[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 797/06 - Three Mandriva Linux Security Advisories:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------------------------
       UNIRAS (UK Government CERT) Briefing - 797/06 Dated 01.12.06 Time 13:55  

UNIRAS is part of NISCC (the UK National Infrastructure Security  Co-ordination Centre)
- ---------------------------------------------------------------------------------------
 	UNIRAS material is available from the NISCC website at www.niscc.gov.uk
- ---------------------------------------------------------------------------------------

Title
=====

Three  Mandriva Linux Security Advisories:

1. MDKSA-2006:217-1 - Updated proftpd packages fix vulnerabilities

2. MDKSA-2006:220 - Updated libgsf packages fix heap buffer overflow vulnerability

3. MDKSA-2006:221 - Updated gnupg packages fix vulnerability

Detail
======

1.  A stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0  and earlier, allows remote attackers to cause a denial
of service, as  demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
 (CVE-2006-5815)

2.  "infamous41md" discovered a heap buffer overflow vulnerability in  libgsf, a GNOME library for reading and writing structured
file  formats, which could lead to the execution of arbitrary code.

3.  Buffer overflow in the ask_outfile_name function in openfile.c for  GnuPG (gpg) 1.4 and 2.0, when running interactively, might
allow  attackers to execute arbitrary code via messages that cause the  make_printable_string function to return a longer string
than expected  while constructing a prompt.





1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                       MDKSA-2006:217-1
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : proftpd
 Date    : November 30, 2006
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0  _______________________________________________________________________
 
 Problem Description:
 
 A stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0  and earlier, allows remote attackers to cause a denial of
service, as  demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
 (CVE-2006-5815)

 Buffer overflow in the tls_x509_name_oneline function in the mod_tls  module, as used in ProFTPD 1.3.0a and earlier, and possibly
other  products, allows remote attackers to execute arbitrary code via a large  data length argument, a different vulnerability than
CVE-2006-5815.
 (CVE-2006-6170)

 ProFTPD 1.3.0a and earlier does not properly set the buffer size limit  when CommandBufferSize is specified in the configuration
file, which  leads to an off-by-two buffer underflow.  NOTE: in November 2006, the  role of CommandBufferSize was originally
associated with CVE-2006-5815,  but this was an error stemming from an initial vague disclosure. NOTE:
 ProFTPD developers dispute this issue, saying that the relevant memory  location is overwritten by assignment before further use
within the  affected function, so this is not a vulnerability. (CVE-2006-6171)

 Packages have been patched to correct these issues.

 Update:

 The previous update incorrectly linked the vd_proftd.pm issue with the  CommandBufferSize issue. These are two distinct issues and
the previous  update only addressed CommandBufferSize (CVE-2006-6171), and the  mod_tls issue (CVE-2006-6170).
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5815
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6170
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6171
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 b1cd1e2584e59418a20260b3f3332208  2006.0/i586/proftpd-1.2.10-13.3.20060mdk.i586.rpm
 979d14f8aa6312dac64948e1e9445f33  2006.0/i586/proftpd-anonymous-1.2.10-13.3.20060mdk.i586.rpm
 1d446921049eb39f91f0450a0ff74018  2006.0/SRPMS/proftpd-1.2.10-13.3.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 80f43de2dcf0aab1956552ef2a93c1b5  2006.0/x86_64/proftpd-1.2.10-13.3.20060mdk.x86_64.rpm
 62862e2c1c5c870946406beb2b982237  2006.0/x86_64/proftpd-anonymous-1.2.10-13.3.20060mdk.x86_64.rpm
 1d446921049eb39f91f0450a0ff74018  2006.0/SRPMS/proftpd-1.2.10-13.3.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 a37912e678d6dbfe2ed21a2c432e029c  2007.0/i586/proftpd-1.3.0-4.3mdv2007.0.i586.rpm
 89b3d4beac485d4879295ad99a17cd1b  2007.0/i586/proftpd-anonymous-1.3.0-4.3mdv2007.0.i586.rpm
 c206fc94fd81a8f79a158efe6e0fa8fb  2007.0/i586/proftpd-mod_autohost-1.3.0-4.3mdv2007.0.i586.rpm
 6ba12b916446da7651ced303cd5c2f0a  2007.0/i586/proftpd-mod_case-1.3.0-4.3mdv2007.0.i586.rpm
 a3d6b7c829345d6edf9f22efb8369b58  2007.0/i586/proftpd-mod_clamav-1.3.0-4.3mdv2007.0.i586.rpm
 a51a76a0e93f638018a15a28d67d1bc6  2007.0/i586/proftpd-mod_ctrls_admin-1.3.0-4.3mdv2007.0.i586.rpm
 458913aaa82dd80691b08e69c2d7a68e  2007.0/i586/proftpd-mod_facl-1.3.0-4.3mdv2007.0.i586.rpm
 3e929da8229f69a9c2c8702f2c79bbfe  2007.0/i586/proftpd-mod_gss-1.3.0-4.3mdv2007.0.i586.rpm
 9c7ad69945b176c59f682a750ba0da86  2007.0/i586/proftpd-mod_ifsession-1.3.0-4.3mdv2007.0.i586.rpm
 de0dd2a5354bdd79842c84dd0698ae80  2007.0/i586/proftpd-mod_ldap-1.3.0-4.3mdv2007.0.i586.rpm
 84255d9b701a430fdebc8ffa0804462d  2007.0/i586/proftpd-mod_load-1.3.0-4.3mdv2007.0.i586.rpm
 5a9dea0cc961f50a772f0c7f6d04fb2c  2007.0/i586/proftpd-mod_quotatab-1.3.0-4.3mdv2007.0.i586.rpm
 da44806b650245adadee9227d60fed35  2007.0/i586/proftpd-mod_quotatab_file-1.3.0-4.3mdv2007.0.i586.rpm
 c2fd38d0ab3e324e377a0a83449bdcfc  2007.0/i586/proftpd-mod_quotatab_ldap-1.3.0-4.3mdv2007.0.i586.rpm
 db3864770f8aa649190e84ac04c7d26a  2007.0/i586/proftpd-mod_quotatab_sql-1.3.0-4.3mdv2007.0.i586.rpm
 1f1a0e13808bfe3179c1142d2cfc76bd  2007.0/i586/proftpd-mod_radius-1.3.0-4.3mdv2007.0.i586.rpm
 93f3736a42145559e9faffa16c68271d  2007.0/i586/proftpd-mod_ratio-1.3.0-4.3mdv2007.0.i586.rpm
 ce6ce9b9340c328ff0956481fe9ee5ff  2007.0/i586/proftpd-mod_rewrite-1.3.0-4.3mdv2007.0.i586.rpm
 8c7089d22b32a863691fcf1ff3c1b6bf  2007.0/i586/proftpd-mod_shaper-1.3.0-4.3mdv2007.0.i586.rpm
 23b8d3f76708ce59d83bf07a6c19034d  2007.0/i586/proftpd-mod_site_misc-1.3.0-4.3mdv2007.0.i586.rpm
 845b77cc6c4c2f4eb8c4a41d369afe3d  2007.0/i586/proftpd-mod_sql-1.3.0-4.3mdv2007.0.i586.rpm
 7d98b511040ce3a9c16ca38fad98cdc7  2007.0/i586/proftpd-mod_sql_mysql-1.3.0-4.3mdv2007.0.i586.rpm
 44bdd048bac956a52adae56b429419a8  2007.0/i586/proftpd-mod_sql_postgres-1.3.0-4.3mdv2007.0.i586.rpm
 bece7d223e81935362115874debc625f  2007.0/i586/proftpd-mod_time-1.3.0-4.3mdv2007.0.i586.rpm
 b655b11679c1d46750397f647499d113  2007.0/i586/proftpd-mod_tls-1.3.0-4.3mdv2007.0.i586.rpm
 f051af523f306a8547cc232df6af61b0  2007.0/i586/proftpd-mod_wrap-1.3.0-4.3mdv2007.0.i586.rpm
 ea415328f16a7c86c530b1628e9e7119  2007.0/i586/proftpd-mod_wrap_file-1.3.0-4.3mdv2007.0.i586.rpm
 40cc7355b7baea00dc0ca3d9fbb23d54  2007.0/i586/proftpd-mod_wrap_sql-1.3.0-4.3mdv2007.0.i586.rpm
 56f9c85b919e81120ef5c9f95c5fbb70  2007.0/SRPMS/proftpd-1.3.0-4.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 a3f7f06d36e939decedbfbd73b068a00  2007.0/x86_64/proftpd-1.3.0-4.3mdv2007.0.x86_64.rpm
 e57974563e6a6a856997ece7ae4223f3  2007.0/x86_64/proftpd-anonymous-1.3.0-4.3mdv2007.0.x86_64.rpm
 351f1bcb4148bb3e2d42e4f8b63866bb  2007.0/x86_64/proftpd-mod_autohost-1.3.0-4.3mdv2007.0.x86_64.rpm
 5244e4fe2899727b8ed9ff8c2108e835  2007.0/x86_64/proftpd-mod_case-1.3.0-4.3mdv2007.0.x86_64.rpm
 6945e72c1af1e29f0e8a4f851fde7c04  2007.0/x86_64/proftpd-mod_clamav-1.3.0-4.3mdv2007.0.x86_64.rpm
 eaeba816574a28d65c243d70c55a2be7  2007.0/x86_64/proftpd-mod_ctrls_admin-1.3.0-4.3mdv2007.0.x86_64.rpm
 4b61ef08a72e13acf1c245efda94e14d  2007.0/x86_64/proftpd-mod_facl-1.3.0-4.3mdv2007.0.x86_64.rpm
 599338063d6b3358c92bc675748a5276  2007.0/x86_64/proftpd-mod_gss-1.3.0-4.3mdv2007.0.x86_64.rpm
 113e48693e6f717523f53d7bd362f167  2007.0/x86_64/proftpd-mod_ifsession-1.3.0-4.3mdv2007.0.x86_64.rpm
 0afda1fa0eb473074bbf591b87c205f5  2007.0/x86_64/proftpd-mod_ldap-1.3.0-4.3mdv2007.0.x86_64.rpm
 d5f67ae4a0057ac1574446d53a2b01c2  2007.0/x86_64/proftpd-mod_load-1.3.0-4.3mdv2007.0.x86_64.rpm
 24598aaa7594f1c3cce8104c0691fd89  2007.0/x86_64/proftpd-mod_quotatab-1.3.0-4.3mdv2007.0.x86_64.rpm
 ae6875064975d76b2f2ce5c2cee3c4cf  2007.0/x86_64/proftpd-mod_quotatab_file-1.3.0-4.3mdv2007.0.x86_64.rpm
 a383a4b78ec3e492563c9ef542c2a701  2007.0/x86_64/proftpd-mod_quotatab_ldap-1.3.0-4.3mdv2007.0.x86_64.rpm
 eccf357b396c651538df038d7c480516  2007.0/x86_64/proftpd-mod_quotatab_sql-1.3.0-4.3mdv2007.0.x86_64.rpm
 0b41852744c4493629eb1d71c8091c8a  2007.0/x86_64/proftpd-mod_radius-1.3.0-4.3mdv2007.0.x86_64.rpm
 93d8f354acd5a7e25478b9bbd3319617  2007.0/x86_64/proftpd-mod_ratio-1.3.0-4.3mdv2007.0.x86_64.rpm
 332c8e76e5a93e5011caeb3fbf9d8d7d  2007.0/x86_64/proftpd-mod_rewrite-1.3.0-4.3mdv2007.0.x86_64.rpm
 03aed52b479f6bf0affa3a697aebe47d  2007.0/x86_64/proftpd-mod_shaper-1.3.0-4.3mdv2007.0.x86_64.rpm
 4ea161e9f3821a3f90a2e19f22fdb487  2007.0/x86_64/proftpd-mod_site_misc-1.3.0-4.3mdv2007.0.x86_64.rpm
 ef8473f399c9fab49b174438e9f57f1a  2007.0/x86_64/proftpd-mod_sql-1.3.0-4.3mdv2007.0.x86_64.rpm
 e77455dd400984b833dd3bf52b6c9876  2007.0/x86_64/proftpd-mod_sql_mysql-1.3.0-4.3mdv2007.0.x86_64.rpm
 b194fe453ab8f2d900f49a8fee4d8a43  2007.0/x86_64/proftpd-mod_sql_postgres-1.3.0-4.3mdv2007.0.x86_64.rpm
 26177d8de2b31e25d54458f125a4bef6  2007.0/x86_64/proftpd-mod_time-1.3.0-4.3mdv2007.0.x86_64.rpm
 27cab8a3a4bf0162e4e4aeb8f2235c18  2007.0/x86_64/proftpd-mod_tls-1.3.0-4.3mdv2007.0.x86_64.rpm
 0eebacf7e2aacf1893e6f077a05deade  2007.0/x86_64/proftpd-mod_wrap-1.3.0-4.3mdv2007.0.x86_64.rpm
 e1c973141f23a99f1a1e5cfad06ba507  2007.0/x86_64/proftpd-mod_wrap_file-1.3.0-4.3mdv2007.0.x86_64.rpm
 ea8918c00be656f8c5c1be6e7e5c29cc  2007.0/x86_64/proftpd-mod_wrap_sql-1.3.0-4.3mdv2007.0.x86_64.rpm
 56f9c85b919e81120ef5c9f95c5fbb70  2007.0/SRPMS/proftpd-1.3.0-4.3mdv2007.0.src.rpm

 Corporate 3.0:
 05c8ada8f0f64c13e392bacea28a57c3  corporate/3.0/i586/proftpd-1.2.9-3.6.C30mdk.i586.rpm
 38d0c4fb80b8511d4fc60e29b76c2329  corporate/3.0/i586/proftpd-anonymous-1.2.9-3.6.C30mdk.i586.rpm
 fd2a42044333ba3528899e65e6028b28  corporate/3.0/SRPMS/proftpd-1.2.9-3.6.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 c76e71ec99c373b351a69b33d09e0328  corporate/3.0/x86_64/proftpd-1.2.9-3.6.C30mdk.x86_64.rpm
 6a7866fb417a3ba020caad45f7696a1d  corporate/3.0/x86_64/proftpd-anonymous-1.2.9-3.6.C30mdk.x86_64.rpm
 fd2a42044333ba3528899e65e6028b28  corporate/3.0/SRPMS/proftpd-1.2.9-3.6.C30mdk.src.rpm

 Corporate 4.0:
 3a74dd621c2836818d884faa26577379  corporate/4.0/i586/proftpd-1.2.10-20.3.20060mlcs4.i586.rpm
 75fa75338ed57f5d0aeb137ca7efe521  corporate/4.0/i586/proftpd-anonymous-1.2.10-20.3.20060mlcs4.i586.rpm
 f2f48f3379be27c86e4edc1a9cb53d53  corporate/4.0/SRPMS/proftpd-1.2.10-20.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 b2e043f4ad4b4045ae0f09074be55327  corporate/4.0/x86_64/proftpd-1.2.10-20.3.20060mlcs4.x86_64.rpm
 8524b1da761c3f24f3b0dd0d9a0139b7  corporate/4.0/x86_64/proftpd-anonymous-1.2.10-20.3.20060mlcs4.x86_64.rpm
 f2f48f3379be27c86e4edc1a9cb53d53  corporate/4.0/SRPMS/proftpd-1.2.10-20.3.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification  of md5 checksums and GPG signatures is performed
automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFbvOPmqjQ0CJFipgRAmJmAKDyLo9c1K07oSdMIIpg9FVJk8JiNwCfcBcw
E/A+IqwCWvS6eomzGIkUeMk=
=BufZ
- -----END PGP SIGNATURE-----


2.




- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:220
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : libgsf
 Date    : November 30, 2006
 Affected: 2007.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 "infamous41md" discovered a heap buffer overflow vulnerability in  libgsf, a GNOME library for reading and writing structured file
formats, which could lead to the execution of arbitrary code.

 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:
 
 http://www.debian.org/security/2006/dsa-1221
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 e2a8d38173f4d4eaf630779b212b9ecf  2007.0/i586/libgsf-1_114-1.14.1-2.1mdv2007.0.i586.rpm
 0874198afe21dd57b297614d0451416c  2007.0/i586/libgsf-1_114-devel-1.14.1-2.1mdv2007.0.i586.rpm
 5d46cfd87b088be65ac564b4208d3780  2007.0/i586/libgsf-1.14.1-2.1mdv2007.0.i586.rpm
 029b6965cd0d3c6ea198e9ac601fb972  2007.0/SRPMS/libgsf-1.14.1-2.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 003d7db8087dc2e8b1773011e6d4847a  2007.0/x86_64/lib64gsf-1_114-1.14.1-2.1mdv2007.0.x86_64.rpm
 583a7f1fdd9b0c92b2ff6d64b18b08b4  2007.0/x86_64/lib64gsf-1_114-devel-1.14.1-2.1mdv2007.0.x86_64.rpm
 1e676f26116db9f4a392d2719db228d5  2007.0/x86_64/libgsf-1.14.1-2.1mdv2007.0.x86_64.rpm
 029b6965cd0d3c6ea198e9ac601fb972  2007.0/SRPMS/libgsf-1.14.1-2.1mdv2007.0.src.rpm

 Corporate 3.0:
 c059f972836144253da330f8db5387a3  corporate/3.0/i586/libgsf-1_1-1.8.2-1.1.C30mdk.i586.rpm
 9f9fd3e74c9ec2ee6a79937d4740321c  corporate/3.0/i586/libgsf-1_1-devel-1.8.2-1.1.C30mdk.i586.rpm
 36f8c30001d414877e819c439143a696  corporate/3.0/SRPMS/libgsf-1.8.2-1.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 1a2bef3524a009d553419b159d80f781  corporate/3.0/x86_64/lib64gsf-1_1-1.8.2-1.1.C30mdk.x86_64.rpm
 f2e48664350fd62e2b12dc77abe11a46  corporate/3.0/x86_64/lib64gsf-1_1-devel-1.8.2-1.1.C30mdk.x86_64.rpm
 36f8c30001d414877e819c439143a696  corporate/3.0/SRPMS/libgsf-1.8.2-1.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification  of md5 checksums and GPG signatures is performed
automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFb2VImqjQ0CJFipgRAkAZAKC/C/ST0+jm03acd2z99w3DHkeT2wCfcTw3
bxchI1qLhQdHz6tA/yajqL8=
=Snqc
- -----END PGP SIGNATURE-----


3.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:221
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : gnupg
 Date    : November 30, 2006
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Buffer overflow in the ask_outfile_name function in openfile.c for  GnuPG (gpg) 1.4 and 2.0, when running interactively, might
allow  attackers to execute arbitrary code via messages that cause the  make_printable_string function to return a longer string
than expected  while constructing a prompt.

 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 c3ce4cd92136d7f632c14a6c80938b82  2006.0/i586/gnupg-1.4.2.2-0.4.20060mdk.i586.rpm
 bfaeaba79a74d3873b598f90e0e801e0  2006.0/i586/gnupg2-1.9.16-4.3.20060mdk.i586.rpm
 9ac3ae5eb7475c230c7a7d0937c1c381  2006.0/SRPMS/gnupg-1.4.2.2-0.4.20060mdk.src.rpm
 c5da4a8a6e5bd9ec333d73180d93d64f  2006.0/SRPMS/gnupg2-1.9.16-4.3.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 8fcc5fdb170d0b268c13f93aabe0502e  2006.0/x86_64/gnupg-1.4.2.2-0.4.20060mdk.x86_64.rpm
 b7ef342175e3eaac7fc3794159f2064e  2006.0/x86_64/gnupg2-1.9.16-4.3.20060mdk.x86_64.rpm
 9ac3ae5eb7475c230c7a7d0937c1c381  2006.0/SRPMS/gnupg-1.4.2.2-0.4.20060mdk.src.rpm
 c5da4a8a6e5bd9ec333d73180d93d64f  2006.0/SRPMS/gnupg2-1.9.16-4.3.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 d7ddd9237786b5e2d3b0fed45f1a1071  2007.0/i586/gnupg-1.4.5-1.1mdv2007.0.i586.rpm
 cc2078cc49dc6fb5f11add689684e60a  2007.0/i586/gnupg2-1.9.22-2.1mdv2007.0.i586.rpm
 a492a12d44d0491f676566959847c4e6  2007.0/SRPMS/gnupg-1.4.5-1.1mdv2007.0.src.rpm
 f1816783fde74d0233d44ae64301886c  2007.0/SRPMS/gnupg2-1.9.22-2.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 9ba224c45d13760e8100d88159818da0  2007.0/x86_64/gnupg-1.4.5-1.1mdv2007.0.x86_64.rpm
 13a6b47c7f88ffc1614e42a1276b7ac4  2007.0/x86_64/gnupg2-1.9.22-2.1mdv2007.0.x86_64.rpm
 a492a12d44d0491f676566959847c4e6  2007.0/SRPMS/gnupg-1.4.5-1.1mdv2007.0.src.rpm
 f1816783fde74d0233d44ae64301886c  2007.0/SRPMS/gnupg2-1.9.22-2.1mdv2007.0.src.rpm

 Corporate 3.0:
 92abcd2621d7f9ae84625abda55ac4d0  corporate/3.0/i586/gnupg-1.4.2.2-0.4.C30mdk.i586.rpm
 ec6725061073900f143df92a6f398f20  corporate/3.0/SRPMS/gnupg-1.4.2.2-0.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 b6d1b7f3f609295724f3fe2372ba6103  corporate/3.0/x86_64/gnupg-1.4.2.2-0.4.C30mdk.x86_64.rpm
 ec6725061073900f143df92a6f398f20  corporate/3.0/SRPMS/gnupg-1.4.2.2-0.4.C30mdk.src.rpm

 Corporate 4.0:
 7149e243684d303bd5b2bbda7ee9ffb9  corporate/4.0/i586/gnupg-1.4.2.2-0.4.20060mlcs4.i586.rpm
 c918da1cadd3c86aca8a6317cd36fc28  corporate/4.0/i586/gnupg2-1.9.16-4.3.20060mlcs4.i586.rpm
 b94a486c4644fd56ed61602b0ab7fac7  corporate/4.0/SRPMS/gnupg-1.4.2.2-0.4.20060mlcs4.src.rpm
 eb8b52a35c09081cc9f3f8e70ae67e5f  corporate/4.0/SRPMS/gnupg2-1.9.16-4.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 ad3b69e395186d56ec93a2ac21330bc3  corporate/4.0/x86_64/gnupg-1.4.2.2-0.4.20060mlcs4.x86_64.rpm
 8c7327c6d4244a7a8ead9d1f5f4f462e  corporate/4.0/x86_64/gnupg2-1.9.16-4.3.20060mlcs4.x86_64.rpm
 b94a486c4644fd56ed61602b0ab7fac7  corporate/4.0/SRPMS/gnupg-1.4.2.2-0.4.20060mlcs4.src.rpm
 eb8b52a35c09081cc9f3f8e70ae67e5f  corporate/4.0/SRPMS/gnupg2-1.9.16-4.3.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 08d7f0201cff5462b8ad7ea010e241b2  mnf/2.0/i586/gnupg-1.4.2.2-0.5.M20mdk.i586.rpm
 2c9b6c752e00c97793e7e436c89d2c5a  mnf/2.0/SRPMS/gnupg-1.4.2.2-0.5.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification  of md5 checksums and GPG signatures is performed
automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFb3PbmqjQ0CJFipgRAr2rAJ9RIKCR3c9Ub/bUZOiV2TOkLqC31ACeLyjd
ViNXuwBd2xrr6sqSzGL+2DU=
=H7Y/
- -----END PGP SIGNATURE-----



- ---------------------------------------------------------------------------------------
NISCC values your feedback.

1. Which of the following most reflects the value of the briefing to you?
   (Place an 'X' next to your choice)

	Very useful:__ Useful:__ Not useful:__ 

2. If you did not find it useful, why not?


3. Any other comments? How could we improve our briefings?


Thank you for your contribution.
- ---------------------------------------------------------------------------------------

For additional information or assistance, please contact our help desk by telephone.  
You may send Not Protectively Marked information via e-mail to uniras@xxxxxxxxxxxxx

Office hours:

Mon - Fri: 08:30 - 17:00 hours
Tel: +44 (0) 870 487 0748 and follow the voice prompts
Fax: +44 (0) 870 487 0749

On-call duty officer outside office hours:
Tel: +44 (0) 870 487 0748 and follow the voice prompts

- ---------------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Mandriva for the information contained 

in this briefing.
- ---------------------------------------------------------------------------------------

This notice contains information released by the original author. Some of the information may have changed since it was released. If
the vulnerability affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you
receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not
constitute or imply its endorsement, recommendation, or favouring by UNIRAS or NISCC. The views and opinions of authors expressed
within this notice shall not be used for advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors or omissions contained within this briefing notice. In
particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information
contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident
Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents,
and to promote information sharing amongst its members and the community at large.
- ---------------------------------------------------------------------------------------
<End of UNIRAS Briefing>



-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBRXAzW2l7oeQsXfKvEQKjEACgp5aCybefvObNQy3vya1JSDWnHncAnRvw
tdDqsaCW/NIs3iNQi8rkZcsD
=tRF9
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________