SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   GD Library Vendors:   Boutell.com
(Trustix Issues Fix) GD Library Buffer Overflows in gdMalloc() May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012250
SecurityTracker URL:  http://securitytracker.com/id/1012250
CVE Reference:   CVE-2004-0941   (Links to External Site)
Date:  Nov 17 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): possibly 2.0.33
Description:   Some buffer overflow vulnerabilities were reported in GD Library. A remote user may be able to execute arbitrary code on the target system.

It is reported that a remote user can create a specially crafted image file that, when processed by the target user, will trigger a buffer overflow in the gdMalloc() function.

Impact:   A remote user may be able to cause arbitrary code to be executed on the target system.
Solution:   Trustix has released a fix for gd, available at:

http://http.trustix.org/pub/trustix/updates/
ftp://ftp.trustix.org/pub/trustix/updates/

Vendor URL:  www.boutell.com/gd/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Trustix)
Underlying OS Comments:  Trustix Secure Linux 2.2

Message History:   This archive entry is a follow-up to the message listed below.
Nov 11 2004 GD Library Buffer Overflows in gdMalloc() May Let Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  TSL-2004-0059 - (The mother of all) multis


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Bugfix Advisory #2004-0059

Package name:      apache automake bind console-tools courier-imap cracklib
                   cups cyrus-imapd cyrus-sasl filesystem foomatic-filters
                   freetype ghostscript glib glibc gzip lynx mod_perl mutt
                   mysql netatalk ntp openldap openssh openssl openswan perl
                   perl-convert-uulib perl-dbi perl-unicode-map php postfix
                   postgresql proftpd python razor-agents rp-pppoe rsync
                   spamassassin squid stunnel swup syslinux tsl-utils
                   uw-imap vim wget words
Summary:           Package bugfix
Date:              2004-11-15
Affected versions: Trustix Secure Linux 2.2

- --------------------------------------------------------------------------
Package description:
  
  apache:
  Apache is a full featured web server that is freely available, and also
  happens to be the most widely used.
  
  automake:
  Automake is an experimental Makefile generator. Automake was inspired
  by the 4.4BSD make and include files, but aims to be portable and to
  conform to the GNU standards for Makefile variables and targets.
  
  bind:
  BIND (Berkeley Internet Name Domain) is an implementation of the DNS
  (Domain Name System) protocols. BIND includes a DNS server (named),
  which resolves host names to IP addresses, and a resolver library
  (routines for applications to use when interfacing with DNS).  A DNS
  server allows clients to name resources or objects and share the
  information with other network machines.  The named DNS server can be
  used on workstations as a caching name server, but is generally only
  needed on one machine for an entire network.
  
  console-tools:
  The console-tools package contains tools for managing a Linux
  system's console's behavior, including the keyboard, the screen
  fonts, the virtual terminals and font files.
  
  courier-imap:
  Courier-IMAP is an IMAP server for Maildir mailboxes.  This package
  contains the standalone version of the IMAP server that's included in
  the Courier mail server package.  This package is a standalone version
  for use with other mail servers.
  
  cracklib:
  CrackLib tests passwords to determine whether they match certain
  security-oriented characteristics. You can use CrackLib to stop
  users from choosing passwords which would be easy to guess. CrackLib
  performs certain tests:
  
  * It tries to generate words from a username and gecos entry and
    checks those words against the password;
  * It checks for simplistic patterns in passwords;
  * It checks for the password in a dictionary.
  
  cups:
  The Common UNIX Printing System provides a portable printing layer for
  UNIX(R) operating systems. It has been developed by Easy Software Products
  to promote a standard printing solution for all UNIX vendors and users.
  CUPS provides the System V and Berkeley command-line interfaces.
  
  cyrus-imapd:
  The Cyrus IMAP server is a scaleable enterprise mail system
  designed for use from small to large enterprise environments using
  standards-based technologies.
  
  cyrus-sasl:
  The cyrus-sasl package contains the Cyrus implementation of SASL.
  SASL is the Simple Authentication and Security Layer, a method for
  adding authentication support to connection-based protocols.
  
  filesystem:
  The filesystem package is one of the basic packages that is installed on
  a Trustix Secure Linux system.  Filesystem  contains the basic directory
  layout for a Linux operating system, including the correct permissions
  for the directories.
  
  foomatic-filters:
  Foomatic is a database-driven system for integrating free software printer
  drivers with common spoolers under Unix. It supports CUPS, LPRng, LPD,
  GNUlpr, PPR, PDQ, CPS, and direct printing with every free software
  printer driver known to us and every printer known to work with these
  drivers.
  
  gd:
  gd is a graphics library. It allows your code to quickly draw images
  complete with lines, arcs, text, multiple colors, cut and paste from
  other images, and flood fills, and write out the result as a PNG or
  JPEG file. This is particularly useful in World Wide Web applications,
  where PNG and JPEG are two of the formats accepted for inline images
  by most browsers.
  
  ghostscript:
  ESP Ghostscript is an enhanced version of GNU Ghostscript that
  includes new printer drivers and support for the Common UNIX
  Printing System.
  
  glib:
  GLib is a handy library of utility functions. This C library is
  designed to solve some portability problems and provide other useful
  functionality which most programs require.
  
  glibc:
  The glibc package contains standard libraries which are used by
  multiple programs on the system. In order to save disk space and
  memory, as well as to make upgrading easier, common system code is
  kept in one place and shared between programs. This particular package
  contains the most important sets of shared libraries: the standard C
  library and the standard math library. Without these two libraries, a
  Linux system will not function.  The glibc package also contains
  national language (locale) support and timezone databases.
  
  gzip:
  The gzip package contains the popular GNU gzip data compression
  program.  Gzipped files have a .gz extension.
  
  lynx:
  Lynx is a text-based Web browser. Lynx does not display any images,
  but it does support frames, tables and most other HTML tags. Lynx's
  advantage over graphical browsers is its speed: Lynx starts and exits
  quickly and swiftly when displaying Web pages.
  
  mod_perl:
  Mod_perl incorporates a Perl interpreter into the Apache web server,
  so that the Apache web server can directly execute Perl code.
  Mod_perl links the Perl runtime library into the Apache web server and
  provides an object-oriented Perl interface for Apache's C language
  API.  The end result is a quicker CGI script turnaround process, since
  no external Perl interpreter has to be started.
  
  mutt:
  Mutt is a text mode mail user agent. Mutt supports color, threading,
  arbitrary key remapping, and a lot of customization.
  
  mysql:
  MySQL is a true multi-user, multi-threaded SQL (Structured Query
  Language) database server. MySQL is a client/server implementation
  that consists of a server daemon (mysqld) and many different client
  programs/libraries.
  
  netatalk:
  netatalk is an implementation of the AppleTalk Protocol Suite for
  Unix/Linux systems. The current release contains support for Ethertalk
  Phase I and II, DDP, RTMP, NBP, ZIP, AEP, ATP, PAP, ASP, and AFP.
  It provides Appletalk file printing and routing services on Solaris
  2.5, Linux, FreeBSD, SunOS 4.1 and Ultrix 4. It also supports AFP 2.1
  and 2.2 (Appleshare IP).
  
  ntp:
  The Network Time Protocol (NTP) is used to synchronize a computer's
  time with another reference time source. The ntp package contains
  utilities and daemons that will synchronize your computer's time to
  Coordinated Universal Time (UTC) via the NTP protocol and NTP servers.
  The ntp package includes ntpdate (a program for retrieving the date
  and time from remote machines via a network) and ntpd (a daemon which
  continuously adjusts system time).
  
  openldap:
  LDAP servers and clients, as well as interfaces to other protocols.
  Note that this does not include the slapd interface to X.500 and
  therefore does not require the ISODE package.
  
  openssh:
  Ssh (Secure Shell) a program for logging into a remote machine and for
  executing commands in a remote machine.  It is intended to replace
  rlogin and rsh, and provide secure encrypted communications between
  two untrusted hosts over an insecure network.  X11 connections and
  arbitrary TCP/IP ports can also be forwarded over the secure channel.
  
  openssl:
  A C library that provides various crytographic algorithms and protocols,
  including DES, RC4, RSA, and SSL. Includes shared libraries.
  
  openswan:
  Openswan is a free implementation of IPSEC & IKE for Linux.
  
  IPsec is Internet Protocol Security and uses strong cryptography to
  provide both authentication and encryption services.  These services
  allow you to build secure tunnels through untrusted networks.
  Everything passing through the untrusted net is encrypted by the ipsec
  gateway machine and decrypted by the gateway at the other end of the
  tunnel.  The resulting tunnel is a virtual private network or VPN.
  
  perl:
  Perl is a high-level programming language with roots in C, sed, awk
  and shell scripting.  Perl is good at handling processes and files,
  and is especially good at handling text.  Perl's hallmarks are
  practicality and efficiency.  While it is used to do a lot of
  different things, Perl's most common applications (and what it excels
  at) are probably system administration utilities and web programming.
  A large proportion of the CGI scripts on the web are written in Perl.
  You need the perl package installed on your system so that your
  system can handle Perl scripts.
  
  perl-convert-uulib:
  Convert-UUlib module from CPAN for perl
  
  perl-dbi:
  The Perl Database Interface (DBI) is a database access Application
  Programming Interface (API) for the Perl Language. The Perl DBI API
  specification defines a set of functions, variables and conventions that
  provide a consistent database interface independent of the actual
  database being used.
  
  perl-unicode-map:
  Unicode-Map module from CPAN for perl
  
  php:
  PHP is an HTML-embedded scripting language.  PHP attempts to make it
  easy for developers to write dynamically generated web pages.  PHP
  also offers built-in database integration for several commercial
  and non-commercial database management systems, so writing a
  database-enabled web page with PHP is fairly simple.  The most
  common use of PHP coding is probably as a replacement for CGI
  scripts.  The mod_php module enables the Apache web server to
  understand and process the embedded PHP language in web pages.
  
  postfix:
  Postfix is an alternative to the sendmail mailer daemon. Postfix attempts
  to be fast, easy to administer, and secure, while at the same time being
  sendmail compatible enough to not upset existing users.
  
  postgresql:
  PostgreSQL is an advanced Object-Relational database management system
  (DBMS) that supports almost all SQL constructs (including
  transactions, subselects and user-defined types and functions). The
  postgresql package includes the client programs and libraries that
  you'll need to access a PostgreSQL DBMS server.  These PostgreSQL
  client programs are programs that directly manipulate the internal
  structure of PostgreSQL databases on a PostgreSQL server. These client
  programs can be located on the same machine with the PostgreSQL
  server, or may be on a remote machine which accesses a PostgreSQL
  server over a network connection. This package contains the docs
  in HTML for the whole package, as well as command-line utilities for
  managing PostgreSQL databases on a PostgreSQL server.
  
  proftpd:
  ProFTPd is an enhanced FTP server with a focus toward simplicity,
  security, and ease of configuration.  It features a very Apache-like
  configuration syntax, and a highly customizable server infrastructure,
  including support for multiple 'virtual' FTP servers, anonymous FTP, and
  permission-based directory visibility.
  
  python:
  Python is an interpreted, interactive, object-oriented programming
  language often compared to Tcl, Perl, Scheme or Java. Python includes
  modules, classes, exceptions, very high level dynamic data types and
  dynamic typing. Python supports interfaces to many system calls and
  libraries.
  
  razor-agents:
  Vipul's Razor is a distributed, collaborative, spam detection and
  filtering network. Razor establishes a distributed and constantly
  updating catalogue of spam in propagation. This catalogue is used
  by clients to filter out known spam.  Prior to manual processing or
  transport-level reception, Razor Filtering Agents (end-users and MTAs)
  check their incoming mail against a Catalogue Server and filter out
  or deny transport in case of a signature match. Catalogued spam, once
  identified and reported by a Reporting Agent, can be blocked out by the
  rest of the Filtering Agents on the network.
  
  rp-pppoe:
  PPPoE (Point-to-Point Protocol over Ethernet) is a protocol used by
  many ADSL Internet Service Providers. Roaring Penguin has a free
  client for Linux systems to connect to PPPoE service providers.
  
  rsync:
  Rsync uses a quick and reliable algorithm to very quickly bring
  remote and host files into sync.  Rsync is fast because it just
  sends the differences in the files over the network (instead of
  sending the complete files). Rsync is often used as a very powerful
  mirroring process or just as a more capable replacement for the
  rcp command.  A technical report which describes the rsync algorithm
  is included in this package.
  
  spamassassin:
  SpamAssassin provides you with a way to reduce, if not completely
  eliminate, Unsolicited Bulk Email (or "spam") from your incoming email.
  It can be invoked by a MDA such as sendmail or postfix, or can be called
  from a procmail script, .forward file, etc.  It uses a
  genetic-algorithm-evolved scoring system to identify messages which look
  spammy, then adds headers to the message so they can be filtered by the
  user's mail reading software.  This distribution includes the
  spamd/spamc components which considerably speeds processing of mail.
  
  squid:
  Squid is a high-performance proxy caching server for Web clients,
  supporting FTP, gopher, and HTTP data objects. Unlike traditional
  caching software, Squid handles all requests in a single,
  non-blocking, I/O-driven process. Squid keeps meta data and especially
  hot objects cached in RAM, caches DNS lookups, supports non-blocking
  DNS lookups, and implements negative caching of failed requests.
  
  stunnel:
  stunnel is a socket wrapper which can be used to give ordinary
  applications SSL (secure sockets layer) support. For example, it
  can be used in conjunction with a imapd to create a SSL secure IMAP
  server.
  
  swup:
  SWUP - SoftWare UPdater is an extension for existing software packaging
  systems to facilitate automatic and secure update and install. SWUP
  handles dependencies between software packages, and is able to fetch
  additional required software when installing or upgrading.
  
  syslinux:
  Syslinux is a simple kernel loader. It normally loads the kernel (and an
  optional initrd image) from a FAT filesystem. It can also be used as a
  PXE bootloader during network boots (PXELINUX), or for booting from
  ISO 9660 CD-ROMs (ISOLINUX).
  
  tsl-utils:
  The Trustix Secure Linux utils is a set of utilities and scripts that
  are made in the development process, and that really fit in no other
  package.
  
  uw-imap:
  The imap package provides server daemons for both the IMAP (Internet
  Message Access Protocol) and POP (Post Office Protocol) mail access
  protocols.  The POP protocol uses a "post office" machine to collect mail
  for users and allows users to download their mail to their local machine
  for reading. The IMAP protocol provides the functionality of POP, but
  allows a user to read mail on a remote machine without downloading it to
  their local machine.
  
  vim:
  VIM (VIsual editor iMproved) is an updated and improved version of the vi
  editor.  Vi was the first real screen-based editor for UNIX, and is still
  very popular.  VIM improves on vi by adding new features: multiple windows,
  multi-level undo, block highlighting and more.
  
  wget:
  GNU Wget is a file retrieval utility which can use either the HTTP or
  FTP protocols.  Wget features include the ability to work in the
  background while you're logged out, recursive retrieval of
  directories, file name wildcard matching, remote file timestamp
  storage and comparison, use of Rest with FTP servers and Range with
  HTTP servers to retrieve files over slow or unstable connections,
  support for Proxy servers, and configurability.
  
  words:
  The words file is a dictionary of English words for the /usr/share/dict
  directory.  Programs like ispell use this database of words to check
  spelling.
  

Problem description:

  apache:
  Rebuild for dynamic openssl
  Updated default index.html page
  Split default html pages into a separate package
  Now own /etc/httpd
  
  automake:
  Now also own /usr/share/aclocal
  
  bind:
  No longer have duplicate ownership of .la files.
  Rebuild with shared openssl
  
  console-tools:
  Fix br-ant.kmap
  Big rebuild
  Fixed Slovenian keymap.
  
  courier-imap:
  Rebuild with shared openssl
  Now own almostauthdaemondir as well.
  Now only force stop if we are totally uninstalling the package.
  
  cracklib:
  dicts have moved to /usr/share
  Does not build with stack protector enabled
  
  cups:
  Rebuild with shared openssl
  
  cyrus-imapd:
  Rebuild with shared openssl
  Added sieve directories.
  Fixed ctl_deliver -> cyr-expire in cron job.
  Fixed libdir.
  
  cyrus-sasl:
  Rebuild with shared openssl
  
  filesystem:
  Now own /usr/share/pixmaps
  /root should not be group readable
  Added POSIX man-pages directories.
  
  foomatic-filters:
  Now own /etc/foomatic
  
  gd:
  Add patch for CAN-2004-0941.
  Now require freeype as opposed to libfreetype.
  New upstream.  Fixes security holes.
  
  ghostscript:
  Rebuild with shared openssl
  
  glib:
  Now also own /usr/share/glib-2.0
  Build static libraries, we dont want glib in base because of passwd... 
  
  glibc:
  Add unsupported locales directory as well.
  Ensure empty $LD_LIBRARY_PATH
  Fixed getgrouplist issues
  
  gzip:
  Now own /usr/share/html/gzip
  Patch tempfile issues (Patch taken from Openwall GNU/*/Linux)
  
  lynx:
  Rebuild with shared openssl
  
  mod_perl:
  Move module from /usr/lib/apache/modules to /usr/lib/apache
  Fix filelist.
  Now have config file under /etc/httpd/conf.d instead.
  
  mutt:
  Rebuild with shared openssl
  
  mysql:
  Fix file conflicts.
  Rebuild with shared openssl
  
  netatalk:
  Rebuild with shared openssl
  
  ntp:
  Rebuild with shared openssl
  Increase fudge on local.
  
  openldap:
  Rebuild with shared openssl
  
  openssh:
  Now run sshd -t with full path in initscript.
  Rebuild with shared openssl
  
  openssl:
  Rebuild with correct permissions
  Fix symlink problems for .so in devel package
  
  openswan:
  Fix permissions on ipsec.secrets.
  
  perl:
  Now also create (and own) /usr/lib/perl5/5.8.5/i586-linux-thread-multi/auto
  
  perl-convert-uulib:
  Now own /usr/lib/perl5/site_perl/5.8.5/i586-linux-thread-multi/Convert and
    /usr/lib/perl5/site_perl/5.8.5/i586-linux-thread-multi/auto/Convert
  
  perl-dbi:
  Removed unused /usr/lib/perl5/site_perl/5.8.5/i586-linux/auto/DBD
  
  perl-unicode-map:
  Fix filelist
  
  php:
  Now with soap support.
  Rebuild with shared openssl
  Now with extension-dir set to /usr/share/php
  
  postfix:
  Rebuild with shared openssl
  
  postgresql:
  Fix file conflict.
  Rebuild with shared openssl
  
  proftpd:
  Rebuild with shared openssl
  
  python:
  Rebuild with shared openssl
  
  razor-agents:
  Now with path specified.
  
  rp-pppoe:
  Now own /etc/ppp/plugins directory.
  Added patch for iptables
  
  rsync:
  New upstream.
  Add standalone script.
  Added patch to fix nfs breaking
  Added patch to fix August 12th, 2004 advisory.
  
  spamassassin:
  Now also own /var/lib/spamassassin
  
  squid:
  New upstream.
  Now own /etc/squid
  
  stunnel:
  Rebuild with shared openssl
  
  swup:
  Fix path to contrib.
  
  syslinux:
  Now own /usr/lib/syslinux
  
  tsl-utils:
  Seems the config file was just another copy of the executable.
  
  uw-imap:
  Rebuild with shared openssl
  
  vim:
  Add syntax dir.
  
  wget:
  Rebuild with shared openssl
  
  words:
  Now use /usr/share/dict
  

Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-2.2/>
  or directly at
  <URI:http://www.trustix.org/errata/2004/0059/>


MD5sums of the packages:
- --------------------------------------------------------------------------
64437aba4df15b15db7d7f0076bd6313  2.2/rpms/apache-2.0.52-5tr.i586.rpm
c931f48a37db2aa0b87c39c3d2e4f5b7  2.2/rpms/apache-dbm-2.0.52-5tr.i586.rpm
80042d7d2afe4b01ec0a281864a4d5c6  2.2/rpms/apache-devel-2.0.52-5tr.i586.rpm
28ef7cfb3159838fa69c76df07bf0baa  2.2/rpms/apache-html-2.0.52-5tr.i586.rpm
2807d69950f54bcadb1f891ba2f0972f  2.2/rpms/apache-manual-2.0.52-5tr.i586.rpm

9d3e715720c6451645b6119f276b598d  2.2/rpms/automake-1.8.2-5tr.i586.rpm

54086b277685d66fe5cf2af14b9931a7  2.2/rpms/bind-9.3.0-4tr.i586.rpm
dbe976e64490b7fb9c7316adac6b3a70  2.2/rpms/bind-devel-9.3.0-4tr.i586.rpm
740352f4f8ff51d6fd53afed8b092082  2.2/rpms/bind-libs-9.3.0-4tr.i586.rpm
0ae16578fb7cfc74ec023883c4f53dad  2.2/rpms/bind-light-9.3.0-4tr.i586.rpm
7ea44c662ea0e7eb8edd7b1ed9d901bf  2.2/rpms/bind-light-devel-9.3.0-4tr.i586.rpm
2356d7c9a812f052b10bbc0dae4a51e7  2.2/rpms/bind-utils-9.3.0-4tr.i586.rpm

612ce81f15253ae713395f87eeb19d69  2.2/rpms/console-tools-0.0.19990829-18tr.i586.rpm

5714845d1a664f0bb7de757cd46e5ae4  2.2/rpms/courier-imap-3.0.8-5tr.i586.rpm
2d1089f035dd9e08bf4d2b872ad21e1d  2.2/rpms/courier-imap-ldap-3.0.8-5tr.i586.rpm
2da7e3eadc19d8a6dad99ecf8dd25772  2.2/rpms/courier-imap-mysql-3.0.8-5tr.i586.rpm
e8cd62322a85998a380847a85776aa24  2.2/rpms/courier-imap-pgsql-3.0.8-5tr.i586.rpm

69cc15e55353bd73686fbab79e06b1b3  2.2/rpms/cracklib-2.7-17tr.i586.rpm
fcf8237713b383242977493d85ad17da  2.2/rpms/cracklib-dicts-2.7-17tr.i586.rpm

c92f00c95aa5e8055a7688213b2e0650  2.2/rpms/cups-1.1.21-2tr.i586.rpm
0d73b3fd892585dd5fce14fbc87c0de1  2.2/rpms/cups-devel-1.1.21-2tr.i586.rpm
2feee5e7e4b88e9791a04852fb173ae0  2.2/rpms/cups-libs-1.1.21-2tr.i586.rpm

619091aa2d4de8330cf0740038220354  2.2/rpms/cyrus-imapd-2.2.8-2tr.i586.rpm
4af6d4636af215e12938036c3dd6a359  2.2/rpms/cyrus-imapd-devel-2.2.8-2tr.i586.rpm
1739c9d0e9ca5f31d7fcac498d6bcaf0  2.2/rpms/cyrus-sasl-2.1.20-2tr.i586.rpm
07c97cce1d46e97554de6f6ed8b11a58  2.2/rpms/cyrus-sasl-devel-2.1.20-2tr.i586.rpm
21a3eff08291f81fa1faceed8e792270  2.2/rpms/cyrus-sasl-md5-2.1.20-2tr.i586.rpm
91a2579d2edadd1a8118816dee99d81c  2.2/rpms/cyrus-sasl-otp-2.1.20-2tr.i586.rpm
444e829e88be0bba7f8076947fad5197  2.2/rpms/cyrus-sasl-plain-2.1.20-2tr.i586.rpm
882ad6e7ea5f643d135e3cbd03ab9235  2.2/rpms/cyrus-sasl-sql-2.1.20-2tr.i586.rpm
85f8ff265b49dc613bf99840aaf98af4  2.2/rpms/cyrus-sasl-utils-2.1.20-2tr.i586.rpm

9eff356b63121b835c6114d31b412643  2.2/rpms/filesystem-2.1.0-6tr.i586.rpm

144254c8f891ad8905d74341881f9217  2.2/rpms/foomatic-filters-3.0.2-3tr.i586.rpm

15e8a8567562af3356213837fb20da93  2.2/rpms/ghostscript-7.07.1-7tr.i586.rpm
e2c8001eee5fa70016ff2151464aa731  2.2/rpms/ghostscript-cups-7.07.1-7tr.i586.rpm

8021047d5d747f7d7f974bcad7871976  2.2/rpms/glib-2.2.3-4tr.i586.rpm
5f1e590fc37aa8bdf240a6445689d10e  2.2/rpms/glib-devel-2.2.3-4tr.i586.rpm

4ac34df44ade6cb82b4e619bdfea648c  2.2/rpms/glibc-2.3.2-18tr.i586.rpm
5385d32ac30bef5ec87cab4a2c6875c4  2.2/rpms/glibc-devel-2.3.2-18tr.i586.rpm
1fc55fbd713e5976f120c3d82c93709f  2.2/rpms/glibc-locales-2.3.2-18tr.i586.rpm
ae02f3a52ce313d4c1b1729c872e492c  2.2/rpms/glibc-profile-2.3.2-18tr.i586.rpm

eb3e112b7cd650e94d870884b45dc0c6  2.2/rpms/gzip-1.3.3-4tr.i586.rpm
e0d9a16c3195933f621ccb3f3305f01e  2.2/rpms/gzip-doc-1.3.3-4tr.i586.rpm

869303fafdcc9682b5c2adaefefab1f9  2.2/rpms/libimap-2002e-4tr.i586.rpm

012be29f602b26c340c3b9ac5ce8169f  2.2/rpms/lynx-2.8.5-2tr.i586.rpm

b8aa1b85a4d3f00a39f10fcc57f0f8a7  2.2/rpms/mod_perl-2.0-4tr.i586.rpm
f8146c50bdeb312a60075051f166d45b  2.2/rpms/mod_perl-devel-2.0-4tr.i586.rpm

6e04fc0b3e799a17bea83b2d35cc9920  2.2/rpms/mutt-1.4.2.1-4tr.i586.rpm

814ed1b267af61b6e4751e5c21ee7491  2.2/rpms/mysql-4.1.7-3tr.i586.rpm
f9b3bf9f2c56ec5915942aa470b85cc9  2.2/rpms/mysql-bench-4.1.7-3tr.i586.rpm
515e81de1416dcacb28c2b808a627786  2.2/rpms/mysql-client-4.1.7-3tr.i586.rpm
897095d36828f63f8fbe27322d78cee1  2.2/rpms/mysql-devel-4.1.7-3tr.i586.rpm
339be684244a49193ac07e2c2fe69887  2.2/rpms/mysql-libs-4.1.7-3tr.i586.rpm
f1eb1e137b147b2dc3e668fcaae126a1  2.2/rpms/mysql-shared-4.1.7-3tr.i586.rpm

a199f7149139537206dd2e5dfc9b51f6  2.2/rpms/netatalk-1.6.4-5tr.i586.rpm
154aa2a8448414f80548fab0927c2904  2.2/rpms/netatalk-devel-1.6.4-5tr.i586.rpm

738a244e0b1449698967ff7d052b6cae  2.2/rpms/nscd-2.3.2-18tr.i586.rpm

c9d43ae78a275b4ce590a7867fb0b274  2.2/rpms/ntp-4.2.0-11tr.i586.rpm

9876eb28c975045deb1774fc68f4149b  2.2/rpms/openldap-2.1.30-2tr.i586.rpm
45ce250b8be990ee3096d878be8d27ff  2.2/rpms/openldap-devel-2.1.30-2tr.i586.rpm
93c89b84b626cabdf5c771996e1bf2cc  2.2/rpms/openldap-libs-2.1.30-2tr.i586.rpm
ba85184fdc288c80e7bfb9397245c860  2.2/rpms/openldap-servers-2.1.30-2tr.i586.rpm
83be4cbaaeb2fd43e5fcb761ff419ad1  2.2/rpms/openldap-utils-2.1.30-2tr.i586.rpm

944269582b7080e1462bcd19b2ceeadd  2.2/rpms/openssh-3.9.0p1-3tr.i586.rpm
ab00ee4bbc6f0e06c342eefb27e75794  2.2/rpms/openssh-clients-3.9.0p1-3tr.i586.rpm
f1355ff2369087ce31db58435c6b57db  2.2/rpms/openssh-server-3.9.0p1-3tr.i586.rpm
54d499b2873fbca56daf64a39fead6db  2.2/rpms/openssh-server-config-3.9.0p1-3tr.i586.rpm

e4545f42dbee7e99e7520293047b015e  2.2/rpms/openssl-0.9.7e-4tr.i586.rpm
a7087fd91d80424292555d579558de4b  2.2/rpms/openssl-devel-0.9.7e-4tr.i586.rpm
3d6ead4cad71e207d921b82a4a53ab84  2.2/rpms/openssl-python-0.9.7e-4tr.i586.rpm
4f4cd7ca6b6b25916b2ec500c8da2644  2.2/rpms/openssl-support-0.9.7e-4tr.i586.rpm

e9617525d4f2a16071286433fb1477a3  2.2/rpms/openswan-2.2.0-8tr.i586.rpm

1f1cc193e6e8258a6188ca3001e858ab  2.2/rpms/perl-5.8.5-3tr.i586.rpm
dec88b74925fc3e380f157341162174e  2.2/rpms/perl-convert-uulib-1.03-2tr.i586.rpm
e17758e6da3a29afce05d1bfbf312644  2.2/rpms/perl-dbi-1.45-2tr.i586.rpm
39b3dc4f0af9f9a31aa39fdca4a5f8fd  2.2/rpms/perl-mail-spamassassin-3.0.1-2tr.i586.rpm
f44b7f3f313c7a7dcdd177050ee5e51d  2.2/rpms/perl-unicode-map-0.112-2tr.i586.rpm

86ed80960036a7d8f6f751af6567feea  2.2/rpms/php-5.0.2-4tr.i586.rpm
0902a2761bade634355d16376ac03734  2.2/rpms/php-cli-5.0.2-4tr.i586.rpm
33a9597d6c20bf1c15535922b99aeaf8  2.2/rpms/php-devel-5.0.2-4tr.i586.rpm
a56513ca96e7702786d22ce5fa166431  2.2/rpms/php-exif-5.0.2-4tr.i586.rpm
8cd9d599a54f41e8db08db4b13b223ca  2.2/rpms/php-gd-5.0.2-4tr.i586.rpm
765fd8a75007939cf0337c1bf7a9b1ec  2.2/rpms/php-imap-5.0.2-4tr.i586.rpm
1a04ae1d17fd5f388b79672fc0a2cff4  2.2/rpms/php-ldap-5.0.2-4tr.i586.rpm
0b084d66cc21f9b287d28d8ed4e24acf  2.2/rpms/php-mysql-5.0.2-4tr.i586.rpm
98b71915e5ed4b001afe21fc29dc8b6f  2.2/rpms/php-mysqli-5.0.2-4tr.i586.rpm
10386863b0f11114758719213474928e  2.2/rpms/php-pgsql-5.0.2-4tr.i586.rpm

22ec352161c2e03dbf58050da76aba6a  2.2/rpms/postfix-2.1.5-9tr.i586.rpm
f0de1373ca2cd1011910d07f2f69def4  2.2/rpms/postfix-conf-2.1.5-9tr.i586.rpm
3929252f9feba9ed8318299b4be17e7d  2.2/rpms/postfix-ldap-2.1.5-9tr.i586.rpm
445b536808e1d791c82edd2d59408be2  2.2/rpms/postfix-mysql-2.1.5-9tr.i586.rpm
1ccdd6ae3d93de7296a82c8ce2f81b89  2.2/rpms/postfix-pcre-2.1.5-9tr.i586.rpm
43ae1354876ed29b8289d13975c17e1e  2.2/rpms/postfix-pgsql-2.1.5-9tr.i586.rpm
547d0cdc62f2850b990321f779cffcd8  2.2/rpms/postfix-rmail-2.1.5-9tr.i586.rpm

5d8bc78016001e97be3cb2abea1a3260  2.2/rpms/postgresql-8.0.0-0.beta4.3tr.i586.rpm
df2b3a6cb674d868d183068ce9323c50  2.2/rpms/postgresql-contrib-8.0.0-0.beta4.3tr.i586.rpm
6bcefe2b10067bcc9d51f6cb686990c2  2.2/rpms/postgresql-devel-8.0.0-0.beta4.3tr.i586.rpm
5f349d648d739db66d266b2c8b1c3b4a  2.2/rpms/postgresql-docs-8.0.0-0.beta4.3tr.i586.rpm
139bf28920502015fdda1947fa77052b  2.2/rpms/postgresql-libs-8.0.0-0.beta4.3tr.i586.rpm
d97c51b326d9166062557406f0241c74  2.2/rpms/postgresql-plperl-8.0.0-0.beta4.3tr.i586.rpm
7641ccde49b43ddba76b31aad7ee9c43  2.2/rpms/postgresql-python-8.0.0-0.beta4.3tr.i586.rpm
1fe1630d89696b633e077453ddd111a6  2.2/rpms/postgresql-server-8.0.0-0.beta4.3tr.i586.rpm
cfc5f90a6c45206674adc30ee189ed8b  2.2/rpms/postgresql-test-8.0.0-0.beta4.3tr.i586.rpm

7c6248d5ec21619c8025235183d54801  2.2/rpms/proftpd-1.2.10-2tr.i586.rpm

987c1e9e76b87be8154191b9937690fc  2.2/rpms/python-2.2.3-13tr.i586.rpm
fd8e15960fba9dffd62349fc3f7ff477  2.2/rpms/python-dbm-2.2.3-13tr.i586.rpm
7811a3b39e8cea8f5b1d3b1b5e246ec9  2.2/rpms/python-devel-2.2.3-13tr.i586.rpm
cae1d8d2b332177261d0298812cbc5bc  2.2/rpms/python-docs-2.2.3-13tr.i586.rpm
46c5f325a293cd4dfcd3aca3783666ea  2.2/rpms/python-gdbm-2.2.3-13tr.i586.rpm
cf4bd9c57ba0bc6ea36712c2efaaf4a6  2.2/rpms/python-modules-2.2.3-13tr.i586.rpm

a3e28071b6ee10140b5717cb08976394  2.2/rpms/razor-agents-2.61-2tr.i586.rpm

6af65e1695ab0bb02b0866f29b969a80  2.2/rpms/rp-pppoe-3.5-13tr.i586.rpm

27978588bb26f15567edbad3a7b96fa3  2.2/rpms/rsync-2.6.3-1tr.i586.rpm
6351c50081fcfda2fc00fae25aca8d11  2.2/rpms/rsync-server-2.6.3-1tr.i586.rpm

47b673a577df88fcb7e9d386fb3176ca  2.2/rpms/spamassassin-3.0.1-2tr.i586.rpm
e3376d82b76f9bcea033c63eb3fb0c9a  2.2/rpms/spamassassin-tools-3.0.1-2tr.i586.rpm

7c9c6073dde6aa53f4554d1468034f88  2.2/rpms/sqlgrey-1.2.0-1tr.i586.rpm

3d1ea0ef4c0ed608cad9c291ea1426d4  2.2/rpms/squid-2.5.STABLE7-1tr.i586.rpm

6f1f70666f944ac8de1378a027ac10ae  2.2/rpms/stunnel-4.05-7tr.i586.rpm

106f17d50d8a6840f6256966d05ad5c8  2.2/rpms/sudo-1.6.8p2-1tr.i586.rpm

30e675837d1d61e0b0615de358d0ebea  2.2/rpms/swup-2.6.6-8tr.i586.rpm
4f2bb3afe260b370df7812a7ba9c3323  2.2/rpms/swup-conf-2.6.6-8tr.i586.rpm
1189dc84273f6a6709bc824bb0f9c039  2.2/rpms/swup-cron-2.6.6-8tr.i586.rpm
52722e0dc588067518fdbe8a0aadcf05  2.2/rpms/swup-libs-2.6.6-8tr.i586.rpm
5409dc464341751020cd9d6483fc8a31  2.2/rpms/swup-rdfgen-2.6.6-8tr.i586.rpm

e7ec1b108f585129f5e3d0238d031ba2  2.2/rpms/syslinux-2.11-2tr.i586.rpm
bb913350fea99959c722c9eb983de880  2.2/rpms/syslinux-tools-2.11-2tr.i586.rpm

3c253477923bdd2148a4075f0010a9d9  2.2/rpms/tsl-utils-1.5-2tr.i586.rpm

cf615391a568987d574a2187ca8e1b5c  2.2/rpms/uw-imap-2002e-4tr.i586.rpm
ab515ff16832843accb9eafbbd018696  2.2/rpms/uw-imap-devel-2002e-4tr.i586.rpm

13a13b467c5441eb3fd5f65131281737  2.2/rpms/vim-6.3-2tr.i586.rpm
009f295953c73ef25cff93de9cec8fa8  2.2/rpms/vim-doc-6.3-2tr.i586.rpm
29ce1b2d567ee3f4b4217654a4de7739  2.2/rpms/vim-syntax-6.3-2tr.i586.rpm
3b1f26e78967fb981d7636b8717c4d99  2.2/rpms/vim-tools-6.3-2tr.i586.rpm

63484177f73f79957d89334d1c47ea48  2.2/rpms/wget-1.9.1-6tr.i586.rpm

d6026c373e3205299fe8862b73fca3cf  2.2/rpms/words-2-22tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFBmgzUi8CEzsK9IksRAjXWAJ4iV9RVYj0X0uZZ8M9tVfKhfz2OYQCgtgRL
6eD37ja5t8EOQSO4/f2+PMo=
=62Us
-----END PGP SIGNATURE-----
_______________________________________________
tsl-announce mailing list
tsl-announce@lists.trustix.org
http://lists.trustix.org/mailman/listinfo/tsl-announce

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC