Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > October 2005 > Mandriva - Eight Security Advisories

October 2005

Mandriva - Eight Security Advisories

ID: 00953
Ref: 891/05
Date: 27 October 2005:11:10:15
Version: 1
Title: Mandriva - Eight Security Advisories
Abstract: Updates for lynx, ethereal, php-imap, squid, perl-compress-zlib, unzip, uim and netpbm
Vendors affected: Mandriva
Operating systems affected: Mandriva
Applications affected: Mandriva

Title
=====

Mandriva - Eight Security Advisories:
1. Updated lynx packages fix remote buffer overflow [MDKSA-2005:186-1]
2. Updated ethereal packages fix multiple vulnerabilities [MDKSA-2005:193-1]
3. Updated php-imap packages fix buffer overflow vulnerabilities [MDKSA-2005:194]
4. Updated squid packages fix vulnerabilities [MDKSA-2005:195]
5. Updated perl-Compress-Zlib packages fix vulnerabilities [MDKSA-2005:196]
6. Updated unzip packages fix suid, permissions vulnerabilities [MDKSA-2005:197]
7. Updated uim packages fix suid linking vulnerabilities [MDKSA-2005:198]
8. Updated netpbm packages fix pnmtopng vulnerabilities [MDKSA-2005:199]


Detail
======

Security advisory summaries:

1. Ulf Harnhammar discovered a remote buffer overflow in lynx versions
2.8.2 through 2.8.5.

2. Ethereal 0.10.13 is now available fixing a number of security
vulnerabilities in various dissectors

3. "infamous41md" discovered a buffer overflow in uw-imap, the
University of Washington's IMAP Server that allows attackers to
execute arbitrary code.

4. The rfc1738_do_escape function in ftp.c for Squid 2.5.STABLE11 and
earlier allows remote FTP servers to cause a denial of service
(segmentation fault) via certain "odd" responses.

5. The perl Compress::Zlib module contains an internal copy of the zlib
library that was vulnerable to CAN-2005-1849 and CAN-2005-2096. This
library was updated with version 1.35 of Compress::Zlib.

6. Unzip 5.51 and earlier does not properly warn the user when
extracting setuid or setgid files, which may allow local users
to gain privileges. (CAN-2005-0602)

7. Masanari Yamamoto discovered that Uim uses environment variables
incorrectly. This bug causes a privilege escalation if setuid/setgid
applications are linked to libuim.

8. Pnmtopng in netpbm 10.2X, when using the -trans option, uses
uninitialized size and index variables when converting Portable
Anymap (PNM) images to Portable Network Graphics (PNG), which might
allow attackers to execute arbitrary code by modifying the stack.


Security advisory content follows:


1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2005:186-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : lynx
Date : October 26, 2005
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

Ulf Harnhammar discovered a remote buffer overflow in lynx versions
2.8.2 through 2.8.5.

When Lynx connects to an NNTP server to fetch information about the
available articles in a newsgroup, it will call a function called
HTrjis() with the information from certain article headers. The
function adds missing ESC characters to certain data, to support
Asian character sets. However, it does not check if it writes outside
of the char array buf, and that causes a remote stack-based buffer
overflow, with full control over EIP, EBX, EBP, ESI and EDI.

Two attack vectors to make a victim visit a URL to a dangerous news
server are: (a) *redirecting scripts*, where the victim visits some
web page and it redirects automatically to a malicious URL, and
(b) *links in web pages*, where the victim visits some web page
and selects a link on the page to a malicious URL. Attack vector
(b) is helped by the fact that Lynx does not automatically display
where links lead to, unlike many graphical web browsers.

The updated packages have been patched to address this issue.

Update:

The previous patchset had a bug in the patches themselves, which was
uncovered by Klaus Singvogel of Novell/SUSE in auditing crashes on
some architectures.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3120
_______________________________________________________________________

Updated Packages:

Corporate Server 2.1:
8f85c354b06417711e13abe45dcbf0d8 corporate/2.1/RPMS/lynx-2.8.5-0.10.3.C21mdk.dev.8.i586.rpm
74becbc3b1be96908c069180e36ff3b2 corporate/2.1/SRPMS/lynx-2.8.5-0.10.3.C21mdk.dev.8.src.rpm

Corporate Server 2.1/X86_64:
0a4e7145d0920dde82734f8036c50baa x86_64/corporate/2.1/RPMS/lynx-2.8.5-0.10.3.C21mdk.dev.8.x86_64.rpm
74becbc3b1be96908c069180e36ff3b2 x86_64/corporate/2.1/SRPMS/lynx-2.8.5-0.10.3.C21mdk.dev.8.src.rpm

Mandriva Linux 10.1:
80e0addf6efd297866bba33f4b8070b6 10.1/RPMS/lynx-2.8.5-1.2.101mdk.i586.rpm
13e5e506a05b448426d639d5e88a8896 10.1/SRPMS/lynx-2.8.5-1.2.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
db1f977046a8e8abd7d45d7345fde701 x86_64/10.1/RPMS/lynx-2.8.5-1.2.101mdk.x86_64.rpm
13e5e506a05b448426d639d5e88a8896 x86_64/10.1/SRPMS/lynx-2.8.5-1.2.101mdk.src.rpm

Corporate 3.0:
a8ab3968700c864e01df9c74ccb017ca corporate/3.0/RPMS/lynx-2.8.5-1.2.C30mdk.i586.rpm
221f02f4e097a52c261bb6b3bfc2bbab corporate/3.0/SRPMS/lynx-2.8.5-1.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
af94e8d31c6a756137dd04351ad61f08 x86_64/corporate/3.0/RPMS/lynx-2.8.5-1.2.C30mdk.x86_64.rpm
221f02f4e097a52c261bb6b3bfc2bbab x86_64/corporate/3.0/SRPMS/lynx-2.8.5-1.2.C30mdk.src.rpm

Multi Network Firewall 2.0:
6f0684f762fa2ac999d7ef2517525152 mnf/2.0/RPMS/lynx-2.8.5-1.2.M20mdk.i586.rpm
13cad2c8ec6a61159e5b580758dad58b mnf/2.0/SRPMS/lynx-2.8.5-1.2.M20mdk.src.rpm

Mandriva Linux 10.2:
d8007bd3e271f0f602babf443d9d2304 10.2/RPMS/lynx-2.8.5-1.2.102mdk.i586.rpm
60109bc6dc9630175c87dd66c23a8e05 10.2/SRPMS/lynx-2.8.5-1.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
9ceb656aac6be9eb6af021a2bfd661a6 x86_64/10.2/RPMS/lynx-2.8.5-1.2.102mdk.x86_64.rpm
60109bc6dc9630175c87dd66c23a8e05 x86_64/10.2/SRPMS/lynx-2.8.5-1.2.102mdk.src.rpm

Mandriva Linux 2006.0:
f7887db43f04613eef47a56fd175a1cb 2006.0/RPMS/lynx-2.8.5-4.2.20060mdk.i586.rpm
b121d10b5f27c29b8096c64c6c4416bb 2006.0/SRPMS/lynx-2.8.5-4.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
55cbe960a042601656919aa944602de2 x86_64/2006.0/RPMS/lynx-2.8.5-4.2.20060mdk.x86_64.rpm
b121d10b5f27c29b8096c64c6c4416bb x86_64/2006.0/SRPMS/lynx-2.8.5-4.2.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDX/UmmqjQ0CJFipgRAiGWAJ9b6TiacajkwntF9TP8/BIsnGjvMwCgpC+F
kgnO6Okdn8A00QbVdbmB0a4=
=W6E5
- -----END PGP SIGNATURE-----




2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2005:193-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : ethereal
Date : October 26, 2005
Affected: 10.2, 2006.0
_______________________________________________________________________

Problem Description:

Ethereal 0.10.13 is now available fixing a number of security
vulnerabilities in various dissectors:

- the ISAKMP dissector could exhaust system memory
- the FC-FCS dissector could exhaust system memory
- the RSVP dissector could exhaust system memory
- the ISIS LSP dissector could exhaust system memory
- the IrDA dissector could crash
- the SLIMP3 dissector could overflow a buffer
- the BER dissector was susceptible to an infinite loop
- the SCSI dissector could dereference a null pointer and crash
- the sFlow dissector could dereference a null pointer and crash
- the RTnet dissector could dereference a null pointer and crash
- the SigComp UDVM could go into an infinite loop or crash
- the X11 dissector could attempt to divide by zero
- if SMB transaction payload reassembly is enabled the SMB dissector
could crash (by default this is disabled)
- if the "Dissect unknown RPC program numbers" option was enabled, the
ONC RPC dissector might be able to exhaust system memory (by default
this is disabled)
- the AgentX dissector could overflow a buffer
- the WSP dissector could free an invalid pointer
- iDEFENSE discovered a buffer overflow in the SRVLOC dissector

The new version of Ethereal is provided and corrects all of these
issues.

Update:

An infinite loop in the IRC dissector was also discovered and fixed
after the 0.10.13 release. The updated packages include the fix.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3184
http://www.ethereal.com/appnotes/enpa-sa-00021.html
_______________________________________________________________________

Updated Packages:

Mandriva Linux 10.2:
30d68fb7d3dd3e10f99ce0e4067e29e3 10.2/RPMS/ethereal-0.10.13-0.2.102mdk.i586.rpm
ee195abe7f3fd9abe3db39cd3b497a8c 10.2/RPMS/ethereal-tools-0.10.13-0.2.102mdk.i586.rpm
8930ea673040d37f41ad955412ba3623 10.2/RPMS/libethereal0-0.10.13-0.2.102mdk.i586.rpm
3bc4bd7208feaf92f77f3a83b0f3281b 10.2/RPMS/tethereal-0.10.13-0.2.102mdk.i586.rpm
7fe65f07557a9dcb662eb1b6967ce31f 10.2/SRPMS/ethereal-0.10.13-0.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
cb69d27d896a19a03fe1c05effffe98d x86_64/10.2/RPMS/ethereal-0.10.13-0.2.102mdk.x86_64.rpm
28dca424f2fdef25ab9b5f2115c7b577 x86_64/10.2/RPMS/ethereal-tools-0.10.13-0.2.102mdk.x86_64.rpm
b47935d8d59d817e69b54d2487e12445 x86_64/10.2/RPMS/lib64ethereal0-0.10.13-0.2.102mdk.x86_64.rpm
e717805302885ba4af36a16768f93668 x86_64/10.2/RPMS/tethereal-0.10.13-0.2.102mdk.x86_64.rpm
7fe65f07557a9dcb662eb1b6967ce31f x86_64/10.2/SRPMS/ethereal-0.10.13-0.2.102mdk.src.rpm

Mandriva Linux 2006.0:
993d95642384bf74c9ed2f7279caa3b2 2006.0/RPMS/ethereal-0.10.13-0.2.20060mdk.i586.rpm
a8cb961f3fee116724f8af4ce64f8244 2006.0/RPMS/ethereal-tools-0.10.13-0.2.20060mdk.i586.rpm
ef572149f1c053ddcf47afa4c704ca58 2006.0/RPMS/libethereal0-0.10.13-0.2.20060mdk.i586.rpm
21d6112631fa025e0b01b2fe7698aada 2006.0/RPMS/tethereal-0.10.13-0.2.20060mdk.i586.rpm
04595febee4cf49a9e851563ef8975c9 2006.0/SRPMS/ethereal-0.10.13-0.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
a1af50cf48c2d44c44b0068ee265609f x86_64/2006.0/RPMS/ethereal-0.10.13-0.2.20060mdk.x86_64.rpm
c4c26c4bcd136c8a8d540c62e51ba8f5 x86_64/2006.0/RPMS/ethereal-tools-0.10.13-0.2.20060mdk.x86_64.rpm
fc393647ae421ef0e9b60967bc22b65e x86_64/2006.0/RPMS/lib64ethereal0-0.10.13-0.2.20060mdk.x86_64.rpm
ca89deabfae41880a7e37e6e70451caf x86_64/2006.0/RPMS/tethereal-0.10.13-0.2.20060mdk.x86_64.rpm
04595febee4cf49a9e851563ef8975c9 x86_64/2006.0/SRPMS/ethereal-0.10.13-0.2.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDX/V7mqjQ0CJFipgRAgJzAKCS/Qu4ySCH+ysIjUWnVwldSLMcPQCfSe9j
cLKewlLPlR86eNfiWtUkavg=
=Ofo7
- -----END PGP SIGNATURE-----




3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2005:194
http://www.mandriva.com/security/
_______________________________________________________________________

Package : php-imap
Date : October 26, 2005
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0
_______________________________________________________________________

Problem Description:

"infamous41md" discovered a buffer overflow in uw-imap, the
University of Washington's IMAP Server that allows attackers to
execute arbitrary code.

php-imap is compiled against the static c-client libs from imap.
These packages have been recompiled against the updated imap
development packages.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2933
_______________________________________________________________________

Updated Packages:

Corporate Server 2.1:
9be9a883ded639585446c6d5de663421 corporate/2.1/RPMS/php-imap-4.2.3-1.1.C21mdk.i586.rpm
4ac16712b0354cd3a3a900a531d18f75 corporate/2.1/SRPMS/php-imap-4.2.3-1.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
03a4ef56e03fc2ca25a3234af2f3da17 x86_64/corporate/2.1/RPMS/php-imap-4.2.3-1.1.C21mdk.x86_64.rpm
4ac16712b0354cd3a3a900a531d18f75 x86_64/corporate/2.1/SRPMS/php-imap-4.2.3-1.1.C21mdk.src.rpm

Mandriva Linux 10.1:
959a1497572aa4f2871b6d2650795883 10.1/RPMS/php-imap-4.3.8-1.1.101mdk.i586.rpm
b41e8d05335694fa522c403c96ca3987 10.1/SRPMS/php-imap-4.3.8-1.1.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
ebe83f9574925da13ddd1f4b75688fa8 x86_64/10.1/RPMS/php-imap-4.3.8-1.1.101mdk.x86_64.rpm
b41e8d05335694fa522c403c96ca3987 x86_64/10.1/SRPMS/php-imap-4.3.8-1.1.101mdk.src.rpm

Corporate 3.0:
fdd36f4022e376a0df36260ae27d76f1 corporate/3.0/RPMS/php-imap-4.3.4-1.1.C30mdk.i586.rpm
8321651ffc58801ca272b98e64a385d0 corporate/3.0/SRPMS/php-imap-4.3.4-1.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
44c3cdadf20366f41536cbdc2c1e1748 x86_64/corporate/3.0/RPMS/php-imap-4.3.4-1.1.C30mdk.x86_64.rpm
8321651ffc58801ca272b98e64a385d0 x86_64/corporate/3.0/SRPMS/php-imap-4.3.4-1.1.C30mdk.src.rpm

Mandriva Linux 10.2:
7ea50a18385970beb115e262c35bc2fa 10.2/RPMS/php-imap-4.3.10-6.1.102mdk.i586.rpm
78fa0456168d2156594aac90a196cd2b 10.2/SRPMS/php-imap-4.3.10-6.1.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
fe794754ac58a7f91bffb071175d2176 x86_64/10.2/RPMS/php-imap-4.3.10-6.1.102mdk.x86_64.rpm
78fa0456168d2156594aac90a196cd2b x86_64/10.2/SRPMS/php-imap-4.3.10-6.1.102mdk.src.rpm

Mandriva Linux 2006.0:
7ebb8d2b7e9c2c876f4fde7c830aaa45 2006.0/RPMS/php-imap-5.0.4-2.1.20060mdk.i586.rpm
422822aaad1b121dc6cffbea414b33e3 2006.0/SRPMS/php-imap-5.0.4-2.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
9217687789293eaaca8a66b44c00f196 x86_64/2006.0/RPMS/php-imap-5.0.4-2.1.20060mdk.x86_64.rpm
422822aaad1b121dc6cffbea414b33e3 x86_64/2006.0/SRPMS/php-imap-5.0.4-2.1.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDX/XOmqjQ0CJFipgRAoc5AJ4l0wV9KTPTBeBaDi4VG6H7P63cwwCeJVQw
8eNfZ0bDyReJDLMmWbVbmhM=
=iKZU
- -----END PGP SIGNATURE-----




4.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2005:195
http://www.mandriva.com/security/
_______________________________________________________________________

Package : squid
Date : October 26, 2005
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

The rfc1738_do_escape function in ftp.c for Squid 2.5.STABLE11 and
earlier allows remote FTP servers to cause a denial of service
(segmentation fault) via certain "odd" responses.

The updated packages have been patched to address these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3258
_______________________________________________________________________

Updated Packages:

Corporate Server 2.1:
f8aca99b670bd1d7cd062d29d6e337c0 corporate/2.1/RPMS/squid-2.4.STABLE7-2.10.C21mdk.i586.rpm
575ebbe6d8c6dd4a88c85763de0955a6 corporate/2.1/SRPMS/squid-2.4.STABLE7-2.10.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
b2bb3b18fbaec34fa4a4de306f7badfa x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.10.C21mdk.x86_64.rpm
575ebbe6d8c6dd4a88c85763de0955a6 x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.10.C21mdk.src.rpm

Mandriva Linux 10.1:
1aa5389665eb7c44fc1a6f2a62a9c3e4 10.1/RPMS/squid-2.5.STABLE9-1.5.101mdk.i586.rpm
9000867a2ad94d095311053f36742abc 10.1/SRPMS/squid-2.5.STABLE9-1.5.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
d417b0a933c81eeee4462ff5bf0d207a x86_64/10.1/RPMS/squid-2.5.STABLE9-1.5.101mdk.x86_64.rpm
9000867a2ad94d095311053f36742abc x86_64/10.1/SRPMS/squid-2.5.STABLE9-1.5.101mdk.src.rpm

Corporate 3.0:
16a31934c2801715f0cb6290ea1c5c58 corporate/3.0/RPMS/squid-2.5.STABLE9-1.5.C30mdk.i586.rpm
aa1042be761e422dbee47cf3b5777b90 corporate/3.0/SRPMS/squid-2.5.STABLE9-1.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
5c285a1e0df7c5de08424a73438ef094 x86_64/corporate/3.0/RPMS/squid-2.5.STABLE9-1.5.C30mdk.x86_64.rpm
aa1042be761e422dbee47cf3b5777b90 x86_64/corporate/3.0/SRPMS/squid-2.5.STABLE9-1.5.C30mdk.src.rpm

Multi Network Firewall 2.0:
92a195660ac40c9b6ae9ca275054c501 mnf/2.0/RPMS/squid-2.5.STABLE9-1.5.M20mdk.i586.rpm
1a97bb3873323ffe64629623c72d28c8 mnf/2.0/SRPMS/squid-2.5.STABLE9-1.5.M20mdk.src.rpm

Mandriva Linux 10.2:
442d8df682a4b46ae9f1c2e864b6505d 10.2/RPMS/squid-2.5.STABLE9-1.5.102mdk.i586.rpm
bd75db1db5949be45168118bf9fd6e80 10.2/SRPMS/squid-2.5.STABLE9-1.5.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
08dcae009d962753884eb5c11ff1bdf3 x86_64/10.2/RPMS/squid-2.5.STABLE9-1.5.102mdk.x86_64.rpm
bd75db1db5949be45168118bf9fd6e80 x86_64/10.2/SRPMS/squid-2.5.STABLE9-1.5.102mdk.src.rpm

Mandriva Linux 2006.0:
6c8f78eaefa702ea819c53cab55ad715 2006.0/RPMS/squid-2.5.STABLE10-10.2.20060mdk.i586.rpm
0b213d4496b8db93581a2b21388900af 2006.0/RPMS/squid-cachemgr-2.5.STABLE10-10.2.20060mdk.i586.rpm
1a242f5c868a63decda6a14c18de0397 2006.0/SRPMS/squid-2.5.STABLE10-10.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
a8a30856a40f1067790ffb816c15ae4a x86_64/2006.0/RPMS/squid-2.5.STABLE10-10.2.20060mdk.x86_64.rpm
7bbf70c2cbe5e22f6a5d9008ca96a887 x86_64/2006.0/RPMS/squid-cachemgr-2.5.STABLE10-10.2.20060mdk.x86_64.rpm
1a242f5c868a63decda6a14c18de0397 x86_64/2006.0/SRPMS/squid-2.5.STABLE10-10.2.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDX/YhmqjQ0CJFipgRAunuAKC/rhHWaig0Q45jzSWL/mR5HM7IdgCfcGyZ
1TWq5z48L6oDF1pvHOABkOw=
=cZLN
- -----END PGP SIGNATURE-----




5.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2005:196
http://www.mandriva.com/security/
_______________________________________________________________________

Package : perl-Compress-Zlib
Date : October 26, 2005
Affected: 10.1, 10.2, Corporate 2.1, Corporate 3.0
_______________________________________________________________________

Problem Description:

The perl Compress::Zlib module contains an internal copy of the zlib
library that was vulnerable to CAN-2005-1849 and CAN-2005-2096. This
library was updated with version 1.35 of Compress::Zlib.

An updated perl-Compress-Zlib package is now available to provide the
fixed module.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096
_______________________________________________________________________

Updated Packages:

Corporate Server 2.1:
c5e5e4bdde847a0a962dd1f0f57180da corporate/2.1/RPMS/perl-Compress-Zlib-1.37-0.1.C21mdk.i586.rpm
7753a97ea1f7f2e635866d1457c08122 corporate/2.1/SRPMS/perl-Compress-Zlib-1.37-0.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
ea6a1a6cc1cdcbc3c23aea81aa0a87d4 x86_64/corporate/2.1/RPMS/perl-Compress-Zlib-1.37-0.1.C21mdk.x86_64.rpm
7753a97ea1f7f2e635866d1457c08122 x86_64/corporate/2.1/SRPMS/perl-Compress-Zlib-1.37-0.1.C21mdk.src.rpm

Mandriva Linux 10.1:
e7923b362b8ef2fb3d806371a69df7aa 10.1/RPMS/perl-Compress-Zlib-1.37-0.1.101mdk.i586.rpm
0b7fbd7ae4c245b400d46f57ea63bf90 10.1/SRPMS/perl-Compress-Zlib-1.37-0.1.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
8f052c92f3f9d0d7f1ad006356348405 x86_64/10.1/RPMS/perl-Compress-Zlib-1.37-0.1.101mdk.x86_64.rpm
0b7fbd7ae4c245b400d46f57ea63bf90 x86_64/10.1/SRPMS/perl-Compress-Zlib-1.37-0.1.101mdk.src.rpm

Corporate 3.0:
c33b659717b2723bb1c947ac6441db14 corporate/3.0/RPMS/perl-Compress-Zlib-1.37-0.1.C30mdk.i586.rpm
adfd2f029c30a1e289d8f827bba46946 corporate/3.0/SRPMS/perl-Compress-Zlib-1.37-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
0a0e03e272d075dee7345b3196d7b0ea x86_64/corporate/3.0/RPMS/perl-Compress-Zlib-1.37-0.1.C30mdk.x86_64.rpm
adfd2f029c30a1e289d8f827bba46946 x86_64/corporate/3.0/SRPMS/perl-Compress-Zlib-1.37-0.1.C30mdk.src.rpm

Mandriva Linux 10.2:
b4b17d14d3565862ce8368c71734e74c 10.2/RPMS/perl-Compress-Zlib-1.37-0.1.102mdk.i586.rpm
8a4ace379976089460eefea2859a1b31 10.2/SRPMS/perl-Compress-Zlib-1.37-0.1.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
07b74796e2e3b8a1ea72ef1fbdb8d47b x86_64/10.2/RPMS/perl-Compress-Zlib-1.37-0.1.102mdk.x86_64.rpm
8a4ace379976089460eefea2859a1b31 x86_64/10.2/SRPMS/perl-Compress-Zlib-1.37-0.1.102mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDX/Z1mqjQ0CJFipgRAv4iAJ9SLGTzFhmfx1XA0gzK1ImUSB8ayACfYtne
7b6eyKAsETMLg10hDjxg9CE=
=UL6T
- -----END PGP SIGNATURE-----




6.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2005:197
http://www.mandriva.com/security/
_______________________________________________________________________

Package : unzip
Date : October 26, 2005
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

Unzip 5.51 and earlier does not properly warn the user when
extracting setuid or setgid files, which may allow local users
to gain privileges. (CAN-2005-0602)

Imran Ghory found a race condition in the handling of output files.
While a file was unpacked by unzip, a local attacker with write
permissions to the target directory could exploit this to change the
permissions of arbitrary files of the unzip user. This affects
versions of unzip 5.52 and lower (CAN-2005-2475)

The updated packages have been patched to address these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2475
_______________________________________________________________________

Updated Packages:

Corporate Server 2.1:
7588a2f5d443685a928d3c3feb547aba corporate/2.1/RPMS/unzip-5.50-4.4.C21mdk.i586.rpm
7d3e7ef187a36a39b3427d0d38959189 corporate/2.1/SRPMS/unzip-5.50-4.4.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
79aa9befeb7ed8de2220afc3fb3d1886 x86_64/corporate/2.1/RPMS/unzip-5.50-4.4.C21mdk.x86_64.rpm
7d3e7ef187a36a39b3427d0d38959189 x86_64/corporate/2.1/SRPMS/unzip-5.50-4.4.C21mdk.src.rpm

Mandriva Linux 10.1:
cb3280ad8d82e7f7108ed7a5336217ea 10.1/RPMS/unzip-5.51-1.2.101mdk.i586.rpm
0ec9c5f7200a6bc97429408d49f26252 10.1/SRPMS/unzip-5.51-1.2.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
67cb90cf939bd25c74deba5e45d6dbb8 x86_64/10.1/RPMS/unzip-5.51-1.2.101mdk.x86_64.rpm
0ec9c5f7200a6bc97429408d49f26252 x86_64/10.1/SRPMS/unzip-5.51-1.2.101mdk.src.rpm

Corporate 3.0:
b17cff4c27c1a268fd3cd7cec5661c12 corporate/3.0/RPMS/unzip-5.50-9.2.C30mdk.i586.rpm
1aedfd6f58ec41f16c72f3581744812e corporate/3.0/SRPMS/unzip-5.50-9.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
0b6a7cbd46e1ae821ad90bfc9623d86b x86_64/corporate/3.0/RPMS/unzip-5.50-9.2.C30mdk.x86_64.rpm
1aedfd6f58ec41f16c72f3581744812e x86_64/corporate/3.0/SRPMS/unzip-5.50-9.2.C30mdk.src.rpm

Multi Network Firewall 2.0:
09797c30705503bef945eac7ae58e6ba mnf/2.0/RPMS/unzip-5.50-9.2.M20mdk.i586.rpm
81f25b8506bab3e2d467a918247a24ea mnf/2.0/SRPMS/unzip-5.50-9.2.M20mdk.src.rpm

Mandriva Linux 10.2:
2fbac32dc8e75c593af39fda3abb2b85 10.2/RPMS/unzip-5.51-1.2.102mdk.i586.rpm
95661a9046eb3b823a631ad85d9e0805 10.2/SRPMS/unzip-5.51-1.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
099a8fe40622a82cabd9495cdf52377a x86_64/10.2/RPMS/unzip-5.51-1.2.102mdk.x86_64.rpm
95661a9046eb3b823a631ad85d9e0805 x86_64/10.2/SRPMS/unzip-5.51-1.2.102mdk.src.rpm

Mandriva Linux 2006.0:
36aa8d839b74be9bb71fffd19f55e20c 2006.0/RPMS/unzip-5.52-1.2.20060mdk.i586.rpm
0dce17e0e7ff5040bf7d28802df8de7c 2006.0/SRPMS/unzip-5.52-1.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
10ac5d8076fa230106359170360a5f23 x86_64/2006.0/RPMS/unzip-5.52-1.2.20060mdk.x86_64.rpm
0dce17e0e7ff5040bf7d28802df8de7c x86_64/2006.0/SRPMS/unzip-5.52-1.2.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDX/bHmqjQ0CJFipgRAu/dAKDkvstFLoqaBkWZAJmBF7ymm4SFVgCfSOak
4YlJec53w5WEyuPn7PXTSPE=
=prpn
- -----END PGP SIGNATURE-----




7.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2005:198
http://www.mandriva.com/security/
_______________________________________________________________________

Package : uim
Date : October 26, 2005
Affected: 10.2, 2006.0
_______________________________________________________________________

Problem Description:

Masanari Yamamoto discovered that Uim uses environment variables
incorrectly. This bug causes a privilege escalation if setuid/setgid
applications are linked to libuim.

The updated packages have been patched to address this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3149
_______________________________________________________________________

Updated Packages:

Mandriva Linux 10.2:
0b40b2bf269eebdb578b7ccad6376ee7 10.2/RPMS/libuim0-0.4.6-6.1.102mdk.i586.rpm
0fa0b1b530cbe088168575f93e27af16 10.2/RPMS/libuim0-devel-0.4.6-6.1.102mdk.i586.rpm
ff9d291ec6260b7b8dbcb7ffff44723c 10.2/RPMS/uim-0.4.6-6.1.102mdk.i586.rpm
58748280b6409a8ad303d373af08f095 10.2/RPMS/uim-anthy-0.4.6-6.1.102mdk.i586.rpm
de4817e89863e467f60f0bdfc8e367ee 10.2/RPMS/uim-gtk-0.4.6-6.1.102mdk.i586.rpm
9f604d7675aac699f2415a251ecea3c8 10.2/RPMS/uim-m17nlib-0.4.6-6.1.102mdk.i586.rpm
39ecbe0eba6a0e577fb4964eb056f1be 10.2/RPMS/uim-prime-0.4.6-6.1.102mdk.i586.rpm
ba70ceeadff24ddf3116ca7ca896bc29 10.2/RPMS/uim-qt-0.4.6-6.1.102mdk.i586.rpm
a4724afdb7fd954d0a5e4cbfe76da9ea 10.2/RPMS/uim-skk-0.4.6-6.1.102mdk.i586.rpm
1aaae40c2eb11aeb27894f0adad90c78 10.2/SRPMS/uim-0.4.6-6.1.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
a4577bc46ee837064e90d76de15dc0d8 x86_64/10.2/RPMS/lib64uim0-0.4.6-6.1.102mdk.x86_64.rpm
4f5481e87619492b66b872189b64a746 x86_64/10.2/RPMS/lib64uim0-devel-0.4.6-6.1.102mdk.x86_64.rpm
b0136005ec97560c3b69f1afe866858c x86_64/10.2/RPMS/uim-0.4.6-6.1.102mdk.x86_64.rpm
ec86c03dbc8931b1fafd3afa0ab1076c x86_64/10.2/RPMS/uim-anthy-0.4.6-6.1.102mdk.x86_64.rpm
16eafc984239f9cca8ac8b11ca6add5c x86_64/10.2/RPMS/uim-gtk-0.4.6-6.1.102mdk.x86_64.rpm
ff44a9d79f64c4ddf016808c82676248 x86_64/10.2/RPMS/uim-m17nlib-0.4.6-6.1.102mdk.x86_64.rpm
cc12102858c03a110123750217e4fe98 x86_64/10.2/RPMS/uim-prime-0.4.6-6.1.102mdk.x86_64.rpm
61e11d3562720bb2899e0847786c61c0 x86_64/10.2/RPMS/uim-qt-0.4.6-6.1.102mdk.x86_64.rpm
72b234c251423aaa12958b726af54e9c x86_64/10.2/RPMS/uim-skk-0.4.6-6.1.102mdk.x86_64.rpm
1aaae40c2eb11aeb27894f0adad90c78 x86_64/10.2/SRPMS/uim-0.4.6-6.1.102mdk.src.rpm

Mandriva Linux 2006.0:
13f254622cce2b61e252b85f2b3b89df 2006.0/RPMS/libuim0-0.4.8-4.1.20060mdk.i586.rpm
093f761ec0406e72463d0318cc58484a 2006.0/RPMS/libuim0-devel-0.4.8-4.1.20060mdk.i586.rpm
97bb193739679b4b20312c26e63f750f 2006.0/RPMS/uim-0.4.8-4.1.20060mdk.i586.rpm
eef6b766c1283e770d872d440f1ab8dc 2006.0/RPMS/uim-gtk-0.4.8-4.1.20060mdk.i586.rpm
1c2a7bb3cb25ba173289098c3ce80b07 2006.0/RPMS/uim-qt-0.4.8-4.1.20060mdk.i586.rpm
ad441f9127511a1e5b0d83472ae54862 2006.0/RPMS/uim-qtimmodule-0.4.8-4.1.20060mdk.i586.rpm
58946cffcb345bbaaae8a3b2e5192a8f 2006.0/SRPMS/uim-0.4.8-4.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
6ccb325145baeed7ea30b78a367941dd x86_64/2006.0/RPMS/lib64uim0-0.4.8-4.1.20060mdk.x86_64.rpm
21465e1d5bb3a169053e5930ef03074d x86_64/2006.0/RPMS/lib64uim0-devel-0.4.8-4.1.20060mdk.x86_64.rpm
f0e752e8177553041fefa013ce4598df x86_64/2006.0/RPMS/uim-0.4.8-4.1.20060mdk.x86_64.rpm
3056648cfdbcfdb715106531dda70700 x86_64/2006.0/RPMS/uim-gtk-0.4.8-4.1.20060mdk.x86_64.rpm
3f5264d09059fadc77229b696cbea267 x86_64/2006.0/RPMS/uim-qt-0.4.8-4.1.20060mdk.x86_64.rpm
9d586985de4c10e879bcd699af023cae x86_64/2006.0/RPMS/uim-qtimmodule-0.4.8-4.1.20060mdk.x86_64.rpm
58946cffcb345bbaaae8a3b2e5192a8f x86_64/2006.0/SRPMS/uim-0.4.8-4.1.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDX/cbmqjQ0CJFipgRAmtUAJ9uoYAcWo7lpfRjWo2Ak+rTEMx+EACfdO5R
ejHcUW3I/0IxlAoZNN+4qzo=
=YxAm
- -----END PGP SIGNATURE-----




8.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2005:199
http://www.mandriva.com/security/
_______________________________________________________________________

Package : netpbm
Date : October 26, 2005
Affected: 10.2, 2006.0
_______________________________________________________________________

Problem Description:

Pnmtopng in netpbm 10.2X, when using the -trans option, uses
uninitialized size and index variables when converting Portable
Anymap (PNM) images to Portable Network Graphics (PNG), which might
allow attackers to execute arbitrary code by modifying the stack.

Netpbm 9.2X is not affected by this vulnerability.

The updated packages have been patched to correct this problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2978
_______________________________________________________________________

Updated Packages:

Mandriva Linux 10.2:
ea24ad6ff612f0fce46eff6fb2233599 10.2/RPMS/libnetpbm10-10.26-2.2.102mdk.i586.rpm
b91191e8a7596085eb467894dd84232e 10.2/RPMS/libnetpbm10-devel-10.26-2.2.102mdk.i586.rpm
8965b6516f0be5e952bfd179f1024630 10.2/RPMS/libnetpbm10-static-devel-10.26-2.2.102mdk.i586.rpm
1ae015666de512fb398060ec73c8bbea 10.2/RPMS/netpbm-10.26-2.2.102mdk.i586.rpm
868de752ab4de8dc609a2b3c47432190 10.2/SRPMS/netpbm-10.26-2.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
b43b2e9787434ece104048f245fbe392 x86_64/10.2/RPMS/lib64netpbm10-10.26-2.2.102mdk.x86_64.rpm
0a8a3e79a679f0a15265e4fa1d36df51 x86_64/10.2/RPMS/lib64netpbm10-devel-10.26-2.2.102mdk.x86_64.rpm
dcab386cd578ab45a7f664e3e3a2f90b x86_64/10.2/RPMS/lib64netpbm10-static-devel-10.26-2.2.102mdk.x86_64.rpm
69b5ad7432ba251c210f91589a0ccdbf x86_64/10.2/RPMS/netpbm-10.26-2.2.102mdk.x86_64.rpm
868de752ab4de8dc609a2b3c47432190 x86_64/10.2/SRPMS/netpbm-10.26-2.2.102mdk.src.rpm

Mandriva Linux 2006.0:
4ffed80a15a8d15cd8c9d2c227d3c03d 2006.0/RPMS/libnetpbm10-10.29-1.2.20060mdk.i586.rpm
55a9bee09a885a83c553819d7c8d22ab 2006.0/RPMS/libnetpbm10-devel-10.29-1.2.20060mdk.i586.rpm
e1f55280419d7641251ad1f3fc8d31ec 2006.0/RPMS/libnetpbm10-static-devel-10.29-1.2.20060mdk.i586.rpm
8482ee2780ac0ccbc2cf177b3ba3b2f0 2006.0/RPMS/netpbm-10.29-1.2.20060mdk.i586.rpm
2ffcf5c132e2dd0013aef1b0ccdb214f 2006.0/SRPMS/netpbm-10.29-1.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
ca343baca521cc747f6254c9442a44a2 x86_64/2006.0/RPMS/lib64netpbm10-10.29-1.2.20060mdk.x86_64.rpm
17aa56ad4fb21994e79cd6ca51466908 x86_64/2006.0/RPMS/lib64netpbm10-devel-10.29-1.2.20060mdk.x86_64.rpm
8356a5735527b39db5786e2e66fce0f7 x86_64/2006.0/RPMS/lib64netpbm10-static-devel-10.29-1.2.20060mdk.x86_64.rpm
80d8111cfc32bbf7a92fcb57fc331d9e x86_64/2006.0/RPMS/netpbm-10.29-1.2.20060mdk.x86_64.rpm
2ffcf5c132e2dd0013aef1b0ccdb214f x86_64/2006.0/SRPMS/netpbm-10.29-1.2.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDX/dsmqjQ0CJFipgRApn2AKCp29/lilSIzOYcCUFSEz+MumBKygCgypmK
qv5fbcy/7m96KZC3lSfVwAE=
=26MT
- -----END PGP SIGNATURE-----



  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |