Search:

April 2005

SUSE - Three Security Announcements: 1. OpenOffice heap overflow problem (SUSE-SA:2005:025) - 2. PostgreSQL buffer overflow problems (SUSE-SA-2005:027) - 3. RealPlayer buffer overflow in RAM file handling (SUSE-SA:2005:026)

ID: 00337
Ref: 311/2005
Date: 20 April 2005:17:06:42
Version: 1

Title: SUSE - Three Security Announcements: 1. OpenOffice heap overflow problem (SUSE-SA:2005:025) - 2. PostgreSQL buffer overflow problems (SUSE-SA-2005:027) - 3. RealPlayer buffer overflow in RAM file handling (SUSE-SA:2005:026)
Abstract:
Vendors affected: SUSE
Operating systems affected: SUSE
Applications affected: SUSE

Title
=====
SUSE - Three Security Announcements:
1. OpenOffice heap overflow problem (SUSE-SA:2005:025)
2. PostgreSQL buffer overflow problems (SUSE-SA-2005:027)
3. RealPlayer buffer overflow in RAM file handling (SUSE-SA:2005:026)

Detail
======

Security Announcement summaries:

1. This security update fixes a buffer overflow in OpenOffice_org
Microsoft Word document reader which could allow a remote attacker
sending a handcrafted .doc file to execute code as the user
opening the document in OpenOffice.

2. Several problems were identified and fixed in the PostgreSQL
database server. Multiple buffer overflows in the low level parsing
routines may allow attackers to execute arbitrary code

3. This update fixes a security issue within the RealPlayer media player.
A remote attacker could craft a special .RAM (Real Audio Media) file
which would cause a buffer overflow when played within RealPlayer.

Security Announcement content follows:

1.

- -----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________

SUSE Security Announcement

Package: OpenOffice_org
Announcement-ID: SUSE-SA:2005:025
Date: Tue, 19 Apr 2005 13:00:00 +0000
Affected products: 8.2, 9.0, 9.1, 9.2, 9.3
SUSE Linux Desktop 1.0
Novell Linux Desktop 9
Vulnerability Type: remote code execution
Severity (1-10): 8
SUSE default package: yes
Cross References: CAN-2005-0941

Content of this advisory:
1) security vulnerability resolved:
heap overflow in MS Word DOC file handling
problem description
2) solution/workaround
3) special instructions and notes
4) package location and checksums
5) pending vulnerabilities, solutions, workarounds:
See SUSE Security Summary Report.
6) standard appendix (further information)

______________________________________________________________________________

1) problem description, brief discussion

This security update fixes a buffer overflow in OpenOffice_org
Microsoft Word document reader which could allow a remote attacker
sending a handcrafted .doc file to execute code as the user
opening the document in OpenOffice.

This is tracked by the Mitre CVE ID CAN-2005-0941.

WARNING: The updated packages are very large for distributions before
SUSE Linux 9.2 and 9.3.

The minimum download sizes for those are:
SUSE Linux Desktop 1: 47 MB
Novell Linux Desktop 9: 41 MB
SUSE Linux 8.2: 37 MB
SUSE Linux 9.0: 46 MB
SUSE Linux 9.1: 50 MB
SUSE Linux 9.2: 2.1 MB (using delta rpm)
SUSE Linux 9.3: 3.5 MB (using delta rpm)

2) solution/workaround

Install the updated packages.

A possible workaround is to not open .DOC files from untrusted
sources.

3) special instructions and notes

Restart OpenOffice after the update.

4) package location and checksums

Please download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement.
Then, install the package using the command "rpm -Fhv file.rpm" to apply
the update.
Our maintenance customers are being notified individually. The packages
are being offered to install from the maintenance web.

x86 Platform:

SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-1.9.79-9.2.i586.rpm
b552f46f192457b6487b60dd7adab845
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ar-1.9.79-9.2.i586.rpm
8b3defa6812104ac95aa3ecd198c08e5
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ca-1.9.79-9.2.i586.rpm
63a174e1f5b177e8d785f14a21f5bec5
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-cs-1.9.79-9.2.i586.rpm
dcc5245c56657d6e20cc714b229390fd
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-da-1.9.79-9.2.i586.rpm
bcb44ef1ef0688327e8b2304f2adfb76
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-de-1.9.79-9.2.i586.rpm
3c166f9a421f0137134d750c869748cc
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-de-templates-8.2-157.i586.rpm
b0bfd04da81ec413eab5ab292ab4d4f4
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-el-1.9.79-9.2.i586.rpm
974366c76fe393438d9a3ab6f73b5bdb
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-es-1.9.79-9.2.i586.rpm
17d21ae9d96670aca17b116d5770d0fb
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-et-1.9.79-9.2.i586.rpm
e20309f95c285e141087f5472f0a37f2
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-fi-1.9.79-9.2.i586.rpm
ca43a8e14d7662c41b8d60f1f526dca7
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-fr-1.9.79-9.2.i586.rpm
b19618fd2ff92431f48f4fc36273ae1a
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-gnome-1.9.79-9.2.i586.rpm
a12adba49239a86e174457fb95f5c576
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-hu-1.9.79-9.2.i586.rpm
36057e0d7e178478a6b6eb119e7d56df
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-it-1.9.79-9.2.i586.rpm
7d8d796f8bb9a8046b07af980f8adfc5
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ja-1.9.79-9.2.i586.rpm
2160456066a9449daff5dcf26814882b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-kde-1.9.79-9.2.i586.rpm
305e8470904629f0c8e3a278d2f0b1e9
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ko-1.9.79-9.2.i586.rpm
ab4cbc8427c84110990bcea0f7185322
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-nl-1.9.79-9.2.i586.rpm
bbcef39ccd2be2b7b8611286427caf3c
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-pl-1.9.79-9.2.i586.rpm
784fa5fef330224ea92ee8c7573444a5
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-pt-1.9.79-9.2.i586.rpm
cf0a961f879a96af96b4b3464844f6e1
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ru-1.9.79-9.2.i586.rpm
0e041750d71900ce52dd7e0192a65693
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-sk-1.9.79-9.2.i586.rpm
5f62da8fbdb0da4b63612a2b02a36dc1
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-sl-1.9.79-9.2.i586.rpm
dab43fb02881dd04a1f24b56a5f11f71
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-sv-1.9.79-9.2.i586.rpm
11be2bff9e95a2ae2b87cbb3ae763f46
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-tr-1.9.79-9.2.i586.rpm
c0a8ba848b1b266b0d13f7905fe234e6
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-zh-CN-1.9.79-9.2.i586.rpm
3f267e1277041393fcd28cc4cee59cf7
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-zh-TW-1.9.79-9.2.i586.rpm
05bb29569bfdf851ac2c4d268c58bead

SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-1.1.3-16.2.i586.rpm
2293f4e4c6ab47b0614f7e9988273d6c
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ar-1.1.3-16.2.i586.rpm
bb0f47a473f4262c2cdf8cd49e2564f9
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ca-1.1.3-16.2.i586.rpm
7e2263e7703856b184cc8a76f799732a
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-cs-1.1.3-16.2.i586.rpm
32d6b6ee86e395c442654409f11e9c9c
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-da-1.1.3-16.2.i586.rpm
dca243c3ad1747021b1f5c7074e1e3b7
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-de-1.1.3-16.2.i586.rpm
39f68abc86e4a5e33d42957d8a37af01
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-el-1.1.3-16.2.i586.rpm
20eddfbefd818c8d1cfe599898893c50
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-en-1.1.3-16.2.i586.rpm
4068f98e7f40d66905e5a253a2470cba
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-en-help-1.1.3-16.2.i586.rpm
0a4286d62466addf22bb2bba7ab0c309
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-es-1.1.3-16.2.i586.rpm
a3effffec6221f5e1edda0da2502fa77
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-et-1.1.3-16.2.i586.rpm
7bca5b49f4ecd97331efdd8b9d02704f
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-fi-1.1.3-16.2.i586.rpm
79eec2c6b39a24a80f2a2030167d327b
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-fr-1.1.3-16.2.i586.rpm
640b167beaedb0e400a9945fbdec3346
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-gnome-1.1.3-16.2.i586.rpm
fec069d75bd3036d9181789e47d5ff11
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-hu-1.1.3-16.2.i586.rpm
2fae2a1136717f97eefb55eb86571099
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-it-1.1.3-16.2.i586.rpm
0f170766b94adf4f0c86d2b251ef80b8
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ja-1.1.3-16.2.i586.rpm
0b39736cdeab86262746d52f6ca6f4be
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-kde-1.1.3-16.2.i586.rpm
ba6a72c373198ff4509e9870cb16f253
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ko-1.1.3-16.2.i586.rpm
7a443cc6cb4d6880ffb1e02fa3aa0ba7
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-nl-1.1.3-16.2.i586.rpm
dc6f63e7b9141838a46fa4738f038e58
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-pl-1.1.3-16.2.i586.rpm
eca5ce05d506b0aeda52c89f4558cecd
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-pt-1.1.3-16.2.i586.rpm
799d8c7f09c3459f90032d25be0f5525
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ru-1.1.3-16.2.i586.rpm
01ebf77e4e283925a6506a24c3e8d865
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-sk-1.1.3-16.2.i586.rpm
aec3c6e8b4143d97f1b6d35bf1f3dc8a
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-sl-1.1.3-16.2.i586.rpm
8b074f282d1bb4d9883324f07ca5797e
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-sv-1.1.3-16.2.i586.rpm
0cd956b13b0bfa1b478f238426b61813
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-tr-1.1.3-16.2.i586.rpm
09586c7bc9801d9a4b7ab5c026d88880
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-zh-CN-1.1.3-16.2.i586.rpm
101e72d1f892b22d585688aad67ed5a8
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-zh-TW-1.1.3-16.2.i586.rpm
73dbea37ec2f089f0932956782e4c923

SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-1.1.1-23.6.i586.rpm
acfc765af694e2dbad866400ff35baf1
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-ar-1.1.1-23.6.i586.rpm
0af9c4a72afa6e6fdde2b0bcc096666f
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-cs-1.1.1-23.6.i586.rpm
da472e7cea51097743762bc6a2608aa4
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-da-1.1.1-23.6.i586.rpm
70fdd4f83e0f18b1895e142b4e8f0f41
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-de-1.1.1-23.6.i586.rpm
23e05864cc3993ea28b414b9fb8c14ad
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-el-1.1.1-23.6.i586.rpm
cd516d937d0f11b99f9b89950136eac6
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-en-1.1.1-23.6.i586.rpm
74e823e5c1af46a94a1439ceca09bf08
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-en-help-1.1.1-23.6.i586.rpm
04e1cf5845598f842cca8a142e963206
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-es-1.1.1-23.6.i586.rpm
d23180d06e4ee6aa2d92a3b3d4ff9036
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-et-1.1.1-23.6.i586.rpm
2d48b32b780c40ba6edf87f205252f6f
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-fr-1.1.1-23.6.i586.rpm
84eb506c11c687852d747e34ad58adb7
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-hu-1.1.1-23.6.i586.rpm
7fc4d93253f873a84d5dcf1be56ea02b
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-it-1.1.1-23.6.i586.rpm
d317a379e5e8d0dbd5c2637ebffdb978
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-ja-1.1.1-23.6.i586.rpm
84b4466a0ad38e1bee97bd76de10a650
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-ko-1.1.1-23.6.i586.rpm
8dd0108842f786c5278413017c178bd8
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-nl-1.1.1-23.6.i586.rpm
f09448181bc7b7a4f0076694ec29f073
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-pl-1.1.1-23.6.i586.rpm
637c906b339a24e984a6ee080dc57f42
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-pt-1.1.1-23.6.i586.rpm
3b98ed06cb70895123b5bc9cbe8744b7
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-ru-1.1.1-23.6.i586.rpm
467c41efec48271d291cceb38709a2aa
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-sk-1.1.1-23.6.i586.rpm
a475fe4fb2a99341831fdc6da07497d0
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-sl-1.1.1-23.6.i586.rpm
ad03e64157d0c0ba9a31f2e3cc8c78f8
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-sv-1.1.1-23.6.i586.rpm
5efef74ffe625cf6e4f38b8738211a25
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-tr-1.1.1-23.6.i586.rpm
fee1d6e9f05d59b95561dbe192ae927f
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-zh-CN-1.1.1-23.6.i586.rpm
1ce11a3e8ecec9b032e4c250c7b7dcd7
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-zh-TW-1.1.1-23.6.i586.rpm
cbff62da371e49552ced339f9a5a014e
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/OpenOffice_org-1.1.1-23.6.src.rpm
e30ccd2e95d5f985be7918185e5347e6

SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-1.1-100.i586.rpm
2103fcc3a5de4724a96350b6c5aba23d
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-ar-1.1-100.i586.rpm
24ef98c1b908db39073a792959a412db
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-cs-1.1-100.i586.rpm
8b9b494f4ec8e0cad1a14c025fbe5025
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-da-1.1-100.i586.rpm
a4f199cd7d077552b80b96fa8f573e8d
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-de-1.1-100.i586.rpm
fa8bef6b96f4f44a5e65ba471b937c7c
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-el-1.1-100.i586.rpm
182ab41d8b98cfcb25514d84f5426569
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-en-1.1-100.i586.rpm
da512b6c56065b7d6537b0385fc89f90
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-en-help-1.1-100.i586.rpm
7cd38f5e4381f64bd1cbf4c883b6cb6e
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-es-1.1-100.i586.rpm
227616d6355d91b6a680837b546878bc
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-fr-1.1-100.i586.rpm
9f052173c82e73b578f9edfbad5a7649
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-hu-1.1-100.i586.rpm
b424833a10fad334502a0c73d1842d51
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-it-1.1-100.i586.rpm
4a3706cd87d6938530d9bb7261eb7b2f
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-ja-1.1-100.i586.rpm
00212453e83c014a68d51945f08cc486
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-ko-1.1-100.i586.rpm
0da0e8b50393bccd6ed00aeaaef5809a
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-nl-1.1-100.i586.rpm
ecfa98395e093e3ab2acb80b04cd234d
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-pl-1.1-100.i586.rpm
6f50954b40c3d74c1cba1b1df920f25a
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-pt-1.1-100.i586.rpm
9c052a19385612f952aff029086f6877
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-ru-1.1-100.i586.rpm
ef3c9469080799b7ff1c40e8f54f72fe
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-sk-1.1-100.i586.rpm
f28d7b1b30b5bfd06a5d774e424de7d9
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-sv-1.1-100.i586.rpm
c0cbd660335c6418699993b1fb78a7e8
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-tr-1.1-100.i586.rpm
b4d926bc3e1eea6edfd453f645d2e3bb
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-zh-CN-1.1-100.i586.rpm
0fe30e9116ef5df1e776be3322381d0a
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-zh-TW-1.1-100.i586.rpm
3c9f01c4cb808238967c386a9bbf95f2
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/OpenOffice_org-1.1-100.src.rpm
6ad8a3d82246b021cedcd23f4ce74f1a

SUSE Linux 8.2:
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-1.0.2-76.i586.rpm
6b5f9f1b9bd7dad1d62619c46e471ee4
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-cs-1.0.2-76.i586.rpm
966b54c4cc0a7eca79386d3d7eed358d
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-de-1.0.2-76.i586.rpm
f857a4c91b90de7b46d9700439fc3dc4
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-en-1.0.2-76.i586.rpm
65706db98543bdcf84b8ff1ec3be93ca
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-en-help-1.0.2-76.i586.rpm
c574794e58d89c56b9cab405ca1462a6
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-es-1.0.2-76.i586.rpm
6a6eed7174ec918d4c7617728e0328c3
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-fr-1.0.2-76.i586.rpm
7428286d640ca1c4e0e8572acf1fa370
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-hu-1.0.2-76.i586.rpm
27fae82ea8f296265847e26e91ead421
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-it-1.0.2-76.i586.rpm
e4e70c8843084cbc9707e1baf7b9b9f4
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-nl-1.0.2-76.i586.rpm
ae9a2d1c379be2581bd936e4f08c14bb
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-sv-1.0.2-76.i586.rpm
401508cc4fdc89759f9c78497943456b
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/OpenOffice_org-1.0.2-76.src.rpm
5a086c30ec314b476ef3fcc7399b921e

______________________________________________________________________________

5) Pending vulnerabilities in SUSE Distributions and Workarounds:

See SUSE Security Summary Report.
______________________________________________________________________________

6) standard appendix: authenticity verification, additional information

- Package authenticity verification:

SUSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:
1) md5sums as provided in the (cryptographically signed) announcement.
2) using the internal gpg signatures of the rpm package.

1) execute the command
md5sum
after you downloaded the file from a SUSE ftp server or its mirrors.
Then, compare the resulting md5sum with the one that is listed in the
announcement. Since the announcement containing the checksums is
cryptographically signed (usually using the key security@suse.de),
the checksums show proof of the authenticity of the package.
We disrecommend to subscribe to security lists which cause the
email message containing the announcement to be modified so that
the signature does not match after transport through the mailing
list software.
Downsides: You must be able to verify the authenticity of the
announcement in the first place. If RPM packages are being rebuilt
and a new version of a package is published on the ftp server, all
md5 sums for the files are useless.

2) rpm package signatures provide an easy way to verify the authenticity
of an rpm package. Use the command
rpm -v --checksig
to verify the signature of the package, where is the
filename of the rpm package that you have downloaded. Of course,
package authenticity verification can only target an un-installed rpm
package file.
Prerequisites:
a) gpg is installed
b) The package is signed using a certain key. The public part of this
key must be installed by the gpg program in the directory
~/.gnupg/ under the user's home directory who performs the
signature verification (usually root). You can import the key
that is used by SUSE in rpm packages for SUSE Linux by saving
this announcement to a file ("announcement.txt") and
running the command (do "su -" to be root):
gpg --batch; gpg < announcement.txt | gpg --import
SUSE Linux distributions version 7.1 and thereafter install the
key "build@suse.de" upon installation or upgrade, provided that
the package gpg is installed. The file containing the public key
is placed at the top-level directory of the first CD (pubring.gpg)
and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .

- SUSE runs two security mailing lists to which any interested party may
subscribe:

suse-security@suse.com
- general/linux/SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an email to

.

suse-security-announce@suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an email to

.

For general information or the frequently asked questions (faq)
send mail to:

respectively.

=====================================================================
SUSE's security contact is or .
The public key is listed below.
=====================================================================
______________________________________________________________________________

The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular,
it is desired that the clear-text signature shows proof of the
authenticity of the text.
SUSE Linux AG makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.

Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key

- - -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- - -----END PGP PUBLIC KEY BLOCK-----

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iQEVAwUBQmUCXXey5gA9JdPZAQEVrwf+JUsttvz6+k+tvRZ1qB4cjTgD7x3Rg7q0
dgbWbEQ/wQCQY51ujnFIj6Yba7MS8m0QulCCGNrx3wZ1SqsITeoAQMS8RJiPzNGc
hxrYCZSP5YHxCqIxo0z2T0vRmNkKd/sk2/ep/U46vM2gtIh+/1KuKTR4MqnzIptc
QKw4wodkNxT797C8Q4mqwkclqY0+UdqKqcp0PNh6q9H7NuGpURbugB8t2uu+sOXw
Y3F8pUwDqO2K0HSOUtSBKhqhk6DfKNNW8ZzfiS9GdUbNuH6hHfSlUIvHVFXAsofl
ZlSv79pDWKOcDZf8XSIfvY0Ddb8g7doTysFrGHMYztjCqZd3vmXX7A==
=bB3g
- -----END PGP SIGNATURE-----

2.

- -----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________

SUSE Security Announcement

Package: postgresql
Announcement-ID: SUSE-SA:2005:027
Date: Wed, 20 Apr 2005 09:00:00 +0000
Affected products: 8.2, 9.0, 9.1, 9.2, 9.3
SUSE Linux Desktop 1.0
SUSE Linux Enterprise Server 8, 9
Novell Linux Desktop 9
Vulnerability Type: remote code execution
Severity (1-10): 5
SUSE default package: no
Cross References: CAN-2005-0247

Content of this advisory:
1) security vulnerability resolved:
code execution due to bugs in several SQL commands
problem description
2) solution/workaround
3) special instructions and notes
4) package location and checksums
5) pending vulnerabilities, solutions, workarounds:
none
6) standard appendix (further information)

______________________________________________________________________________

1) problem description, brief discussion

Several problems were identified and fixed in the PostgreSQL
database server.

Multiple buffer overflows in the low level parsing routines may
allow attackers to execute arbitrary code via:

(1) a large number of variables in a SQL statement being handled by
the read_sql_construct() function,

(2) a large number of INTO variables in a SELECT statement being
handled by the make_select_stmt function,

(3) a large number of arbitrary variables in a SELECT statement being
handled by the make_select_stmt function, and

(4) a large number of INTO variables in a FETCH statement being
handled by the make_fetch_stmt function.

This is tracked by the Mitre CVE ID CAN-2005-0247.

2) solution/workaround

None, please install the updated packages.

3) special instructions and notes

If you are running a PostgreSQL server please make sure that it
is stopped or at least doesn't have any client connections during
the update.

4) package location and checksums

Please download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement.
Then, install the package using the command "rpm -Fhv file.rpm" to apply
the update.
Our maintenance customers are being notified individually. The packages
are being offered to install from the maintenance web.

x86 Platform:

SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/postgresql-8.0.1-6.i586.rpm
678cf8fac25f43217a75ff1b69afa1e1
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/postgresql-contrib-8.0.1-6.i586.rpm
9f71e3a477cb37e96b6252d3e41af5d0
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/postgresql-devel-8.0.1-6.i586.rpm
13befe8d62a70898b576f46332b04016
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/postgresql-docs-8.0.1-6.i586.rpm
d51a60a473567c87c3f94cc0d5abde2d
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/postgresql-libs-8.0.1-6.i586.rpm
50af9cba7571c4859b033a420782c5c3
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/postgresql-pl-8.0.1-6.i586.rpm
3d68c0e2f026e3c1f1d33ec828ade723
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/postgresql-server-8.0.1-6.i586.rpm
4601a1e4308348a7a27fbe4dd0bfe029
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/postgresql-libs-32bit-9.3-7.1.x86_64.rpm
55c4a7c5b510b4a05b789540adbcca00

SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/postgresql-7.4.7-0.3.i586.rpm
6d5ca6b626a70cee2b34e49d33855648
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/postgresql-contrib-7.4.7-0.3.i586.rpm
62020a1c26ed41635cf07f37f1c22817
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/postgresql-devel-7.4.7-0.3.i586.rpm
eb20f825e8c1ee955e6904bd718ad1ba
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/postgresql-docs-7.4.7-0.3.i586.rpm
79194edc8a6a6ad10104b964e66cf789
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/postgresql-libs-7.4.7-0.3.i586.rpm
67353952335be148e0f3719a50edf8c5
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/postgresql-pl-7.4.7-0.3.i586.rpm
caad51baf0dfca24df09fec5d4385555
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/postgresql-server-7.4.7-0.3.i586.rpm
55a89a0f695e5dc892fa31af6140e367
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/postgresql-libs-32bit-9.2-200504131606.x86_64.rpm
91ac32a40b548d187ca78fb095f182ac

SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/postgresql-7.4.7-0.5.i586.rpm
7027aa706e60a5074b294edba529479c
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/postgresql-contrib-7.4.7-0.5.i586.rpm
f7f3ef933b3cef23e892ede41d30b7e2
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/postgresql-devel-7.4.7-0.5.i586.rpm
8b48f30541f0834d14c7c1297202a55f
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/postgresql-docs-7.4.7-0.5.i586.rpm
e4456b0be9e08ffab52bc8476d2a25c8
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/postgresql-libs-7.4.7-0.5.i586.rpm
9a936afc00a75b243c7c7bd040eb3e97
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/postgresql-pl-7.4.7-0.5.i586.rpm
7037b8f9f9ca4d0c3325b1f52a38338c
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/postgresql-server-7.4.7-0.5.i586.rpm
a6699829779cf0f1adc9eb899e028cce
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/postgresql-libs-32bit-9.1-200504131537.i586.rpm
6d7c782b577a97024d5b388957686eb9
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/postgresql-7.4.7-0.5.src.rpm
10074702f7983e615b0d4da932915419

SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/postgresql-7.3.9-7.i586.rpm
dbefa2ff236099277275e050196832f9
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/postgresql-contrib-7.3.9-7.i586.rpm
9e933821ae869b86c9dbb9899df86d75
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/postgresql-devel-7.3.9-7.i586.rpm
8c2f83c0acb4bda10989a90082126324
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/postgresql-docs-7.3.9-7.i586.rpm
4fa5151ac425ef2765600082c8772d38
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/postgresql-libs-7.3.9-7.i586.rpm
c038222567e7692081dfef91f56fa73b
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/postgresql-pl-7.3.9-7.i586.rpm
57730936587d5214f45d498721abc0d4
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/postgresql-server-7.3.9-7.i586.rpm
a66b7aa7172c4accefad29b98b725452
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/postgresql-test-7.3.9-7.i586.rpm
c2d0256ea4ce83f12e73e4f23a0f4929
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/i586/postgresql-libs-32bit-9.0-4.i586.rpm
0a754eb5f8535cd7a291ffefb724f537
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/postgresql-7.3.9-7.src.rpm
174eb88726ae089eb80327613d0191c9

SUSE Linux 8.2:
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/postgresql-7.3.9-6.i586.rpm
a2b5993ddc330ffc4caf596b95cd44da
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/postgresql-contrib-7.3.9-6.i586.rpm
80f40fb76c5eb8b04634836f5da87839
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/postgresql-devel-7.3.9-6.i586.rpm
e97783f94a2e103b4f36d8309525e03b
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/postgresql-docs-7.3.9-6.i586.rpm
df6f2407af9063765d3100efda4e9fd7
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/postgresql-libs-7.3.9-6.i586.rpm
158525f64b5ce8b4e84307442c55cf69
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/postgresql-pl-7.3.9-6.i586.rpm
b214dab6c7691e408c8cb94f3d89266b
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/postgresql-server-7.3.9-6.i586.rpm
ef2c190ddcca664c6d24c30cee18b06a
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/postgresql-test-7.3.9-6.i586.rpm
598bc10d2956c68c44bbc15c1048b961
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/postgresql-7.3.9-6.src.rpm
b9607afe3c591211cd4828387b78e844

x86-64 Platform:

SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/postgresql-8.0.1-6.x86_64.rpm
a608a80f0c5e52244ef0e06f71179eec
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/postgresql-contrib-8.0.1-6.x86_64.rpm
3fc4c4e413857244670ec31d132ecf6e
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/postgresql-devel-8.0.1-6.x86_64.rpm
604493537efd3eefdb6c2268c76d9fce
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/postgresql-docs-8.0.1-6.x86_64.rpm
4f9cdf3fef5cbc05655a61c0d40188ac
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/postgresql-libs-8.0.1-6.x86_64.rpm
1693e687c7175143a8417a1971b7561d
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/postgresql-pl-8.0.1-6.x86_64.rpm
231201858f97d931a342cc54197fede0
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/postgresql-server-8.0.1-6.x86_64.rpm
cf53838797c30f7c0d6c20780b3df994
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/postgresql-8.0.1-6.src.rpm
72d273fb0e710ce3b36f8a75760faca0
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/postgresql-pl-8.0.1-6.nosrc.rpm
b12ca9ab8d1e1403d64608447cef61af

SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/postgresql-7.4.7-0.3.x86_64.rpm
376426e12fa067ed9750ff729e7af64f
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/postgresql-contrib-7.4.7-0.3.x86_64.rpm
a2a1174114c9f2cd8b0bd24dc15603ad
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/postgresql-devel-7.4.7-0.3.x86_64.rpm
52c49022348810ee55dc74a986a10324
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/postgresql-docs-7.4.7-0.3.x86_64.rpm
c4ffdce772938cb5ca851a09eb05ccb9
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/postgresql-libs-7.4.7-0.3.x86_64.rpm
b89fbdd68337b6f6d557e030fdee385c
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/postgresql-pl-7.4.7-0.3.x86_64.rpm
6fe8b6011a779152b659b85278176084
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/postgresql-server-7.4.7-0.3.x86_64.rpm
94bd74ce6d5e215c0cc910227606b081
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/postgresql-7.4.7-0.3.src.rpm
b8c6138e39ecc4c75537c7bf99cbcee4
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/postgresql-pl-7.4.7-0.3.src.rpm
e9c71d98739d760557aa9719ac45083b

SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/postgresql-7.4.7-0.5.x86_64.rpm
000d9921b17457f420806deb0b52b864
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/postgresql-contrib-7.4.7-0.5.x86_64.rpm
7ae07a0f82e1c752a43f1d2f1d6f76a4
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/postgresql-devel-7.4.7-0.5.x86_64.rpm
959493267003db19075030c88b288e53
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/postgresql-docs-7.4.7-0.5.x86_64.rpm
452dc62ada42a821a7d6e8bc79e6fbd8
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/postgresql-libs-7.4.7-0.5.x86_64.rpm
6d07eec96e67f4c3b316b980db2ded02
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/postgresql-pl-7.4.7-0.5.x86_64.rpm
a9a394f502ce7d45b72e8d037513cc60
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/postgresql-server-7.4.7-0.5.x86_64.rpm
090f72759ce39af0b49170ff3b0e939a
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/postgresql-7.4.7-0.5.src.rpm
8bd7c2894ca62fe59e52f5ee79a13a8c

SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/postgresql-7.3.9-7.x86_64.rpm
d9b71b21317c17281a1d0b5ac058ee7e
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/postgresql-contrib-7.3.9-7.x86_64.rpm
df00a736fbbc1fe396ca802f28556a6e
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/postgresql-devel-7.3.9-7.x86_64.rpm
b1bc20c65730504cb68204644b53c3b1
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/postgresql-docs-7.3.9-7.x86_64.rpm
aa2a266f6cfb859e248d7c6a9168cd5d
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/postgresql-libs-7.3.9-7.x86_64.rpm
ff5014d8c7d7c2d3b044bb2f268c0bf8
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/postgresql-pl-7.3.9-7.x86_64.rpm
9e9dc0405761bde26676ad71b71d18c8
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/postgresql-server-7.3.9-7.x86_64.rpm
0235a9bd3d8b582c8eeec89ae5cc02ff
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/postgresql-test-7.3.9-7.x86_64.rpm
2cd64de68e37398c11448271c87d8f9b
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/postgresql-7.3.9-7.src.rpm
cb17afaeae94a5d9c982654047c46b7f

______________________________________________________________________________

5) Pending vulnerabilities in SUSE Distributions and Workarounds:

none
______________________________________________________________________________

6) standard appendix: authenticity verification, additional information

- Package authenticity verification:

SUSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:
1) md5sums as provided in the (cryptographically signed) announcement.
2) using the internal gpg signatures of the rpm package.

1) execute the command
md5sum
after you downloaded the file from a SUSE ftp server or its mirrors.
Then, compare the resulting md5sum with the one that is listed in the
announcement. Since the announcement containing the checksums is
cryptographically signed (usually using the key security@suse.de),
the checksums show proof of the authenticity of the package.
We disrecommend to subscribe to security lists which cause the
email message containing the announcement to be modified so that
the signature does not match after transport through the mailing
list software.
Downsides: You must be able to verify the authenticity of the
announcement in the first place. If RPM packages are being rebuilt
and a new version of a package is published on the ftp server, all
md5 sums for the files are useless.

2) rpm package signatures provide an easy way to verify the authenticity
of an rpm package. Use the command
rpm -v --checksig
to verify the signature of the package, where is the
filename of the rpm package that you have downloaded. Of course,
package authenticity verification can only target an un-installed rpm
package file.
Prerequisites:
a) gpg is installed
b) The package is signed using a certain key. The public part of this
key must be installed by the gpg program in the directory
~/.gnupg/ under the user's home directory who performs the
signature verification (usually root). You can import the key
that is used by SUSE in rpm packages for SUSE Linux by saving
this announcement to a file ("announcement.txt") and
running the command (do "su -" to be root):
gpg --batch; gpg < announcement.txt | gpg --import
SUSE Linux distributions version 7.1 and thereafter install the
key "build@suse.de" upon installation or upgrade, provided that
the package gpg is installed. The file containing the public key
is placed at the top-level directory of the first CD (pubring.gpg)
and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .

- SUSE runs two security mailing lists to which any interested party may
subscribe:

suse-security@suse.com
- general/linux/SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an email to

.

suse-security-announce@suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an email to

.

For general information or the frequently asked questions (faq)
send mail to:

.

suse-security-announce@suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an email to

.

For general information or the frequently asked questions (faq)
send mail to: