===========================================================
Ubuntu Security Notice USN-1087-1 March 11, 2011
libvpx vulnerability
CVE-2010-4489
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.10:
libvpx0 0.9.5-2~build0.10.10.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
Details follow:
Chris Evans discovered that libvpx did not properly perform bounds
checking. If an application using libvpx opened a specially crafted WebM
file, an attacker could cause a denial of service.
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx_0.9.5-2~build0.10.10.1.debian.tar.gz
Size/MD5: 11048 c115b3e109a4755efaa01e5b89c56d02
http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx_0.9.5-2~build0.10.10.1.dsc
Size/MD5: 1215 eb2437db5492a8eaabdcb066559ef9aa
http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx_0.9.5.orig.tar.bz2
Size/MD5: 1250422 4bf2f2c76700202c1fe9201fcb0680e3
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx-doc_0.9.5-2~build0.10.10.1_all.deb
Size/MD5: 229474 84ca7bf3c8ec129cef1d3ffe883a46b7
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx-dev_0.9.5-2~build0.10.10.1_amd64.deb
Size/MD5: 335514 a225a5d9547d5790b2ce543757d94650
http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0-dbg_0.9.5-2~build0.10.10.1_amd64.deb
Size/MD5: 543526 1896975be601150457a038df07564649
http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0_0.9.5-2~build0.10.10.1_amd64.deb
Size/MD5: 258726 3afd9e92a7b3890261270f11077d0f49
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx-dev_0.9.5-2~build0.10.10.1_i386.deb
Size/MD5: 315194 48ba93627e2e04f45a8fca9010468e0b
http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0-dbg_0.9.5-2~build0.10.10.1_i386.deb
Size/MD5: 509944 dab7d1fea70f16345e99672ac1d6e1a4
http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0_0.9.5-2~build0.10.10.1_i386.deb
Size/MD5: 236882 4924a55e7f167fc07d3e0b5be3923b3c
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx-dev_0.9.5-2~build0.10.10.1_armel.deb
Size/MD5: 320462 c2a7da209a25abcd5b47526bd2517a21
http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0-dbg_0.9.5-2~build0.10.10.1_armel.deb
Size/MD5: 483256 b4ba9b76bf8e86420ba47ae91134cf1c
http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0_0.9.5-2~build0.10.10.1_armel.deb
Size/MD5: 260228 afd755c9ab8251adf8f53d302f1c3f63
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx-dev_0.9.5-2~build0.10.10.1_powerpc.deb
Size/MD5: 314390 5049a1e59ba3de34ac6313a49bdd34e0
http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0-dbg_0.9.5-2~build0.10.10.1_powerpc.deb
Size/MD5: 484516 16a277103707f8da64039387044edc55
http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0_0.9.5-2~build0.10.10.1_powerpc.deb
Size/MD5: 249876 110c4e365f1e545f98bf4b5412a39044
--------------enig462D87D5C8F4268EADD384AA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk16djQACgkQTniv4aqX/VkzBgCfVVHt/LBYoM7wl8WSdBez2BZZ
sPoAnjihSfwZLdYns5DtWTFeoom/uurV
=T7Gc
-----END PGP SIGNATURE-----
--------------enig462D87D5C8F4268EADD384AA--
From - Mon Mar 14 19:34:51 2011
X-Account-Key: account7
X-UIDL: 4cc06000000143e0
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <bugtraq-return-46285-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 601E8EC12C
for <lists@securityspace.com>; Mon, 14 Mar 2011 15:13:31 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 26FFE23712A; Mon, 14 Mar 2011 12:08:07 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 16219 invoked from network); 14 Mar 2011 19:03:41 -0000
Resent-Cc: recipient list not shown: ;
Old-Return-Path: <jmm@inutil.org>
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on liszt.debian.org
X-Spam-Level:
X-Spam-Status: No, score=-9.6 required=4.0 tests=FOURLA,FVGT_m_MULTI_ODD,
LDO_WHITELIST,MURPHY_WRONG_WORD1,MURPHY_WRONG_WORD2,PGPSIGNATURE
autolearn�iled version=3.2.5
X-Original-To: lists-debian-security-announce@liszt.debian.org
Delivered-To: lists-debian-security-announce@liszt.debian.org
X-Virus-Scanned: at lists.debian.org with policy bank moderated
X-Amavis-Spam-Status: No, score=-11.58 tagged_above=-10000 required=5.3
tests=[BAYES_00=-2, FOURLA=0.1, FVGT_m_MULTI_ODD=0.02,
LDO_WHITELIST=-5, MURPHY_WRONG_WORD1=0.1, MURPHY_WRONG_WORD2=0.2,
PGPSIGNATURE=-5] autolearn=ham
X-policyd-weight: using cached result; rate: -6.1
Date: Mon, 14 Mar 2011 19:47:59 +0100
From: Moritz Muehlenhoff <jmm@debian.org>
Message-ID: <20110314184759.GA4888@pisco.westfalen.local>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.20 (2009-06-14)
X-SA-Exim-Connect-IP: 82.83.224.43
X-SA-Exim-Mail-From: jmm@inutil.org
X-SA-Exim-Scanned: No (on inutil.org); SAEximRunCond expanded to false
X-Debian: PGP check passed for security officers
Subject: [SECURITY] [DSA 2191-1] proftpd security update
Priority: urgent
X-Rc-Spam: 2008-11-04_01
X-Debian: PGP check passed for security officers
X-Rc-Virus: 2007-09-13_01
X-Rc-Spam: 2008-11-04_01
Resent-Message-ID: <rYlRDCpbSfD.A.3QD.LamfNB@liszt>
Reply-To: listadmin@securityfocus.com
Mail-Followup-To: bugtraq@securityfocus.com
To: bugtraq@securityfocus.com
Resent-Date: Mon, 14 Mar 2011 19:03:39 +0000 (UTC)
Resent-From: list@liszt.debian.org (Mailing List Manager)
Status: RO
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2191-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
March 14, 2011
http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : proftpd-dfsg
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2008-7265 CVE-2010-3867 CVE-2010-4652
Several vulnerabilities have been discovered in ProFTPD, a versatile,
virtual-hosting FTP daemon:
CVE-2008-7265
Incorrect handling of the ABOR command could lead to
denial of service through elevated CPU consumption.
CVE-2010-3867
Several directory traversal vulnerabilities have been
discovered in the mod_site_misc module.
CVE-2010-4562
A SQL injection vulnerability was discovered in the
mod_sql module.
For the oldstable distribution (lenny), this problem has been fixed in
version 1.3.1-17lenny6.
The stable distribution (squeeze) and the unstable distribution (sid)
are not affected, these vulnerabilities have been fixed prior to the
release of Debian 6.0 (squeeze).
We recommend that you upgrade your proftpd-dfsg packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk1+YmQACgkQXm3vHE4uylpFKgCfarREV6pyMLSNv0kSdPmm4Hss
pDkAnix/Pp7SEL25AgO8jSzDlisJAJSL
=uk9S
-----END PGP SIGNATURE-----
From - Mon Mar 14 19:34:53 2011
X-Account-Key: account7
X-UIDL: 4cc06000000143e1
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <bugtraq-return-46284-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id D4B03EC12C
for <lists@securityspace.com>; Mon, 14 Mar 2011 15:14:35 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id 05E60143968; Mon, 14 Mar 2011 12:07:59 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 15664 invoked from network); 14 Mar 2011 18:19:02 -0000
From: security-alert@hp.com
To: bugtraq@securityfocus.com
Subject: [security bulletin] HPSBMA02644 SSRT100284 rev.1 - HP Client Automation Enterprise (HPCA) Running on Windows, Remote Execution of Arbitrary Code
Message-Id: <20110314181859.E9ED6224779@security.hp.com>
Date: Mon, 14 Mar 2011 12:18:59 -0600 (MDT)
Status: RO
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02750690
Version: 1
HPSBMA02644 SSRT100284 rev.1 - HP Client Automation Enterprise (HPCA) Running on Windows, Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-03-14
Last Updated: 2011-03-14
Potential Security Impact: Remote execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security problem has been identified with HP Client Automation Enterprise software (HPCA) running on Windows. HPCA was formerly known as Radia Notify. This vulnerability could be exploited to allow execution of arbitrary code.
References: CVE-2011-0889, ZDI-CAN-914
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Client Automation v5.11, v7.2, v7.5, v7.8, and v7.9
BACKGROUND
CVSS 2.0 Base Metrics
========================================================== Reference Base Vector Base Score
CVE-2011-0889 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 10.0
========================================================== Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks an anonymous security researcher working with TippingPoint Zero Day Initiative for reporting this vulnerability to security-alert@hp.com
RESOLUTION
The vulnerability is caused by a non standard configuration and can be resolved by verifying configuration of HP Client Automation Enterprise software (HPCA). Follow the advice from the article for Notify Security, KM99956.
Documentation for this resolution (KM99956) is available from the HP Software Support Online portal at
http://support.openview.hp.com/selfsolve/document/KM99956
PRODUCT SPECIFIC INFORMATION
None
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription:
http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit:
http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2011 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk1+QfgACgkQ4B86/C0qfVmKYACgnoQEIy4K5AmZW1w2dspzeTAM
svkAniixpsKv2/A49ZSpioWdzkV7P6ga
=Zy/L
-----END PGP SIGNATURE-----
From - Mon Mar 14 19:34:53 2011
X-Account-Key: account7
X-UIDL: 4cc06000000143e2
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <bugtraq-return-46283-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id 5D940EC12C
for <lists@securityspace.com>; Mon, 14 Mar 2011 15:24:17 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id E87811437E9; Mon, 14 Mar 2011 12:07:43 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 15526 invoked from network); 14 Mar 2011 18:06:34 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:sender:date:x-google-sender-auth
:message-id:subject:from:to:cc:content-type
:content-transfer-encoding;
bh=iRnKsZd/FRgwykRKu818XTVpzAZ6qi/7SzosDnAYTls=;
b=SHbPyjvIcuqvWioom2MhSb6YdwGb6Lf9j/YoQvB5NpudmP75BhalTK+Z3qvJmok7de
V6lVUMG253Psqq+IjgrB9ykWL8uLwsaG3AVQtBO5vkDuqvCCunoem58s9QXNnPV005dO
60HkL/yYJ4KwadyPp4N/5NjU0Ln4RKSBujdX8DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=mime-version:sender:date:x-google-sender-auth:message-id:subject
:from:to:cc:content-type:content-transfer-encoding;
b=SqjzEnxuPfgOV2BOJpnEdyDpM2jWrJYr0PSLVY5A1PEeAm3K4D2sx+yycPSjan3zSW
JX+g0dNmUUXAWn4tfPKqX947je+aFt4FwkEdxXEOWiBWAAKMkhsAuFcOXifIN3GAXJDo
0p+5C4HaLm+DsOrVcGNieNmPFZ4x0G7qgL/8EMIME-Version: 1.0
Sender: crashbrz@gmail.com
Date: Mon, 14 Mar 2011 15:06:32 -0300
X-Google-Sender-Auth: 7Q75pilqtJ-Tg8hvyjUvoJyZt9o
Message-ID: <AANLkTino+3yrjtH+oixoYL6Zxe6kSfutUsFNCCD+0yM2@mail.gmail.com>
Subject: [DCA-2011-0004] - Trend WebReputation API Bypass
From: =?ISO-8859-1?Q?Ewerson_Guimar�es_(Crash)_-_Dclabs?= <crash@dclabs.com.br>
To: bugtraq@securityfocus.com
Cc: dcLabs <dclabs@dclabs.com.br>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Status: RO
[DCA-2011-0004]
[Discussion]
- DcLabs Security Research Group advises about following vulnerability(ies):
[Software]
- Trend WebReputation API
[Vendor Product Description]
- Secure any endpoint � physical or virtual � with the industry�s strongest,
most reliable protection, while reducing the impact on your endpoint resources.
Harness the power of the cloud with to-the-second protection from the
Trend Micro Smart Protection Network.
Ground-breaking new virtualization awareness delivers the latest
endpoint solutions along with
peace of mind and innovative resource-saving technology to help you
defend against zero day threats with optional virtual patching.
- Source:
http://us.trendmicro.com/us/products/enterprise/officescan/index.html
[Advisory Timeline]
- Advisory sent to vendor: 15/Feb/2011
- Vendor said there is no failure 15/Feb/2011
- Advisory sent again with demo video: 16/Feb/2011
- Vendor confirmed the bug 16/Feb/2011
- Vendor fixed the bug 17/Feb/2011
- Advisory coordinated to be published 18/Feb/2011
- Published 14/Mar/2011
[Bug Summary]
- Download content-filter circumvent
[Impact]
- Medium
[Affected Version]
- 10.5
- Prior versions can also be affected but wasn't tested.
[Bug Description and Proof of Concept]
- Web Reputation download filter can be easily circumvented by adding
a @ or a'question mark' (?) at the end of URL.
POC:
URL Blocked
The URL that you are attempting to access is a potential security
risk. Trend Micro OfficeScan has blocked this URL
in keeping with network security policy.
URL:
http://nmap.org/dist/nmap-5.51-setup.exe
Risk Level: Dangerous
Details: Verified fraud page or threat source
Just put ? in end:
http://nmap.org/dist/nmap-5.51-setup.exe?
Download successful
Second POC:
Demo Video:
http://www.youtube.com/watch?v=J2Nd3wNWXPU
All flaws described here were discovered and researched by:
Ewerson Guimaraes (Crash)
DcLabs Security Research Group
crash <AT> dclabs <DOT> com <DOT> br
[Workarounds]
-
[Credits]
DcLabs Security Research Group.
--
Ewerson Guimaraes (Crash)
Pentester/Researcher
DcLabs Security Team
www.dclabs.com.br
From - Mon Mar 14 19:34:53 2011
X-Account-Key: account7
X-UIDL: 4cc06000000143e3
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <bugtraq-return-46282-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com [205.206.231.26])
by mx.securityspace.com (Postfix) with ESMTP id E4490EC12C
for <lists@securityspace.com>; Mon, 14 Mar 2011 16:28:58 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing2.securityfocus.com (Postfix) with QMQP
id E23451436E7; Mon, 14 Mar 2011 12:07:26 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 15440 invoked from network); 14 Mar 2011 18:02:02 -0000
X-PGP-Universal: processed;
by WS13 on Mon, 14 Mar 2011 20:54:35 +0300
Date: Mon, 14 Mar 2011 20:54:30 +0300
From: Alexandr Polyakov <alexandr.polyakov@dsec.ru>
Reply-To: Alexandr Polyakov <alexandr.polyakov@dsec.ru>
Organization: Digital Security
X-Priority: 3 (Normal)
Message-ID: <853816509.20110314205430@dsec.ru>
To: bugtraq@securityfocus.com, vuln@secunia.com,
packet@packetstormsecurity.org
Subject: [DSECRG-11-010] SAP NetWeaver logon.html - XSS
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1251
Content-Transfer-Encoding: quoted-printable
Status: RO
[DSECRG-11-010] SAP NetWeaver logon.html - XSS
SAP NetWeaver BSP logon page has linked XSS vulnerability.
Digital Security Research Group [DSecRG] Advisory DSecRG-11-010 (Internal DSecRG-00127)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver SAP_BASIS 620-730
Vendor URL:
http://www.sap.com
Bugs: XSS
Exploits: YES
Reported: 05.02.2010
Vendor response: 06.02.2010
Date of Public Advisory: 09.03.2011
CVE-number:
Author: Alexey Sintsov
Digital Security Research Group [DSecRG] (research [at] dsecrg [dot] com)
Description
***********
SAP NetWeaver BSP logon page has linked XSS vulnerability.
Details
*******
There were found another one vulnerability like described in note 887168 and note 887164
but this vulnerability is on another parameter.
Vulnerable variable: logonUrl
Vulnerable page: /sap/bc/public/bsp/sap/system_public/logon.htm
Attacker can send link to administrator and get his cookie.
Example:
******
Working exploit will be available in commercial scanner ERPSCAN security scanner for SAP (ERPSCAN.com)
References
**********
http://dsecrg.com/pages/vul/show.php?id=310
http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a
https://service.sap.com/sap/support/notes/1450270
Fix Information
*************
Solution to this issue is given in the 1450270 security note.
About
*****
Digital Security:
Is one of the leading IT security companies in CEMEA, providing information security consulting, audit and penetration testing services, ERP and SAP security assessment, certification for ISO/IEC 27001:2005 and PCI DSS and PA DSS standards.
Digital Security Research Group:
International subdivision of Digital Security company focused on research and software development for securing business-critical systems like: enterprise applications (ERP,CRM,SRM), technology systems (SCADA, Smart Grid) and banking software. DSecRG developed new product "ERPSCAN security suite for SAP" and service "ERPSCAN Online" which can help customers to perform automated security assessments and compliance checks for SAP solutions.
Contact: research [at] dsecrg [dot] com
http://www.dsecrg.com
http://www.erpscan.com
Polyakov Alexandr. PCI QSA,PA-QSA
CTO Digital Security
Head of DSecRG
______________________
DIGITAL SECURITY
phone: +7 812 703 1547
+7 812 430 9130
e-mail: a.polyakov@dsec.ru
www.dsec.ru
www.dsecrg.com www.dsecrg.ru
www.erpscan.com www.erpscan.ru
www.pcidssru.com www.pcidss.ru
-----------------------------------
This message and any attachment are confidential and may be privileged or otherwise protected
from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure
is strictly prohibited. If you have received this message in error, please notify the sender immediately
either by telephone or by e-mail and delete this message and any attachment from your system. Correspondence
via e-mail is for information purposes only. Digital Security neither makes nor accepts legally binding
statements by e-mail unless otherwise agreed.
-----------------------------------
From - Tue Mar 15 09:34:25 2011
X-Account-Key: account7
X-UIDL: 4cc06000000143f1
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <bugtraq-return-46287-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id D1D1EEC1F6
for <lists@securityspace.com>; Tue, 15 Mar 2011 09:33:43 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 6A7AF2370F3; Tue, 15 Mar 2011 06:30:17 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 25096 invoked from network); 15 Mar 2011 03:30:24 -0000
Date: Mon, 14 Mar 2011 20:30:10 -0700
From: Kees Cook <kees@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: [USN-1085-2] tiff regression
Message-ID: <20110315033010.GF5466@outflux.net>
Reply-To: Ubuntu Security <security@ubuntu.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature"; boundary="LZvS9be/3tNcYl/X"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.316 $
X-HELO: www.outflux.net
X-Scanned-By: MIMEDefang 2.67 on 10.2.0.1
Status:
--LZvS9be/3tNcYl/X
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
===========================================================
Ubuntu Security Notice USN-1085-2 March 15, 2011
tiff regression
https://launchpad.net/bugs/731540
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libtiff4 3.7.4-1ubuntu3.10
Ubuntu 8.04 LTS:
libtiff4 3.8.2-7ubuntu3.8
Ubuntu 9.10:
libtiff4 3.8.2-13ubuntu0.5
Ubuntu 10.04 LTS:
libtiff4 3.9.2-2ubuntu0.5
Ubuntu 10.10:
libtiff4 3.9.4-2ubuntu0.2
After a standard system update you need to restart your session to make
all the necessary changes.
Details follow:
USN-1085-1 fixed vulnerabilities in the system TIFF library. The upstream
fixes were incomplete and created problems for certain CCITTFAX4 files.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Sauli Pahlman discovered that the TIFF library incorrectly handled invalid
td_stripbytecount fields. If a user or automated system were tricked into
opening a specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. This issue only affected
Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)
Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF
files with an invalid combination of SamplesPerPixel and Photometric
values. If a user or automated system were tricked into opening a specially
crafted TIFF image, a remote attacker could crash the application, leading
to a denial of service. This issue only affected Ubuntu 10.10.
(CVE-2010-2482)
Nicolae Ghimbovschi discovered that the TIFF library incorrectly handled
invalid ReferenceBlackWhite values. If a user or automated system were
tricked into opening a specially crafted TIFF image, a remote attacker
could crash the application, leading to a denial of service.
(CVE-2010-2595)
Sauli Pahlman discovered that the TIFF library incorrectly handled certain
default fields. If a user or automated system were tricked into opening a
specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. (CVE-2010-2597, CVE-2010-2598)
It was discovered that the TIFF library incorrectly validated certain
data types. If a user or automated system were tricked into opening a
specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. (CVE-2010-2630)
It was discovered that the TIFF library incorrectly handled downsampled
JPEG data. If a user or automated system were tricked into opening a
specially crafted TIFF image, a remote attacker could execute arbitrary
code with user privileges, or crash the application, leading to a denial of
service. This issue only affected Ubuntu 10.04 LTS and 10.10.
(CVE-2010-3087)
It was discovered that the TIFF library incorrectly handled certain JPEG
data. If a user or automated system were tricked into opening a specially
crafted TIFF image, a remote attacker could execute arbitrary code with
user privileges, or crash the application, leading to a denial of service.
This issue only affected Ubuntu 6.06 LTS, 8.04 LTS and 9.10.
(CVE-2011-0191)
It was discovered that the TIFF library incorrectly handled certain TIFF
FAX images. If a user or automated system were tricked into opening a
specially crafted TIFF FAX image, a remote attacker could execute arbitrary
code with user privileges, or crash the application, leading to a denial of
service. (CVE-2011-0191)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.10.diff.gz
Size/MD5: 24707 92ee677a20237cfdb17b5dcbe024fc81
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.10.dsc
Size/MD5: 1445 19186c480eda8ade1d4fd194a7e08bf6
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz
Size/MD5: 1280113 02cf5c3820bda83b35bb35b45ae27005
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_amd64.deb
Size/MD5: 220784 7b8f336c5190b816fb92f498b30755c9
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_amd64.deb
Size/MD5: 283278 2633a7f81897814f7bddb303f6952b34
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_amd64.deb
Size/MD5: 488554 bd11ebd5ae319660ec0eff4f22b55268
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_amd64.deb
Size/MD5: 45210 2d75169ed1d84f4907d505780123691d
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_amd64.deb
Size/MD5: 50372 d606202ec431cee4d43658887b7c53f7
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_i386.deb
Size/MD5: 206424 d346905ce628f3b5afdfe1a4b5e46ee8
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_i386.deb
Size/MD5: 260146 f8a0af4bb2a87fab5833e8bea85b4179
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_i386.deb
Size/MD5: 462812 81f1884d1f83fbc7cf670233e79e464b
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_i386.deb
Size/MD5: 45144 047a98941044eb476ff601a50a94cb97
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_i386.deb
Size/MD5: 49650 0298317461310597a873c28bbe6c9c2d
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_powerpc.deb
Size/MD5: 240378 8f832fa2e7ca2122ea17b8440db407a3
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_powerpc.deb
Size/MD5: 289250 7118c8a2b9ee67fb759d89631b80ec33
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_powerpc.deb
Size/MD5: 477164 46d81e5cca275c4f9fa490bccf5e1b54
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_powerpc.deb
Size/MD5: 47366 8f493b29a1c6af1ede1ae20bb340542e
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_powerpc.deb
Size/MD5: 52018 9cbc82320c0fb9160a55d9e966935308
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.10_sparc.deb
Size/MD5: 209294 1c075ff5d8fe054cfbe59767156f2b12
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.10_sparc.deb
Size/MD5: 271226 083721bbf42b3a9c2ba0619725cdea1c
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.10_sparc.deb
Size/MD5: 467842 244140481e39cbae1caeea1cbc7242fb
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.10_sparc.deb
Size/MD5: 45072 0ecf1aa2519fd0f70a54e97299a9a2aa
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.10_sparc.deb
Size/MD5: 50206 1fd3434ab16f251802c05e69b2ec4172
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.8.diff.gz
Size/MD5: 23098 1ee89aac13034400cc5f65bc82350576
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.8.dsc
Size/MD5: 1534 db81aff18857a6a792e8e3d9f6419c25
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz
Size/MD5: 1333780 e6ec4ab957ef49d5aabc38b7a376910b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_amd64.deb
Size/MD5: 186052 117b7fef507321d3b40f31e82121d65c
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_amd64.deb
Size/MD5: 583498 356ff0e0f3fa15764371a8d0ffbd2574
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_amd64.deb
Size/MD5: 132044 f21e514b5f9ffa5e083d48e3ff2876be
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_amd64.deb
Size/MD5: 5060 bd0be2af72fb9789ef27a5cf3445a960
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_amd64.deb
Size/MD5: 10482 a49a0b07d12a18248a56d1c64322687b
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_i386.deb
Size/MD5: 175314 d510325b149f2106114857e9cd1887a1
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_i386.deb
Size/MD5: 552824 044e167a1106988f710d4b26cd480c13
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_i386.deb
Size/MD5: 123468 8c41a5b4deb4daf59a27aa18bafc2a33
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_i386.deb
Size/MD5: 5044 221fabdeb10a45b0e39b30fcd9876d57
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_i386.deb
Size/MD5: 9934 139ed154385849ed4a76c21f14d1824c
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_lpia.deb
Size/MD5: 177010 f861eceecd6f08085a7e66038b28d148
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_lpia.deb
Size/MD5: 555294 27b3f40726cd5cf866dd80b5fb5f652d
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_lpia.deb
Size/MD5: 124582 a101756bd948bc2d526bbb3793655c46
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_lpia.deb
Size/MD5: 4916 0fde80306a67eb766b878040048003fa
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_lpia.deb
Size/MD5: 9976 36fdc7a9337f4a5391a5d951624775df
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_powerpc.deb
Size/MD5: 223488 04f35d447aa797b255c249719f467896
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_powerpc.deb
Size/MD5: 577476 53e4f31126ecae60b54a2614c29a02ef
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_powerpc.deb
Size/MD5: 135174 24d5e5f4e4903eae9ba2b4163eb0ab44
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_powerpc.deb
Size/MD5: 7512 a361eb4c3985a90189342aced3932676
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_powerpc.deb
Size/MD5: 13288 2f458ba98bbf136958d2a8cdc87a83ab
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.8_sparc.deb
Size/MD5: 178860 d48dc98bba2aaaf1830ad3a9d69b99db
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.8_sparc.deb
Size/MD5: 558838 c9ffd065811bf117f5c57dae82c4173b
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.8_sparc.deb
Size/MD5: 123254 e11f44522f5cef8b3f4a8a633be5437d
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.8_sparc.deb
Size/MD5: 4796 498f87c694b19560fe59ee3afb605af4
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.8_sparc.deb
Size/MD5: 10700 5bb66a32a926f8fbd1a5b864a3d88cd7
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.5.diff.gz
Size/MD5: 43070 e8b35ecf046a7c3619e1d9929de8b830
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-13ubuntu0.5.dsc
Size/MD5: 1978 d8a8180b56ba05c422d4b443afb1d44e
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz
Size/MD5: 1333780 e6ec4ab957ef49d5aabc38b7a376910b
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.8.2-13ubuntu0.5_all.deb
Size/MD5: 348112 a84bc452f3a0eea39c87ac3ac744112c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_amd64.deb
Size/MD5: 191416 300ef146f5155ff8ccdf51e8a684ff34
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_amd64.deb
Size/MD5: 252426 b78ec6fcac494ac67fb4b357632dace3
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_amd64.deb
Size/MD5: 135940 d3f0cb6e3491b6d335e905ddb2139dfc
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_amd64.deb
Size/MD5: 6332 b7da9edb5b42f9c08596a6b1966cb6e0
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_amd64.deb
Size/MD5: 12004 3107c05e0644d55184c568fbd205c8d4
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_i386.deb
Size/MD5: 176368 b2b0a5ed89fa9405dea1a1944bf4e606
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_i386.deb
Size/MD5: 232588 71573f111b56ed24c2bb95e70cf24950
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_i386.deb
Size/MD5: 125002 9127f1c5991d7bebf346d7996aa05549
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_i386.deb
Size/MD5: 6446 8535ecbdf277f311afe69e053e7027eb
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_i386.deb
Size/MD5: 11292 21192b1ec3a90204f70ac7e715f6ef94
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_armel.deb
Size/MD5: 182752 27e8c1ba005bb913056725f27afed10b
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_armel.deb
Size/MD5: 233860 7bb2dfcf30084a32cfda47150de12820
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_armel.deb
Size/MD5: 124716 5bf3991de9df681e72aeb2b9cb0157e3
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_armel.deb
Size/MD5: 5966 f7269719e2c4b9f44abb54ea640452b9
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_armel.deb
Size/MD5: 11160 213b7115f391a62a039e86bd2aed21e3
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_lpia.deb
Size/MD5: 177048 6f228aae0027ce228001ab1e03c1420f
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_lpia.deb
Size/MD5: 234412 2be52c2f11d51dc60ebd6358921ed539
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_lpia.deb
Size/MD5: 126608 5b98943322e5546def050c29f0137c51
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_lpia.deb
Size/MD5: 6312 9dfcffd32f1aa8e42e6e5f94c8171333
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_lpia.deb
Size/MD5: 11340 69f92d56438e597d2733cca9fe192e09
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_powerpc.deb
Size/MD5: 191484 3af0b1c5f8e037c97831d2321c144069
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_powerpc.deb
Size/MD5: 256554 94513c2b20ec5e2206d5b5476ac4b6e1
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_powerpc.deb
Size/MD5: 137434 0dd8d58ca4136b26395ec9619352cbf4
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_powerpc.deb
Size/MD5: 6724 752b5398be235d406db9b0070c8b4bcc
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_powerpc.deb
Size/MD5: 12080 857d09fbe80934ec33149da04cf5b4fe
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-13ubuntu0.5_sparc.deb
Size/MD5: 184288 a83a8a638af348c50d3bb64a2c0490e4
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-13ubuntu0.5_sparc.deb
Size/MD5: 237164 9a5c6358c6c65dfc8e5154f79c5937a1
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-13ubuntu0.5_sparc.deb
Size/MD5: 125062 2e70ed4b0b98f15d9b6d4d1aa2c223fe
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-13ubuntu0.5_sparc.deb
Size/MD5: 6096 e374e39bdeb2b16f8944713dc6b59ec2
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-13ubuntu0.5_sparc.deb
Size/MD5: 12036 3bd0ece44e01a49c32decff3d318bcc3
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.5.diff.gz
Size/MD5: 20142 b939eddaecc09a223f750ddc9ec300a7
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2-2ubuntu0.5.dsc
Size/MD5: 1974 0ab3539d8af96ca2ca23c1d74d79e8c6
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.2.orig.tar.gz
Size/MD5: 1419742 93e56e421679c591de7552db13384cb8
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.9.2-2ubuntu0.5_all.deb
Size/MD5: 359126 ddf2cb68732e7fd96ea2078ce0ad4742
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_amd64.deb
Size/MD5: 250490 975aec44c621ff1e524a7d0c344c461d
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_amd64.deb
Size/MD5: 269922 24ffd793f4f4cab1c419281358f95b06
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_amd64.deb
Size/MD5: 149244 8de4b36f57fd254339472d92d58df436
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_amd64.deb
Size/MD5: 6384 dd647e2d96b24485c9a3d512568a33e8
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_amd64.deb
Size/MD5: 12028 f312a06be417327ccaab3bc83fce43ee
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_i386.deb
Size/MD5: 234120 b80a26f6acbf41fc2835dea7be97d332
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_i386.deb
Size/MD5: 246962 2aced2d3476f07034714c32581451fca
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_i386.deb
Size/MD5: 136750 9e662029ab9932f9bb5cf551c9a25c70
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_i386.deb
Size/MD5: 6486 588d1bff01cbec45eefbfb25864b48c7
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_i386.deb
Size/MD5: 11282 028b976bcc83292a2a436961a26cff1b
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_armel.deb
Size/MD5: 237816 b1bb7396d24ca82d5a72012e7f5902df
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_armel.deb
Size/MD5: 238800 82ec468a735c037f758424ee05ab0eda
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_armel.deb
Size/MD5: 129636 b6277537fd8ca0a7258d156b8185fc6c
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_armel.deb
Size/MD5: 5980 5ee322e0d78f7f440501872a91e78c98
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_armel.deb
Size/MD5: 11300 c0120b282e1fa3c9922b9218a1d86271
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_powerpc.deb
Size/MD5: 253514 208b8a67298bb8435b790579c2369258
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_powerpc.deb
Size/MD5: 275256 4ccb314e621e464c06a709fbd7632384
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_powerpc.deb
Size/MD5: 150724 4787f755ef29dd7198699c9456ca5fd0
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_powerpc.deb
Size/MD5: 6770 759c330d4a755d3d217ca8afef8cb191
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_powerpc.deb
Size/MD5: 12092 86dd9f88b6d3f4e3f7ee0c3f98ce4448
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.2-2ubuntu0.5_sparc.deb
Size/MD5: 248776 0e081f6795686de636fdb537d0da0af3
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.2-2ubuntu0.5_sparc.deb
Size/MD5: 257346 b1cb2500a7b1ada561852e12546279a4
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.2-2ubuntu0.5_sparc.deb
Size/MD5: 143484 b24ccd56b9eee79c062d8a1e13e65326
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.2-2ubuntu0.5_sparc.deb
Size/MD5: 6226 28e807e1ae69640a7e0a35ea79b8913a
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.2-2ubuntu0.5_sparc.deb
Size/MD5: 11922 1acad867116630bb02cf53831f49fb91
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4-2ubuntu0.2.debian.tar.gz
Size/MD5: 18124 6b91f60b7bc92c8f0710f4088c1f38f3
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4-2ubuntu0.2.dsc
Size/MD5: 1991 020c2a94b61792b09f6d01752f2c7f5d
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.9.4.orig.tar.gz
Size/MD5: 1436968 2006c1bdd12644dbf02956955175afd6
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-doc_3.9.4-2ubuntu0.2_all.deb
Size/MD5: 342928 4d7df4c971ba92ab11d738820853fcc4
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_amd64.deb
Size/MD5: 248246 dd83a166330ad6268952b8e49f075012
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_amd64.deb
Size/MD5: 270788 73525f6754327725fd2e93fe1fc0e4fb
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_amd64.deb
Size/MD5: 149490 2da1a59a5a933e822256d2b6d89454c6
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_amd64.deb
Size/MD5: 6310 b566e3ac1e893179519b2596798ad492
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_amd64.deb
Size/MD5: 11806 a523fb6ef9ac518e5869fdc9bd72d937
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_i386.deb
Size/MD5: 230148 a676650de4cfea04a7bfd000de0da151
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_i386.deb
Size/MD5: 247138 95194c2ea2ab0ca87e6b8867dae07385
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_i386.deb
Size/MD5: 136668 f0931de0028f3538f92ef2547cde7bba
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_i386.deb
Size/MD5: 6424 ad458d476aa6df65bfaec35f5cba9c0b
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_i386.deb
Size/MD5: 11144 efd76c12cc9f9df3ba719e8f073a6bfa
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_armel.deb
Size/MD5: 256880 6aedba603449a04715b504caac95ed22
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_armel.deb
Size/MD5: 271424 0587dc26b90416181bb71f0ee0acbed3
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_armel.deb
Size/MD5: 151800 0a97a3959787ce6e4d4a60db21f4bd19
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_armel.deb
Size/MD5: 5844 6efde8a677921feabc6dd5156181d72a
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_armel.deb
Size/MD5: 11228 9e354f5270bc717488682dfc4712e74a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.9.4-2ubuntu0.2_powerpc.deb
Size/MD5: 250366 6fa58ac5fb03e3b6866499f53cb3e79d
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.9.4-2ubuntu0.2_powerpc.deb
Size/MD5: 275860 d4f92d8330e793d8056e4bc5c180fba9
http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.9.4-2ubuntu0.2_powerpc.deb
Size/MD5: 150712 c47116bbde1de23b39bd86ce6733e033
http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.9.4-2ubuntu0.2_powerpc.deb
Size/MD5: 6702 d9524527cbcbd6b38cb782d73adbdc3b
http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.9.4-2ubuntu0.2_powerpc.deb
Size/MD5: 11962 a31983d4e49adaa4fa0321c16105bae3
--LZvS9be/3tNcYl/X
