-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

                        SUSE Security Announcement

        Package:                php4,php5
        Announcement ID:        SUSE-SA:2006:067
        Date:                   Wed, 15 Nov 2006 13:00:00 +0000
        Affected Products:      Novell Linux POS 9
                                Open Enterprise Server
                                SLE SDK 10
                                SUSE LINUX 10.1
                                SUSE LINUX 10.0
                                SUSE LINUX 9.3
                                SuSE Linux Enterprise Server 8
                                SuSE Linux Openexchange Server 4
                                SUSE LINUX Retail Solution 8
                                SuSE Linux School Server
                                SuSE Linux Standard Server 8
                                SUSE SLES 10
                                SUSE SLES 9
                                UnitedLinux 1.0
        Vulnerability Type:     remote code execution
        Severity (1-10):        5
        SUSE Default Package:   no
        Cross-References:       CVE-2006-5465

    Content of This Advisory:
        1) Security Vulnerability Resolved:
             htmlentities/htmlspecialchars security problem
           Problem Description
        2) Solution or Work-Around
        3) Special Instructions and Notes
        4) Package Location and Checksums
        5) Pending Vulnerabilities, Solutions, and Work-Arounds:
            See SUSE Security Summary Report.
        6) Authenticity Verification and Additional Information

______________________________________________________________________________

1) Problem Description and Brief Discussion

   This update fixes the following security problems in the PHP scripting language:

   - CVE-2006-5465: Various buffer overflows in htmlentities /
     htmlspecialchars internal routines could be used to crash the
     PHP interpreter or potentially execute code, depending on the PHP
     application used.

2) Solution or Work-Around

   There is no known workaround, please install the update packages.

3) Special Instructions and Notes

   Please close and restart all running instances of Apache after the update.

4) Package Location and Checksums

   The preferred method for installing security updates is to use the YaST
   Online Update (YOU) tool. YOU detects which updates are required and
   automatically performs the necessary steps to verify and install them.
   Alternatively, download the update packages for your distribution manually
   and verify their integrity by the methods listed in Section 6 of this
   announcement. Then install the packages using the command

     rpm -Fhv 

   to apply the update, replacing  with the filename of the
   downloaded RPM package.


   x86 Platform:

   SUSE LINUX 10.1:
             e57faa80b680e8b814b453c00d6056e0
             0d3e0e486207b46738fef33974ea756f
             a5dd93bdd188f701d177f332c0a55500
             9e93b00f0216801359a1ed324a65d0fd
             aa15b807cd189e88b7f30a7cd9c744db
             ba6c9a988609fcce31c3afc4ba9c9e60
             5bad8ee3d16b064fc5efd84dd64b0838
             d8010101b12dee6e55d5b14f9c463940
             603ad80865068613d5c00aa75c105795
             7693420c2bb38649715f4ebf13b750a0
             897159ca99eab83235d1398010655fdf
             50b9393db3bb04d196b5da76f27527b3
             84fa47af4e3b15b2467f63c57b6bcfe6
             95ed616dbd9e7540ad1744434907960c
             68994bcb46af786aca3fd888bc815722
             b61972de0f3213f3037ce37a5b897be7
             aae68afa2af2d0d4fcce18daf0639df7
             41e2c224dd1ac7b6f66a7e745931b000
             02364d8f8a53b0a54bb7042f4ab67970
             dc869ef20138b5b02a305f7c18213652
             aab3d499075097d4b6833a62180a8d1d
             9677f236aca423ff36bf5b00863abb47
             be37a78bcd35b9eedc708dd110bd99bf

   SUSE LINUX 10.0:
             3897b132d043814a1c8e43f6139fee76
             543c37978b77cfd044b71737962fcd2c
             4c7df6649be25c769fc9d2da2b581c84
             1d7ac601f57464c640185e485fd37d5f
             99dcbc288737fd7c4e42c2021f7b73f1
             81c7d67483b221902ab2d503f3818bae
             b14e808651633396dc7e49867e904b88
             0ea0c71655f4a820c04b67aa76dcc86f
             c73c1d12eccdf9a7f297d7db09bbc715
             67e12d875134f977a2a58b1432b66a21
             e6bd99bf67bcaf237ff9c97b99a41e09
             0699887baee8cd9b1ec6cffb4b26f242
             6b803ad945a8198d61dafbac651d648a
             5dfe0505a4d5f18e1263e04398847336
             357376a0ab799df8099c01c0413c7676
             cdbbb45a419cf429fbfcdbbd38c199bf
             7d8a61934f86b61cc616d0050d1ec229
             b44753f46245e6a07d4862a35c9e84c4
             692f6171237488467b6a02ebf1b8d580
             bc9920e010e991e33dea51a006a850d0
             316275142505124fd5a2efe5b6520448
             4e198a40b6cfcd2ddffa1c323c7accc5
             7d6aa289c517c4b079242141b27e6fa3
             44f7cf2fbb12dd41c984b4acd762363e
             019dc26777503bdc6a26afb9c6b7787f
             982f745d157a6d836cdb3367ce74bad0
             66e5aa36f470cd62364593e9b0e13cb0
             41f1187c34074c970df8c91e42dbcb00
             884911ef2a69326b85ee5708c5acced5
             d5a05f13e1f07c5d831d46a9b012addd
             62ef54bf00690560663f83e7b6a1c9b5
             6805d9a45fa2c786871c9400da85fa8f
             120e893030fd3e12254a71bdbbc68270
             4bc2252ca0c8028fbd7a9c56f141866e
             ede8c82fcf65472a2a210d47ac6d72ef

   SUSE LINUX 9.3:
             bb37ace522b4b247390a7d2fd343fc2a
             9f0444505823bab0e457b2eee503866b
             17c64ffd909692f981df6333cbbb955d
             eaa0781c6629df13434fc4e6029a5ec9
             fd7815b14025ede01b0827fa4115a39b
             1732cfe246bda05fc0f23878550f36e0
             55ce1169fa5c9708e5b95e37e2523817
             ee9d8d6b2a4686b4dcec90de9a16d3f4
             c87cc42a8fd2b5d3196efeb23ce0aa7b
             dccf0660b072c7e5cb05b5c3cbbc46df
             eb2f95bed73b5331ce0580a9ffff83ee
             c2f18db717d1b8d6b00959d7016fd794
             94182fd233a1679ce6041a2b345df264
             188028fdd1b848bd4ae78e599a29ea0b
             49b9f294d486ef7b484162f498544648
             3821484ea933a0b219e3355ec5f27267
             66629a2e3f6a7169d78f02bf80ca768a
             8002c9d4569a7912e1fe99acb9a1a9fd
             003e4c98e666d8630a4833e82f54c094
             819e085ff04cd8dfd68bf48bd634ac80
             6e7fad4cf64d3af432c17cffb4afe53f
             e195afa01a59ea612d4c351d623c6f07
             644f800c519219ac22a5fd891c28e9f3
             ad73d2a39e03d592b40faf62b83bae5a
             64133e5d6bb271fae04157a971ba5e7e
             8ced63cb7f9515df21f6d75603c88a20
             1b0dc063ee1ab5498eee7fa24ffd2333
             5d9f4b27cc1acc61c6e2458bf5e855db
             64aec2679c4e6f2d92d8ef83c9297afc
             96caffd7d8065013cba3757a600a013d
             f98a7b2347844a10ec579adcaac6cffb
             066a093ad825d0f21c57db9af739828e
             d7c45643721143767c27e78978b5c009
             281b03ecdaee24d10a66e17c321d1d7e
             956125aff1b6235de761216f8b0ac3f2
             2c8eadd0a14e89d36092a4dac12637b0
             f59ebf805fcdb12197332adbf6170428
             597e0ada90ad127e2e93fb2bd2dd86e7
             5782f46660584961b864d82504169f1f

   Power PC Platform:

   SUSE LINUX 10.1:
             5c3a7490baf29e40af9fe2c971805d02
             a880773b9488ef82c8bb82a0f8d64c2c
             89619e16cdf1a2b2dbf9244e80c3cf7c
             63ccc700c51c27917f807bea38cff534
             c1a5dbaf241fbec03da3c1ef9d349a34
             61e718029e2a12d78c197f7e728fc152
             77600cb98af2227a88e6e7ce700e142e
             9f791a6cb12aaffcd0bd4a24fa6c8511
             5420eeb95db2c6ffbf711edefcb86f52
             20236329aea2add5d1cf4763ababec36
             ee6af188441aef34e0c8bbe45b50da49
             8bcecc900683d37aeb634e3b1a1010fd
             9d638ddce967a3eb68a9463172d06997
             343457755b73a1bcc99fa6e88e29e9f3
             554cb0e394d142db3d62344cdd1c3c90
             7194677f6fa9278d0a41a2b984128f27
             38199b3a107c8e6bafd6d8a98328d6ca
             3b875741eaf749e5b7de88191dea32d7
             286c52d8e775f6ff53126f2f8d6fa374
             ba171044ac3d74b24bfbc8cb44cd1ae1
             25397498ac1e37d5ebbe4637b045e815
             81939a0dddc8231c770209c31c93da1b
             e4644d303ab5b33091491e04b9dfe733

   SUSE LINUX 10.0:
             d404506a09bd562e1f7b87f6f221ab1a
             f6739e7e780cbf3ce4aad072c25b6dfd
             0a52fbe377b254093666edcee6301ecf
             efab9fd837dc2a9e5dede5896f8b2b5e
             7cc6c67091b82390e32f3abc6ff7f476
             06e05a03648245f56140aca7a77434f7
             8188b67aef4d2e09a6a3179bac6fa39f
             daa6610ac8740e46f932451f15460215
             258a9ea50a76c6f80e247c2fe7a191c7
             cdd1e67afc23c92e182c8238acc7acbb
             9d9a03a033d30aab7645c6ca7bf91fdc
             6f25188aec42f75e5b7c6ea7db1d9624
             ea11aa7202c1b2917baf25763c8c536d
             f8e8c682fc2cee7f43f2041f3fe2171d
             ab488088003f0f10767ccbeae3863f10
             94c108542cbba53077083fad6ed6e229
             0c5ed8bd0070c5adfdd99d326ee0317d
             78726d6e058fa0a13e6a819f5d5e778f
             580a53f563a25992dfa347b97a6b013f
             1bd5e9f4f120243fb774beae7145888f
             f6d4e0bcd096c9d9f4d70d50f45e7030
             8492aec117ee3148fbe1c3eaded1a467
             0477685cc29f90ae22ab5874d9271949
             7852ec943ea7701b7a02885707c71690
             f900227644985f54a7599d86cf1e58ff
             7a1a0479746fe9e2b912fda755548265
             209858e52b723b928445be3f7d399c82
             a4485ab476f08cc68b896e9946d9a7ae
             64d70ed3ed35940336e2c77199fa2aa1
             01e27cc86e2b3565788e573bf8aec191
             c0acf6c7b3d917ec14d5b6af6794edb6
             692dee19cd40eafdc3b349c8afad2997
             e42dbdb0ab48b392e03014ddaf04fd40
             e40ba04a3c5c597926ac379ff318dfbb

   x86-64 Platform:

   SUSE LINUX 10.1:
             2d8a739b4cecd9882d0eb082b6a69348
             7b1e56bff005296875899b9147fad095
             9dc6cb876887bdb8127e153d0d555dcd
             a4a5903adf9454a9029a2ea35a8dc79b
             1adc8547eac04fe1672c0290291683fb
             fd5aca9e425470708b2af5fa5b6a990e
             f0b2064b6e8bf9643dbac2a2ee9b071b
             997a8e793509037bf280e45c4fd9ae13
             479d255df50e028189f9479970e3e0bf
             2144c76e88b3edab24bd13331f6c311b
             8f94ad01f7adbf6afe7aea6cd187d412
             e103468c9c41cfe6c47998b8eb3f8814
             f0b15d3f0452d04172e061a70654252f
             1bf1cecddbfe202bfff5bd8065395f7b
             77c78f652f8f06d2f548a23a614e3bc8
             0124292c4136557838f59e340e3af27d
             1d9bf118798dc9a0e17e06d92c67e22f
             ae7e99e94409a4f9ef5b7d670ba1cc43
             7272c2eac3a3a9085fba56b12e433847
             6f9d55833b21afd381662d6ebfb2f65d
             3d163f1c82ed1f014ce5a3242abaee5a
             78a7da3d4ac63cbef4233e937cfc1f11
             47a63db62d0bd26e4ad2454a27766540

   SUSE LINUX 10.0:
             0ab300b70b02d407460212633859d3e0
             638ac9911ab2353d1644f3ea3f58c5dc
             b3189fd4e0c577a4caf26ef3d88f3e2d
             ceb7c679a3ff01072317cf7389e87e86
             52cf201fc735a69ec7330a1cc90f4234
             4c58e2303b7d497e103ad9d32f33c595
             9cf2ea8f7d1e57d4ac0db96ecaae389b
             8277d4cab2a14efdec945e6ce52e95bf
             cd9b4bf7369542894d50b60acd872d05
             b2dc740f8957d92bf8cf9896fdd879e6
             8f6b9a6f62ff68ac7f41330d6944c761
             2b7677cae8889cd37877b4f1bc0b8844
             428972817272275762d79b98aeeb1df1
             6edf5413bd4bc80114ae74fed3ac1c3c
             76c9ef628b3b0776436acb83481f4bf1
             3615d54dcf93c1ef8c3774f06d68c8e5
             8e3a1441c72d898e3de57ebb84af2e54
             cafd4690d9c5cab791740efc477e0e23
             4d6ded62957dccd7866312cdb0bd9733
             936d8f4587a9a5cde6b320fa93801d71
             6d583a65c2583dbbd331b8e6cb00219b
             b0df688b3532deed5a09feb59f8ba835
             e8f4d15ee2799b03e90f8ef0d914b064
             1913a4296358c2e592d0dea24c8e9aa7
             a608e0006a05576bfc45c9eab6a741d4
             cd65092005de210d3fe88bcfdd3df2a7
             9443711bec8934b98f02be8b9812c050
             b547531405f519c8b502719769897fe5
             4d3ae6e0dca36aa033034c89154aa95c
             977b2b53902f03178fa0425974f3a44c
             3fdc56c1aaabc314442d7bfdc357d296
             4a39f64d161ce79cc6b43fc9b824b873
             a4e422e868287e01cdcd73e05d312dc8
             6064cf384345100b2003b5d1642fa7ec
             3abaeee3b57b267de2d1f9465039a2db
             66ea3018704c30fe88fb2d8f98dc2032

   SUSE LINUX 9.3:
             87467db93691b6ba7a35c5b1813f4cb0
             0de39de077ae0df7c42c0713c8fcdda0
             a42f7164b0e676c9c04bab00f376c8f7
             071099f308973b93bdf5bf0684fadf03
             dd1090efe44a5c39a4d37e84619991d7
             0b7a436030ba91f390db2d5fda87948f
             a7362d9e9861b0440e69ac728e04dfcb
             a9fe3ff55c9ce5181ce11ca4d69fcafe
             2c1137b4793f0deb54e1d48974b8049d
             9fb2a974b61581fc337c73423f761fa5
             87f0c2940065d61b55abdaf08284d8e3
             a0226dcc68681b3b2aef4a499c06e6e5
             5d57c4bf164fdaba6e4eae308b07e716
             1ff1450d5917aa89c9531829dbdbd64b
             6e4bd961bd52ffc1c9aca58be9be3780
             e27199d83837d59b76cfb1305f466230
             5e9445198d0d7bb43e23f7d889c46268
             7be9597720a390d414481d9630b97176
             218a4f1a61f5073c0af5b7225f70762d
             a103af05a4941936d575c0429fb76798
             a8919a941dc32a3743c798b4bb00fbd3
             65bde3ea9e0435178aed6f2c3eb6cc8e
             6fb7f1331283ca7c3bc37ec5058afea2
             94404361d39de30930136e637184a05a
             344fcd4f499331d06c4692a82232d276
             9f7f87e14866a9bcf3f13c49c6a173f9
             ab1b7ae7aebae896f2dd211d1763dfc1
             f5cd1145b6252cb467e8a50c1c27520d
             ae8ba21ba946c489b6d74a96b4c09d93
             48b02728261eb7c44a55eb07717f2fd2
             32b81d5e55aa4bcdaf08a3103ca1a5cc
             0dafcda7b4dc9a69a31a6d91face802d
             92f545d335d7eb0527c8c9cb10827d27
             056280dea69e55cf858bc153646e3ee4
             4998c6ff01a4c81e6fd34825adf9c6b4
             ae481915b9f32f134f33e00bd37c9c36
             92026592609fa5e801346f0c68c794ab
             ca96913fbe26855107b6627b643ec9b2
             1de32e83cf551fe35fe58a0d9ff89437
             5a1150fe6f80c6246194184e025187bf

   Sources:

   SUSE LINUX 10.1:
             955dd593b249671b49c0468a801fc40f

   SUSE LINUX 10.0:
             5f61fde7f4967668ebc09c5420c2121d
             f5aad91ffaaba5cbaa43f0e321b2ef1f

   SUSE LINUX 9.3:
             3e00697cb7dfff72f03eb4e36ff4308c
             fbfd0640c942ea0fcaf623cd48d03dfa

   Our maintenance customers are notified individually. The packages are
   offered for installation from the maintenance web:

   SUSE SLES 10
     http://support.novell.com/techcenter/psdb/95aa269a50d6438793d154b7db556119.html
     http://support.novell.com/techcenter/psdb/95aa269a50d6438793d154b7db556119.html

   Open Enterprise Server
   Novell Linux POS 9
   SUSE SLES 9
     http://support.novell.com/techcenter/psdb/2a0a69ad2fa154c13d238e3177db3736.html

   UnitedLinux 1.0
   SuSE Linux Openexchange Server 4
   SuSE Linux Enterprise Server 8
   SuSE Linux Standard Server 8
   SuSE Linux School Server
   SUSE LINUX Retail Solution 8
     http://support.novell.com/techcenter/psdb/7ff98a5ba0483fdee45151d8d34c3d7b.html

______________________________________________________________________________

5) Pending Vulnerabilities, Solutions, and Work-Arounds:

   See SUSE Security Summary Report.
______________________________________________________________________________

6) Authenticity Verification and Additional Information

  - Announcement authenticity verification:

    SUSE security announcements are published via mailing lists and on Web
    sites. The authenticity and integrity of a SUSE security announcement is
    guaranteed by a cryptographic signature in each announcement. All SUSE
    security announcements are published with a valid signature.

    To verify the signature of the announcement, save it as text into a file
    and run the command

      gpg --verify 

    replacing  with the name of the file where you saved the
    announcement. The output for a valid signature looks like:

      gpg: Signature made  using RSA key ID 3D25D3D9
      gpg: Good signature from "SuSE Security Team "

    where  is replaced by the date the document was signed.

    If the security team's key is not contained in your key ring, you can
    import it from the first installation CD. To import the key, use the
    command

      gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc

  - Package authenticity verification:

    SUSE update packages are available on many mirror FTP servers all over the
    world. While this service is considered valuable and important to the free
    and open source software community, the authenticity and the integrity of
    a package needs to be verified to ensure that it has not been tampered
    with.

    There are two verification methods that can be used independently from
    each other to prove the authenticity of a downloaded file or RPM package:

    1) Using the internal gpg signatures of the rpm package
    2) MD5 checksums as provided in this announcement

    1) The internal rpm package signatures provide an easy way to verify the
       authenticity of an RPM package. Use the command

        rpm -v --checksig 

       to verify the signature of the package, replacing  with the
       filename of the RPM package downloaded. The package is unmodified if it
       contains a valid signature from build@suse.de with the key ID 9C800ACA.

       This key is automatically imported into the RPM database (on
       RPMv4-based distributions) and the gpg key ring of 'root' during
       installation. You can also find it on the first installation CD and at
       the end of this announcement.

    2) If you need an alternative means of verification, use the md5sum
       command to verify the authenticity of the packages. Execute the command

         md5sum 

       after you downloaded the file from a SUSE FTP server or its mirrors.
       Then compare the resulting md5sum with the one that is listed in the
       SUSE security announcement. Because the announcement containing the
       checksums is cryptographically signed (by security@suse.de), the
       checksums show proof of the authenticity of the package if the
       signature of the announcement is valid. Note that the md5 sums
       published in the SUSE Security Announcements are valid for the
       respective packages only. Newer versions of these packages cannot be
       verified.

  - SUSE runs two security mailing lists to which any interested party may
    subscribe:

    suse-security@suse.com
        -   General Linux and SUSE security discussion.
            All SUSE security announcements are sent to this list.
            To subscribe, send an e-mail to
                .

    suse-security-announce@suse.com
        -   SUSE's announce-only mailing list.
            Only SUSE's security announcements are sent to this list.
            To subscribe, send an e-mail to
                .

    For general information or the frequently asked questions (FAQ),
    send mail to  or
    .

    ====================================================================    SUSE's security contact is  or .
    The  public key is listed below.
    ====================================================================

SuSE: 2006-067: php4,php5 Security Update

November 15, 2006
This update fixes the following security problems in the PHP scripting language: This update fixes the following security problems in the PHP scripting language: - CVE-2006-5465: ...

Summary


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

                        SUSE Security Announcement

        Package:                php4,php5
        Announcement ID:        SUSE-SA:2006:067
        Date:                   Wed, 15 Nov 2006 13:00:00 +0000
        Affected Products:      Novell Linux POS 9
                                Open Enterprise Server
                                SLE SDK 10
                                SUSE LINUX 10.1
                                SUSE LINUX 10.0
                                SUSE LINUX 9.3
                                SuSE Linux Enterprise Server 8
                                SuSE Linux Openexchange Server 4
                                SUSE LINUX Retail Solution 8
                                SuSE Linux School Server
                                SuSE Linux Standard Server 8
                                SUSE SLES 10
                                SUSE SLES 9
                                UnitedLinux 1.0
        Vulnerability Type:     remote code execution
        Severity (1-10):        5
        SUSE Default Package:   no
        Cross-References:       CVE-2006-5465

    Content of This Advisory:
        1) Security Vulnerability Resolved:
             htmlentities/htmlspecialchars security problem
           Problem Description
        2) Solution or Work-Around
        3) Special Instructions and Notes
        4) Package Location and Checksums
        5) Pending Vulnerabilities, Solutions, and Work-Arounds:
            See SUSE Security Summary Report.
        6) Authenticity Verification and Additional Information

______________________________________________________________________________

1) Problem Description and Brief Discussion

   This update fixes the following security problems in the PHP scripting language:

   - CVE-2006-5465: Various buffer overflows in htmlentities /
     htmlspecialchars internal routines could be used to crash the
     PHP interpreter or potentially execute code, depending on the PHP
     application used.

2) Solution or Work-Around

   There is no known workaround, please install the update packages.

3) Special Instructions and Notes

   Please close and restart all running instances of Apache after the update.

4) Package Location and Checksums

   The preferred method for installing security updates is to use the YaST
   Online Update (YOU) tool. YOU detects which updates are required and
   automatically performs the necessary steps to verify and install them.
   Alternatively, download the update packages for your distribution manually
   and verify their integrity by the methods listed in Section 6 of this
   announcement. Then install the packages using the command

     rpm -Fhv 

   to apply the update, replacing  with the filename of the
   downloaded RPM package.


   x86 Platform:

   SUSE LINUX 10.1:
             e57faa80b680e8b814b453c00d6056e0
             0d3e0e486207b46738fef33974ea756f
             a5dd93bdd188f701d177f332c0a55500
             9e93b00f0216801359a1ed324a65d0fd
             aa15b807cd189e88b7f30a7cd9c744db
             ba6c9a988609fcce31c3afc4ba9c9e60
             5bad8ee3d16b064fc5efd84dd64b0838
             d8010101b12dee6e55d5b14f9c463940
             603ad80865068613d5c00aa75c105795
             7693420c2bb38649715f4ebf13b750a0
             897159ca99eab83235d1398010655fdf
             50b9393db3bb04d196b5da76f27527b3
             84fa47af4e3b15b2467f63c57b6bcfe6
             95ed616dbd9e7540ad1744434907960c
             68994bcb46af786aca3fd888bc815722
             b61972de0f3213f3037ce37a5b897be7
             aae68afa2af2d0d4fcce18daf0639df7
             41e2c224dd1ac7b6f66a7e745931b000
             02364d8f8a53b0a54bb7042f4ab67970
             dc869ef20138b5b02a305f7c18213652
             aab3d499075097d4b6833a62180a8d1d
             9677f236aca423ff36bf5b00863abb47
             be37a78bcd35b9eedc708dd110bd99bf

   SUSE LINUX 10.0:
             3897b132d043814a1c8e43f6139fee76
             543c37978b77cfd044b71737962fcd2c
             4c7df6649be25c769fc9d2da2b581c84
             1d7ac601f57464c640185e485fd37d5f
             99dcbc288737fd7c4e42c2021f7b73f1
             81c7d67483b221902ab2d503f3818bae
             b14e808651633396dc7e49867e904b88
             0ea0c71655f4a820c04b67aa76dcc86f
             c73c1d12eccdf9a7f297d7db09bbc715
             67e12d875134f977a2a58b1432b66a21
             e6bd99bf67bcaf237ff9c97b99a41e09
             0699887baee8cd9b1ec6cffb4b26f242
             6b803ad945a8198d61dafbac651d648a
             5dfe0505a4d5f18e1263e04398847336
             357376a0ab799df8099c01c0413c7676
             cdbbb45a419cf429fbfcdbbd38c199bf
             7d8a61934f86b61cc616d0050d1ec229
             b44753f46245e6a07d4862a35c9e84c4
             692f6171237488467b6a02ebf1b8d580
             bc9920e010e991e33dea51a006a850d0
             316275142505124fd5a2efe5b6520448
             4e198a40b6cfcd2ddffa1c323c7accc5
             7d6aa289c517c4b079242141b27e6fa3
             44f7cf2fbb12dd41c984b4acd762363e
             019dc26777503bdc6a26afb9c6b7787f
             982f745d157a6d836cdb3367ce74bad0
             66e5aa36f470cd62364593e9b0e13cb0
             41f1187c34074c970df8c91e42dbcb00
             884911ef2a69326b85ee5708c5acced5
             d5a05f13e1f07c5d831d46a9b012addd
             62ef54bf00690560663f83e7b6a1c9b5
             6805d9a45fa2c786871c9400da85fa8f
             120e893030fd3e12254a71bdbbc68270
             4bc2252ca0c8028fbd7a9c56f141866e
             ede8c82fcf65472a2a210d47ac6d72ef

   SUSE LINUX 9.3:
             bb37ace522b4b247390a7d2fd343fc2a
             9f0444505823bab0e457b2eee503866b
             17c64ffd909692f981df6333cbbb955d
             eaa0781c6629df13434fc4e6029a5ec9
             fd7815b14025ede01b0827fa4115a39b
             1732cfe246bda05fc0f23878550f36e0
             55ce1169fa5c9708e5b95e37e2523817
             ee9d8d6b2a4686b4dcec90de9a16d3f4
             c87cc42a8fd2b5d3196efeb23ce0aa7b
             dccf0660b072c7e5cb05b5c3cbbc46df
             eb2f95bed73b5331ce0580a9ffff83ee
             c2f18db717d1b8d6b00959d7016fd794
             94182fd233a1679ce6041a2b345df264
             188028fdd1b848bd4ae78e599a29ea0b
             49b9f294d486ef7b484162f498544648
             3821484ea933a0b219e3355ec5f27267
             66629a2e3f6a7169d78f02bf80ca768a
             8002c9d4569a7912e1fe99acb9a1a9fd
             003e4c98e666d8630a4833e82f54c094
             819e085ff04cd8dfd68bf48bd634ac80
             6e7fad4cf64d3af432c17cffb4afe53f
             e195afa01a59ea612d4c351d623c6f07
             644f800c519219ac22a5fd891c28e9f3
             ad73d2a39e03d592b40faf62b83bae5a
             64133e5d6bb271fae04157a971ba5e7e
             8ced63cb7f9515df21f6d75603c88a20
             1b0dc063ee1ab5498eee7fa24ffd2333
             5d9f4b27cc1acc61c6e2458bf5e855db
             64aec2679c4e6f2d92d8ef83c9297afc
             96caffd7d8065013cba3757a600a013d
             f98a7b2347844a10ec579adcaac6cffb
             066a093ad825d0f21c57db9af739828e
             d7c45643721143767c27e78978b5c009
             281b03ecdaee24d10a66e17c321d1d7e
             956125aff1b6235de761216f8b0ac3f2
             2c8eadd0a14e89d36092a4dac12637b0
             f59ebf805fcdb12197332adbf6170428
             597e0ada90ad127e2e93fb2bd2dd86e7
             5782f46660584961b864d82504169f1f

   Power PC Platform:

   SUSE LINUX 10.1:
             5c3a7490baf29e40af9fe2c971805d02
             a880773b9488ef82c8bb82a0f8d64c2c
             89619e16cdf1a2b2dbf9244e80c3cf7c
             63ccc700c51c27917f807bea38cff534
             c1a5dbaf241fbec03da3c1ef9d349a34
             61e718029e2a12d78c197f7e728fc152
             77600cb98af2227a88e6e7ce700e142e
             9f791a6cb12aaffcd0bd4a24fa6c8511
             5420eeb95db2c6ffbf711edefcb86f52
             20236329aea2add5d1cf4763ababec36
             ee6af188441aef34e0c8bbe45b50da49
             8bcecc900683d37aeb634e3b1a1010fd
             9d638ddce967a3eb68a9463172d06997
             343457755b73a1bcc99fa6e88e29e9f3
             554cb0e394d142db3d62344cdd1c3c90
             7194677f6fa9278d0a41a2b984128f27
             38199b3a107c8e6bafd6d8a98328d6ca
             3b875741eaf749e5b7de88191dea32d7
             286c52d8e775f6ff53126f2f8d6fa374
             ba171044ac3d74b24bfbc8cb44cd1ae1
             25397498ac1e37d5ebbe4637b045e815
             81939a0dddc8231c770209c31c93da1b
             e4644d303ab5b33091491e04b9dfe733

   SUSE LINUX 10.0:
             d404506a09bd562e1f7b87f6f221ab1a
             f6739e7e780cbf3ce4aad072c25b6dfd
             0a52fbe377b254093666edcee6301ecf
             efab9fd837dc2a9e5dede5896f8b2b5e
             7cc6c67091b82390e32f3abc6ff7f476
             06e05a03648245f56140aca7a77434f7
             8188b67aef4d2e09a6a3179bac6fa39f
             daa6610ac8740e46f932451f15460215
             258a9ea50a76c6f80e247c2fe7a191c7
             cdd1e67afc23c92e182c8238acc7acbb
             9d9a03a033d30aab7645c6ca7bf91fdc
             6f25188aec42f75e5b7c6ea7db1d9624
             ea11aa7202c1b2917baf25763c8c536d
             f8e8c682fc2cee7f43f2041f3fe2171d
             ab488088003f0f10767ccbeae3863f10
             94c108542cbba53077083fad6ed6e229
             0c5ed8bd0070c5adfdd99d326ee0317d
             78726d6e058fa0a13e6a819f5d5e778f
             580a53f563a25992dfa347b97a6b013f
             1bd5e9f4f120243fb774beae7145888f
             f6d4e0bcd096c9d9f4d70d50f45e7030
             8492aec117ee3148fbe1c3eaded1a467
             0477685cc29f90ae22ab5874d9271949
             7852ec943ea7701b7a02885707c71690
             f900227644985f54a7599d86cf1e58ff
             7a1a0479746fe9e2b912fda755548265
             209858e52b723b928445be3f7d399c82
             a4485ab476f08cc68b896e9946d9a7ae
             64d70ed3ed35940336e2c77199fa2aa1
             01e27cc86e2b3565788e573bf8aec191
             c0acf6c7b3d917ec14d5b6af6794edb6
             692dee19cd40eafdc3b349c8afad2997
             e42dbdb0ab48b392e03014ddaf04fd40
             e40ba04a3c5c597926ac379ff318dfbb

   x86-64 Platform:

   SUSE LINUX 10.1:
             2d8a739b4cecd9882d0eb082b6a69348
             7b1e56bff005296875899b9147fad095
             9dc6cb876887bdb8127e153d0d555dcd
             a4a5903adf9454a9029a2ea35a8dc79b
             1adc8547eac04fe1672c0290291683fb
             fd5aca9e425470708b2af5fa5b6a990e
             f0b2064b6e8bf9643dbac2a2ee9b071b
             997a8e793509037bf280e45c4fd9ae13
             479d255df50e028189f9479970e3e0bf
             2144c76e88b3edab24bd13331f6c311b
             8f94ad01f7adbf6afe7aea6cd187d412
             e103468c9c41cfe6c47998b8eb3f8814
             f0b15d3f0452d04172e061a70654252f
             1bf1cecddbfe202bfff5bd8065395f7b
             77c78f652f8f06d2f548a23a614e3bc8
             0124292c4136557838f59e340e3af27d
             1d9bf118798dc9a0e17e06d92c67e22f
             ae7e99e94409a4f9ef5b7d670ba1cc43
             7272c2eac3a3a9085fba56b12e433847
             6f9d55833b21afd381662d6ebfb2f65d
             3d163f1c82ed1f014ce5a3242abaee5a
             78a7da3d4ac63cbef4233e937cfc1f11
             47a63db62d0bd26e4ad2454a27766540

   SUSE LINUX 10.0:
             0ab300b70b02d407460212633859d3e0
             638ac9911ab2353d1644f3ea3f58c5dc
             b3189fd4e0c577a4caf26ef3d88f3e2d
             ceb7c679a3ff01072317cf7389e87e86
             52cf201fc735a69ec7330a1cc90f4234
             4c58e2303b7d497e103ad9d32f33c595
             9cf2ea8f7d1e57d4ac0db96ecaae389b
             8277d4cab2a14efdec945e6ce52e95bf
             cd9b4bf7369542894d50b60acd872d05
             b2dc740f8957d92bf8cf9896fdd879e6
             8f6b9a6f62ff68ac7f41330d6944c761
             2b7677cae8889cd37877b4f1bc0b8844
             428972817272275762d79b98aeeb1df1
             6edf5413bd4bc80114ae74fed3ac1c3c
             76c9ef628b3b0776436acb83481f4bf1
             3615d54dcf93c1ef8c3774f06d68c8e5
             8e3a1441c72d898e3de57ebb84af2e54
             cafd4690d9c5cab791740efc477e0e23
             4d6ded62957dccd7866312cdb0bd9733
             936d8f4587a9a5cde6b320fa93801d71
             6d583a65c2583dbbd331b8e6cb00219b
             b0df688b3532deed5a09feb59f8ba835
             e8f4d15ee2799b03e90f8ef0d914b064
             1913a4296358c2e592d0dea24c8e9aa7
             a608e0006a05576bfc45c9eab6a741d4
             cd65092005de210d3fe88bcfdd3df2a7
             9443711bec8934b98f02be8b9812c050
             b547531405f519c8b502719769897fe5
             4d3ae6e0dca36aa033034c89154aa95c
             977b2b53902f03178fa0425974f3a44c
             3fdc56c1aaabc314442d7bfdc357d296
             4a39f64d161ce79cc6b43fc9b824b873
             a4e422e868287e01cdcd73e05d312dc8
             6064cf384345100b2003b5d1642fa7ec
             3abaeee3b57b267de2d1f9465039a2db
             66ea3018704c30fe88fb2d8f98dc2032

   SUSE LINUX 9.3:
             87467db93691b6ba7a35c5b1813f4cb0
             0de39de077ae0df7c42c0713c8fcdda0
             a42f7164b0e676c9c04bab00f376c8f7
             071099f308973b93bdf5bf0684fadf03
             dd1090efe44a5c39a4d37e84619991d7
             0b7a436030ba91f390db2d5fda87948f
             a7362d9e9861b0440e69ac728e04dfcb
             a9fe3ff55c9ce5181ce11ca4d69fcafe
             2c1137b4793f0deb54e1d48974b8049d
             9fb2a974b61581fc337c73423f761fa5
             87f0c2940065d61b55abdaf08284d8e3
             a0226dcc68681b3b2aef4a499c06e6e5
             5d57c4bf164fdaba6e4eae308b07e716
             1ff1450d5917aa89c9531829dbdbd64b
             6e4bd961bd52ffc1c9aca58be9be3780
             e27199d83837d59b76cfb1305f466230
             5e9445198d0d7bb43e23f7d889c46268
             7be9597720a390d414481d9630b97176
             218a4f1a61f5073c0af5b7225f70762d
             a103af05a4941936d575c0429fb76798
             a8919a941dc32a3743c798b4bb00fbd3
             65bde3ea9e0435178aed6f2c3eb6cc8e
             6fb7f1331283ca7c3bc37ec5058afea2
             94404361d39de30930136e637184a05a
             344fcd4f499331d06c4692a82232d276
             9f7f87e14866a9bcf3f13c49c6a173f9
             ab1b7ae7aebae896f2dd211d1763dfc1
             f5cd1145b6252cb467e8a50c1c27520d
             ae8ba21ba946c489b6d74a96b4c09d93
             48b02728261eb7c44a55eb07717f2fd2
             32b81d5e55aa4bcdaf08a3103ca1a5cc
             0dafcda7b4dc9a69a31a6d91face802d
             92f545d335d7eb0527c8c9cb10827d27
             056280dea69e55cf858bc153646e3ee4
             4998c6ff01a4c81e6fd34825adf9c6b4
             ae481915b9f32f134f33e00bd37c9c36
             92026592609fa5e801346f0c68c794ab
             ca96913fbe26855107b6627b643ec9b2
             1de32e83cf551fe35fe58a0d9ff89437
             5a1150fe6f80c6246194184e025187bf

   Sources:

   SUSE LINUX 10.1:
             955dd593b249671b49c0468a801fc40f

   SUSE LINUX 10.0:
             5f61fde7f4967668ebc09c5420c2121d
             f5aad91ffaaba5cbaa43f0e321b2ef1f

   SUSE LINUX 9.3:
             3e00697cb7dfff72f03eb4e36ff4308c
             fbfd0640c942ea0fcaf623cd48d03dfa

   Our maintenance customers are notified individually. The packages are
   offered for installation from the maintenance web:

   SUSE SLES 10
     http://support.novell.com/techcenter/psdb/95aa269a50d6438793d154b7db556119.html
     http://support.novell.com/techcenter/psdb/95aa269a50d6438793d154b7db556119.html

   Open Enterprise Server
   Novell Linux POS 9
   SUSE SLES 9
     http://support.novell.com/techcenter/psdb/2a0a69ad2fa154c13d238e3177db3736.html

   UnitedLinux 1.0
   SuSE Linux Openexchange Server 4
   SuSE Linux Enterprise Server 8
   SuSE Linux Standard Server 8
   SuSE Linux School Server
   SUSE LINUX Retail Solution 8
     http://support.novell.com/techcenter/psdb/7ff98a5ba0483fdee45151d8d34c3d7b.html

______________________________________________________________________________

5) Pending Vulnerabilities, Solutions, and Work-Arounds:

   See SUSE Security Summary Report.
______________________________________________________________________________

6) Authenticity Verification and Additional Information

  - Announcement authenticity verification:

    SUSE security announcements are published via mailing lists and on Web
    sites. The authenticity and integrity of a SUSE security announcement is
    guaranteed by a cryptographic signature in each announcement. All SUSE
    security announcements are published with a valid signature.

    To verify the signature of the announcement, save it as text into a file
    and run the command

      gpg --verify 

    replacing  with the name of the file where you saved the
    announcement. The output for a valid signature looks like:

      gpg: Signature made  using RSA key ID 3D25D3D9
      gpg: Good signature from "SuSE Security Team "

    where  is replaced by the date the document was signed.

    If the security team's key is not contained in your key ring, you can
    import it from the first installation CD. To import the key, use the
    command

      gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc

  - Package authenticity verification:

    SUSE update packages are available on many mirror FTP servers all over the
    world. While this service is considered valuable and important to the free
    and open source software community, the authenticity and the integrity of
    a package needs to be verified to ensure that it has not been tampered
    with.

    There are two verification methods that can be used independently from
    each other to prove the authenticity of a downloaded file or RPM package:

    1) Using the internal gpg signatures of the rpm package
    2) MD5 checksums as provided in this announcement

    1) The internal rpm package signatures provide an easy way to verify the
       authenticity of an RPM package. Use the command

        rpm -v --checksig 

       to verify the signature of the package, replacing  with the
       filename of the RPM package downloaded. The package is unmodified if it
       contains a valid signature from build@suse.de with the key ID 9C800ACA.

       This key is automatically imported into the RPM database (on
       RPMv4-based distributions) and the gpg key ring of 'root' during
       installation. You can also find it on the first installation CD and at
       the end of this announcement.

    2) If you need an alternative means of verification, use the md5sum
       command to verify the authenticity of the packages. Execute the command

         md5sum 

       after you downloaded the file from a SUSE FTP server or its mirrors.
       Then compare the resulting md5sum with the one that is listed in the
       SUSE security announcement. Because the announcement containing the
       checksums is cryptographically signed (by security@suse.de), the
       checksums show proof of the authenticity of the package if the
       signature of the announcement is valid. Note that the md5 sums
       published in the SUSE Security Announcements are valid for the
       respective packages only. Newer versions of these packages cannot be
       verified.

  - SUSE runs two security mailing lists to which any interested party may
    subscribe:

    suse-security@suse.com
        -   General Linux and SUSE security discussion.
            All SUSE security announcements are sent to this list.
            To subscribe, send an e-mail to
                .

    suse-security-announce@suse.com
        -   SUSE's announce-only mailing list.
            Only SUSE's security announcements are sent to this list.
            To subscribe, send an e-mail to
                .

    For general information or the frequently asked questions (FAQ),
    send mail to  or
    .

    ====================================================================    SUSE's security contact is  or .
    The  public key is listed below.
    ====================================================================

References

Severity

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved