-26etch2_mips.deb
Size/MD5 checksum: 168428 9b37fdb1d7392d85421d03d31513d10f
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-26etch2_mips.deb
Size/MD5 checksum: 155222 01d8f12c1942c324747e0af05706c047
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-26etch2_mips.deb
Size/MD5 checksum: 164106 4202f694909673ed4fa87337a20c8e49

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-26etch2_mipsel.deb
Size/MD5 checksum: 183268 ff589a4f430342423e559b8195b24f44
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-26etch2_mipsel.deb
Size/MD5 checksum: 6038950 faf77d2286820d59138dd6df3bd6af8e
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch2_mipsel.deb
Size/MD5 checksum: 3355120 56461da76c60c11873499979e0f96428
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-26etch2_mipsel.deb
Size/MD5 checksum: 15075354 c90ebd12ee2dd430f8ab29adec40a5ef
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-26etch2_mipsel.deb
Size/MD5 checksum: 187132 3a8b31df1f3574d22c35213d441e35cf
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-26etch2_mipsel.deb
Size/MD5 checksum: 160392 a56adabb6755266b7b692412247b8d2e
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-26etch2_mipsel.deb
Size/MD5 checksum: 160394 b39c1d39e0c7e57ff3e9e3b1909b816e
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mipsel_2.6.18.dfsg.1-26etch2_mipsel.deb
Size/MD5 checksum: 58644 b9c4b4ad568daf525350e99b85c6702f
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-26etch2_mipsel.deb
Size/MD5 checksum: 155250 c64112aaa2cbe96dfed1151fe6ed0948
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-26etch2_mipsel.deb
Size/MD5 checksum: 5931232 50039a459ebe81b46366daeb38629a71
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-26etch2_mipsel.deb
Size/MD5 checksum: 15045872 5d308ac045224c2f624c6e6d2616f599
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-26etch2_mipsel.deb
Size/MD5 checksum: 9865546 c19edb54536bc2632c3053914431c81d
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-26etch2_mipsel.deb
Size/MD5 checksum: 187352 ed1f956103380416f54f85265c08178a
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-26etch2_mipsel.deb
Size/MD5 checksum: 5952110 83be5714ffb5476521757e7533f6d77c
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch2_mipsel.deb
Size/MD5 checksum: 58584 6976c9ecda249ed27b3526cd3c924709

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-26etch2_powerpc.deb
Size/MD5 checksum: 261512 4d64c4021de872510638af4984efe8e3
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-prep_2.6.18.dfsg.1-26etch2_powerpc.deb
Size/MD5 checksum: 254974 13836ff4f4982359427a4807a3ff022c
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-26etch2_powerpc.deb
Size/MD5 checksum: 262228 19dcb574223e9520ada14a5e5239167e
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch2_powerpc.deb
Size/MD5 checksum: 3463224 630cae3ab63eeaa3138eed1f690a7bcf
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc64_2.6.18.dfsg.1-26etch2_powerpc.deb
Size/MD5 checksum: 261766 8d051586c13f4814f2f94475664c42b8
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc_2.6.18.dfsg.1-26etch2_powerpc.deb
Size/MD5 checksum: 16734852 df517679b15edf552ab7cae3bf9f4892
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-26etch2_powerpc.deb
Size/MD5 checksum: 15239458 5e56cbb80b43a8e8faedeb3b5ea3e30e
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch2_powerpc.deb
Size/MD5 checksum: 3487960 24133361811daa6c3b722ae0d86cac17
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch2_powerpc.deb
Size/MD5 checksum: 58660 6a8fbd00343a006657202af81e50d871
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-26etch2_powerpc.deb
Size/MD5 checksum: 261070 cfd8546dbaf739a7beb646c03a134ba0
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-prep_2.6.18.dfsg.1-26etch2_powerpc.deb
Size/MD5 checksum: 16496624 7b3072914553a8a3ebbb6e54fd28da75
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-26etch2_powerpc.deb
Size/MD5 checksum: 17066970 769cbf7696109bad94c4cda4d5c4aed1
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-26etch2_powerpc.deb
Size/MD5 checksum: 238728 1bb13cb18575c15c765450f61df97d7a
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-26etch2_powerpc.deb
Size/MD5 checksum: 18439946 6d07322dadbaeb6a9e38f4b69cfe6111
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-powerpc_2.6.18.dfsg.1-26etch2_powerpc.deb
Size/MD5 checksum: 58712 a264e42a469309dfd652824bb552df29
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-26etch2_powerpc.deb
Size/MD5 checksum: 17112002 a31f7eb37d3578dd6e8896b2a7307f56
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc_2.6.18.dfsg.1-26etch2_powerpc.deb
Size/MD5 checksum: 260410 e00847063d61e74b95ceaf8e5ccbd82d
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc64_2.6.18.dfsg.1-26etch2_powerpc.deb
Size/MD5 checksum: 18387816 db567e0c6f6669ab6df80d4bbe070322

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-26etch2_s390.deb
Size/MD5 checksum: 5650084 dcaa497cc7887ba3c5b8ce1728a8eccf
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch2_s390.deb
Size/MD5 checksum: 58654 ba9f5dc205b5b55fbe5b8f03c9bc4e79
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch2_s390.deb
Size/MD5 checksum: 3026856 fce3173ca8b7f64459c0fe706e5db38c
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-26etch2_s390.deb
Size/MD5 checksum: 5693838 2692c97a1fe5909f3aaec9ae37934cf3
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch2_s390.deb
Size/MD5 checksum: 3003004 d516edcec41227c3b2d75b4ff1f41f61
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-26etch2_s390.deb
Size/MD5 checksum: 1446932 fae05aaf337ec910c31e74a82dd6e435
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-26etch2_s390.deb
Size/MD5 checksum: 5431786 22e14eae43a00baf80bc294aeb2f50a3
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-26etch2_s390.deb
Size/MD5 checksum: 151832 14b9a747078e738e1969119e2ac47e9b
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-26etch2_s390.deb
Size/MD5 checksum: 150652 ea19921c950df1596a0a13565cb54a60
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-26etch2_s390.deb
Size/MD5 checksum: 58682 180f34f0fdf6735c238192345d93b8da
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-26etch2_s390.deb
Size/MD5 checksum: 150868 cab6364d7593189a52fef18a4ce79d00

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-26etch2_sparc.deb
Size/MD5 checksum: 206692 12e23364149f1ddad43d2be4175d3905
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-26etch2_sparc.deb
Size/MD5 checksum: 10693316 68d0ebf276378b8079935634d6a46469
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc32_2.6.18.dfsg.1-26etch2_sparc.deb
Size/MD5 checksum: 173954 34b8f651525dab30bdd2119be8e8a591
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch2_sparc.deb
Size/MD5 checksum: 58586 4b5dec560b473bc07f4f2a4ca738a81c
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-sparc_2.6.18.dfsg.1-26etch2_sparc.deb
Size/MD5 checksum: 58610 89ad8500983bc90ccc8ace61afe40acd
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64_2.6.18.dfsg.1-26etch2_sparc.deb
Size/MD5 checksum: 10429006 910069b29aa54cf83a903691e7066f02
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc32_2.6.18.dfsg.1-26etch2_sparc.deb
Size/MD5 checksum: 6450644 e6225a5766b28073d83f0167f543daff
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-26etch2_sparc.deb
Size/MD5 checksum: 10743470 968ffa0488f59aff985023b55873f36d
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch2_sparc.deb
Size/MD5 checksum: 3227902 43015e055532dac26cca8c6c0181c0bb
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-26etch2_sparc.deb
Size/MD5 checksum: 207262 5a82874112183cf0214b925afdd3aa2f
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64_2.6.18.dfsg.1-26etch2_sparc.deb
Size/MD5 checksum: 205768 bf4dcbfb68be2800a8494474325a742d
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch2_sparc.deb
Size/MD5 checksum: 3251856 330c10163d371c6ecbcce2f35435aaf1

These changes will probably be included in the oldstable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFLgy8NhuANDBmkLRkRAkPaAJ9FsHpDiZaGUSkKyIfrkvenyko3QQCfRdF2
fPP5vUSXwW60tbmXJ3FA3Uo=
=Bvy0
-----END PGP SIGNATURE-----
"

Victoria fumes as David Beckham has his balls grabbedDSA 1978-1: New phpgroupware packages fix several vulnerabilities

DSA-2002-1: New polipo packages fix denial of service  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2002-1 security@debian.org
http://www.debian.org/security/ Stefan Fritsch
February 19, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : polipo
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-3305 CVE-2009-4413
Debian bug : 547047 560779

Several denial of service vulnerabilities have been discovered in polipo, a
small, caching web proxy. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2009-3305

A malicous remote sever could cause polipo to crash by sending an
invalid Cache-Control header.

CVE-2009-4143

A malicous client could cause polipo to crash by sending a large
Content-Length value.

This upgrade also fixes some other bugs that could lead to a daemon crash
or an infinite loop and may be triggerable remotely.

For the stable distribution (lenny), these problems have been fixed in
version 1.0.4-1+lenny1.

For the testing distribution (squeeze) and the unstable distribution (sid),
these problems have been fixed in version 1.0.4-3.


We recommend that you upgrade your polipo packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny (stable)
- -----------------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1.dsc
Size/MD5 checksum: 1042 4bb50ed5472fcd6b264cb89816586bbe
http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1.diff.gz
Size/MD5 checksum: 13430 4cc90f3327e4018c56b4e140cbcb2f46
http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4.orig.tar.gz
Size/MD5 checksum: 180487 defdce7f8002ca68705b6c2c36c4d096

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_alpha.deb
Size/MD5 checksum: 220166 1a352d494225a07a9073681be4bac47c

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_amd64.deb
Size/MD5 checksum: 203454 381798d0cb7c64fc221bee69eb8b6a55

arm architecture (ARM)

http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_arm.deb
Size/MD5 checksum: 201570 935d8f17f67c30c2910e057021d2c917

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_armel.deb
Size/MD5 checksum: 203706 99e563f18c123c3ca6508acdfd7f61f1

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_hppa.deb
Size/MD5 checksum: 211750 41caee7138a21b342d9821e0d098298c

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_i386.deb
Size/MD5 checksum: 191848 33af29a3f9e091dd6437fc3f3bfccab9

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_ia64.deb
Size/MD5 checksum: 266176 0643774c9cdd1386f66ca090b303a369

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_mips.deb
Size/MD5 checksum: 209536 5df3adcad12bccd7135a3fc9fb224af0

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_mipsel.deb
Size/MD5 checksum: 209834 4961e97e904853264a1bd03fbb767abd

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_powerpc.deb
Size/MD5 checksum: 199224 6ebb7bd7a1cb453650efee37cb742506

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_s390.deb
Size/MD5 checksum: 209310 642204b4effb7d2e801147bdb5581ac1

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_sparc.deb
Size/MD5 checksum: 198238 1e9c3cb3e6818f3f72f5aa4ab247da65


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFLfq/Pbxelr8HyTqQRAsUsAJ0V9UhOwnRhJhte5+XN7+o8zurLMgCffN2l
Dpz8iOw+CMuMbo1aTU17DXU=
=17YQ
-----END PGP SIGNATURE-----
"

DSA 1982-1: New hybserv packages fix denial of serviceVictoria fumes as David Beckham has his balls grabbed

RHSA-2010:0114-01 Critical: acroread security and bug fix update  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Critical: acroread security and bug fix update
Advisory ID: RHSA-2010:0114-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0114.html
Issue date: 2010-02-18
CVE Names: CVE-2010-0186 CVE-2010-0188
=====================================================================

1. Summary:

Updated acroread packages that fix two security issues and a bug are now
available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise
Linux 5 Supplementary.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

RHEL Desktop Supplementary (v. 5 client) - i386, x86_64
RHEL Supplementary (v. 5 server) - i386, x86_64
Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64

3. Description:

Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).

This update fixes two vulnerabilities in Adobe Reader. These
vulnerabilities are summarized on the Adobe Security Advisory APSB10-07
page listed in the References section. A specially-crafted PDF file could
cause Adobe Reader to crash or, potentially, execute arbitrary code as the
user running Adobe Reader when opened. (CVE-2010-0186, CVE-2010-0188)

This update also fixes a bug where, on some systems, attempting to install
or upgrade the acroread packages failed due to a package dependency issue.
(BZ#557506)

All Adobe Reader users should install these updated packages. They contain
Adobe Reader version 9.3.1, which is not vulnerable to these issues and
fixes this bug. All running instances of Adobe Reader must be restarted for
the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

557506 - acroread requires openldap-devel which is in Workstation/
563819 - CVE-2010-0186 flash-plugin: unauthorized cross-domain requests (APSB10-06)
566087 - CVE-2010-0188 acroread: unspecified code execution flaw

6. Package List:

Red Hat Enterprise Linux AS version 4 Extras:

i386:
acroread-9.3.1-1.el4.i386.rpm
acroread-plugin-9.3.1-1.el4.i386.rpm

x86_64:
acroread-9.3.1-1.el4.i386.rpm

Red Hat Desktop version 4 Extras:

i386:
acroread-9.3.1-1.el4.i386.rpm
acroread-plugin-9.3.1-1.el4.i386.rpm

x86_64:
acroread-9.3.1-1.el4.i386.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
acroread-9.3.1-1.el4.i386.rpm
acroread-plugin-9.3.1-1.el4.i386.rpm

x86_64:
acroread-9.3.1-1.el4.i386.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
acroread-9.3.1-1.el4.i386.rpm
acroread-plugin-9.3.1-1.el4.i386.rpm

x86_64:
acroread-9.3.1-1.el4.i386.rpm

RHEL Desktop Supplementary (v. 5 client):

i386:
acroread-9.3.1-1.el5.i386.rpm
acroread-plugin-9.3.1-1.el5.i386.rpm

x86_64:
acroread-9.3.1-1.el5.i386.rpm
acroread-plugin-9.3.1-1.el5.i386.rpm

RHEL Supplementary (v. 5 server):

i386:
acroread-9.3.1-1.el5.i386.rpm
acroread-plugin-9.3.1-1.el5.i386.rpm

x86_64:
acroread-9.3.1-1.el5.i386.rpm
acroread-plugin-9.3.1-1.el5.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-0186.html
https://www.redhat.com/security/data/cve/CVE-2010-0188.html
http://www.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb10-07.html

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLfWbgXlSAg2UNWIIRAgWGAJ0e8aSP9WEY967v12+ZKhOhKHna5QCguAV7
FvX0zpgyUc5i1iuNUTK4HtE=
=uyPw
-----END PGP SIGNATURE-----
"

RHSA-2010:0103-01 Important: flash-plugin security updateRonnie James Dio cancer update