CVE-2005-2491
CVSS7.5
发布时间 :2005-08-23 00:00:00
修订时间 :2016-10-17 23:27:54
NMCOPS    

[原文]Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.


[CNNVD]PCRE库 堆溢出漏洞(CNNVD-200508-232)

        PCRE(Perl兼容正则表达式)库是个开放源代码的软件,可提供正则表达式支持。
        由于函数库没有正确的检查sane值正则表达式的特定量词值,导致PCRE中存在堆溢出漏洞,最严重时可能允许执行任意代码。漏洞的具体影响取决于应用程序和使用有漏洞函数库的用户凭据。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:pcre:pcre:6.1
cpe:/a:pcre:pcre:6.0
cpe:/a:pcre:pcre:5.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:735Apache Integer Overflow in pcre_compile.c
oval:org.mitre.oval:def:1659VirusVault Integer Overflow in pcre_compile
oval:org.mitre.oval:def:1496Webproxy Integer Overflow in pcre_compile
oval:org.mitre.oval:def:11516Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Et...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2491
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200508-232
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt
(UNKNOWN)  SCO  SCOSA-2006.10
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
(UNKNOWN)  SGI  20060401-01-U
http://docs.info.apple.com/article.html?artnum=302847
(UNKNOWN)  APPLE  APPLE-SA-2005-11-29
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
(UNKNOWN)  HP  SSRT061238
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
(UNKNOWN)  TRUSTIX  TSLSA-2005-0059
http://marc.info/?l=bugtraq&m=112605112027335&w=2
(UNKNOWN)  SUSE  SUSE-SA:2005:051
http://marc.info/?l=bugtraq&m=112606064317223&w=2
(UNKNOWN)  OPENPKG  OpenPKG-SA-2005.018
http://marc.info/?l=bugtraq&m=130497311408250&w=2
(UNKNOWN)  HP  HPSBOV02683
http://securityreason.com/securityalert/604
(UNKNOWN)  SREASON  604
http://securitytracker.com/id?1014744
(PATCH)  SECTRACK  1014744
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
(UNKNOWN)  SUNALERT  102198
http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf
http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm
http://www.debian.org/security/2005/dsa-800
(UNKNOWN)  DEBIAN  DSA-800
http://www.debian.org/security/2005/dsa-817
(UNKNOWN)  DEBIAN  DSA-817
http://www.debian.org/security/2005/dsa-819
(UNKNOWN)  DEBIAN  DSA-819
http://www.debian.org/security/2005/dsa-821
(UNKNOWN)  DEBIAN  DSA-821
http://www.ethereal.com/appnotes/enpa-sa-00021.html
(UNKNOWN)  CONFIRM  http://www.ethereal.com/appnotes/enpa-sa-00021.html
http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml
(UNKNOWN)  GENTOO  GLSA-200509-08
http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml
(UNKNOWN)  GENTOO  GLSA-200509-02
http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml
(UNKNOWN)  GENTOO  GLSA-200509-12
http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml
(UNKNOWN)  GENTOO  GLSA-200509-19
http://www.novell.com/linux/security/advisories/2005_48_pcre.html
(UNKNOWN)  SUSE  SUSE-SA:2005:048
http://www.novell.com/linux/security/advisories/2005_49_php.html
(UNKNOWN)  SUSE  SUSE-SA:2005:049
http://www.novell.com/linux/security/advisories/2005_52_apache2.html
(UNKNOWN)  SUSE  SUSE-SA:2005:052
http://www.php.net/release_4_4_1.php
(UNKNOWN)  CONFIRM  http://www.php.net/release_4_4_1.php
http://www.redhat.com/support/errata/RHSA-2005-358.html
(UNKNOWN)  REDHAT  RHSA-2005:358
http://www.redhat.com/support/errata/RHSA-2005-761.html
(UNKNOWN)  REDHAT  RHSA-2005:761
http://www.redhat.com/support/errata/RHSA-2006-0197.html
(UNKNOWN)  REDHAT  RHSA-2006:0197
http://www.securityfocus.com/archive/1/archive/1/427046/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:168516
http://www.securityfocus.com/archive/1/archive/1/428138/100/0/threaded
(UNKNOWN)  HP  HPSBUX02074
http://www.securityfocus.com/bid/14620
(UNKNOWN)  BID  14620
http://www.securityfocus.com/bid/15647
(UNKNOWN)  BID  15647
http://www.vupen.com/english/advisories/2005/1511
(UNKNOWN)  VUPEN  ADV-2005-1511
http://www.vupen.com/english/advisories/2005/2659
(UNKNOWN)  VUPEN  ADV-2005-2659
http://www.vupen.com/english/advisories/2006/0789
(UNKNOWN)  VUPEN  ADV-2006-0789
http://www.vupen.com/english/advisories/2006/4320
(UNKNOWN)  VUPEN  ADV-2006-4320
http://www.vupen.com/english/advisories/2006/4502
(UNKNOWN)  VUPEN  ADV-2006-4502

- 漏洞信息

PCRE库 堆溢出漏洞
高危 缓冲区溢出
2005-08-23 00:00:00 2009-01-25 00:00:00
远程  
        PCRE(Perl兼容正则表达式)库是个开放源代码的软件,可提供正则表达式支持。
        由于函数库没有正确的检查sane值正则表达式的特定量词值,导致PCRE中存在堆溢出漏洞,最严重时可能允许执行任意代码。漏洞的具体影响取决于应用程序和使用有漏洞函数库的用户凭据。
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.debian.org/security/2005/dsa-800
        http://www2.itrc.hp.com/service/cki/docDisplay.do?hpweb_printable=true&docId=c00555254
        ftp://patches.sgi.com/support/free/security/advisories/20050902-01-U.asc

- 漏洞信息 (F101257)

HP Security Bulletin HPSBOV02683 SSRT090208 (PacketStormID:F101257)
2011-05-10 00:00:00
HP  hp.com
advisory,web,denial of service,php,vulnerability
CVE-2002-0839,CVE-2002-0840,CVE-2003-0542,CVE-2004-0492,CVE-2005-2491,CVE-2005-3352,CVE-2005-3357,CVE-2006-2937,CVE-2006-2940,CVE-2006-3738,CVE-2006-3747,CVE-2006-3918,CVE-2006-4339,CVE-2006-4343,CVE-2007-5000,CVE-2007-6388,CVE-2008-0005,CVE-2009-1891,CVE-2009-3095,CVE-2009-3291,CVE-2009-3292,CVE-2009-3293,CVE-2009-3555,CVE-2010-0010
[点击下载]

HP Security Bulletin HPSBOV02683 SSRT090208 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. Revision 1 of this advisory.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02824490
Version: 1

HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2011-05-05
Last Updated: 2011-05-05

Potential Security Impact: Remote Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, unauthorized modification

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications.

References: CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

BACKGROUND

CVSS 2.0 Base Metrics
===========================================================
  Reference              Base Vector             Base Score
CVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2
CVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8
CVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2
CVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5
CVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3
CVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4
CVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8
CVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8
CVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6
CVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3
CVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3
CVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3
CVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3
CVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3
CVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3
CVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1
CVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5
CVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5
CVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5
CVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5
CVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8
CVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8
===========================================================
             Information on CVSS is documented
            in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software updates available to resolve these vulnerabilities.

Kit Name
 Location

HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers.
 http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html

CSWS_PHP V2.2
 http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html

HISTORY
Version:1 (rev.1) - 5 May 2011 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
  To: security-alert@hp.com
  Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
    -check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
    -verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:

GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

Copyright 2011 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEUEARECAAYFAk3C8qwACgkQ4B86/C0qfVnBqgCYtJgc2OLmG0JEGU4sCpzntC4E
HACgjeWEt9Ja5qNdjhL5iwOp3JVtVic=
=EvRT
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F42016)

Apple Security Advisory 2005-11-29 (PacketStormID:F42016)
2005-12-02 00:00:00
Apple  apple.com
advisory,vulnerability
apple
CVE-2005-2088,CVE-2005-2700,CVE-2005-2757,CVE-2005-3185,CVE-2005-3700,CVE-2005-2969,CVE-2005-3701,CVE-2005-2491,CVE-2005-3702,CVE-2005-3703,CVE-2005-3705,CVE-2005-1993,CVE-2005-3704
[点击下载]

Apple Security Advisory - Apple has released a security update which addresses over a dozen vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-11-29 Security Update 2005-009

Security Update 2005-009 is now available and delivers the following
security enhancements:

Apache2
CVE-ID:  CVE-2005-2088
Available for:  Mac OS X Server v10.3.9, Mac OS X Server v10.4.3
Impact:  Cross-site scripting may be possible in certain
configurations
Description:  The Apache 2 web server may allow an attacker to bypass
protections using specially-crafted HTTP headers.  This behavior is
only present when Apache is used in conjunction with certain proxy
servers, caching servers, or web application firewalls.  This update
addresses the issue by incorporating Apache version 2.0.55.

apache_mod_ssl
CVE-ID:  CVE-2005-2700
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.3, Mac OS X Server v10.4.3
Impact:  SSL client authentication may be bypassed in certain
configurations
Description:  The Apache web server's mod_ssl module may allow an
attacker unauthorized access to a resource that is configured to
require SSL client authentication.  Only Apache configurations that
include the "SSLVerifyClient require" directive may be affected.
This update address the issue by incorporating mod_ssl 2.8.24 and
Apache version 2.0.55 (Mac OS X Server).

CoreFoundation
CVE-ID:  CVE-2005-2757
Available for:  Mac OS X v10.4.3, Mac OS X Server v10.4.3
Impact:  Resolving a maliciously-crafted URL may result in crashes or
arbitrary code execution
Description:  By carefully crafting a URL, an attacker can trigger a
heap buffer overflow in CoreFoundation which may result in a crash or
arbitrary code execution.  CoreFoundation is used by Safari and other
applications.  This update addresses the issue by performing
additional validation of URLs.  This issue does not affect systems
prior to Mac OS X v10.4.

curl
CVE-ID:  CVE-2005-3185
Available for:  Mac OS X v10.4.3, Mac OS X Server v10.4.3
Impact:  Visiting a malicious HTTP server and using NTLM
authentication may result in arbitrary code execution
Description:  Using curl with NTLM authentication enabled to download
an HTTP resource may allow an attacker to supply an overlong user or
domain name.  This may cause a stack buffer overflow and lead to
arbitrary code execution.  This update addresses the issue by
performing additional validation when using NTLM authentication.
This issue does not affect systems prior to Mac OS X v10.4.

iodbcadmintool
CVE-ID:  CVE-2005-3700
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.3, Mac OS X Server v10.4.3
Impact:  Local users may gain elevated privileges
Description:  The ODBC Administrator utility includes a helper tool
called iodbcadmintool that executes with raised privileges.  This
helper tool contains a vulnerability that may allow local users to
execute arbitrary commands with raised privileges.  This update
addresses the issue by providing an updated iodbcadmintool that is
not susceptible.

OpenSSL
CVE-ID:  CVE-2005-2969
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.3, Mac OS X Server v10.4.3
Impact:  Applications using OpenSSL may be forced to use the weaker
SSLv2 protocol
Description:  Applications that do not disable SSLv2 or that enable
certain compatibility options when using OpenSSL may be vulnerable to
a protocol downgrade attack.  Such attacks may cause an SSL
connection to use the SSLv2 protocol which provides less protection
than SSLv3 or TLS.  Further information on this issue is available at
http://www.openssl.org/news/secadv_20051011.txt.  This update
addresses the issue by incorporating OpenSSL version 0.9.7i.

passwordserver
CVE-ID:  CVE-2005-3701
Available for:  Mac OS X Server v10.3.9, Mac OS X Server v10.4.3
Impact:  Local users on Open Directory master servers may gain
elevated privileges
Description:  When creating an Open Directory master server,
credentials may be compromised.  This could lead to unprivileged
local users gaining elevated privileges on the server.  This update
addresses the issue by ensuring the credentials are protected.

Safari
CVE-ID:  CVE-2005-2491
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.3, Mac OS X Server v10.4.3
Impact:  Processing a regular expressions may result in arbitrary
code execution
Description:  The JavaScript engine in Safari uses a version of the
PCRE library that is vulnerable to a potentially exploitable heap
overflow.  This may lead to the execution of arbitrary code.  This
update addresses the issue by providing a new version of the
JavaScript engine that incorporates more robust input validation.

Safari
CVE-ID:  CVE-2005-3702
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.3, Mac OS X Server v10.4.3
Impact:  Safari may download files outside of the designated download
directory
Description:  When files are downloaded in Safari they are normally
placed in the location specified as the download directory.  However,
if a web site suggests an overlong filename for a download, it is
possible for Safari to create this file in other locations.  Although
the filename and location of the downloaded file content cannot be
directly specified by remote servers, this may still lead to
downloading content into locations accessible to other users.  This
update addresses the issue by rejecting overlong filenames.

Safari
CVE-ID:  CVE-2005-3703
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.3, Mac OS X Server v10.4.3
Impact:  JavaScript dialog boxes in Safari may be misleading
Description:  In Safari, JavaScript dialog boxes do not indicate the
web site that created them.  This could mislead users into
unintentionally disclosing information to a web site.  This update
addresses the issue by displaying the originating site name in
JavaScript dialog boxes.  Credit to Jakob Balle of Secunia Research
for reporting this issue.

Safari
CVE-ID:  CVE-2005-3705
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.3, Mac OS X Server v10.4.3
Impact:  Visiting malicious web sites with WebKit-based applications
may lead to arbitrary code execution
Description:  WebKit contains a heap overflow that may lead to the
execution of arbitrary code.  This may be triggered by content
downloaded from malicious web sites in applications that use WebKit
such as Safari.  This update addresses the issue by removing the heap
overflow from WebKit.  Credit to Neil Archibald of Suresec LTD and
Marco Mella for reporting this issue.

sudo
CVE-ID:  CVE-2005-1993
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.3, Mac OS X Server v10.4.3
Impact:  Local users may be able to gain elevated privileges in
certain sudo configurations
Description:  Sudo allows system administrators to grant users the
ability to run specific commands with elevated privileges.  Although
the default configuration is not vulnerable to this issue, custom
sudo configurations may not properly restrict users.  Further
information on this issue is available from:
http://www.sudo.ws/sudo/alerts/path_race.html
This update addresses the issue by incorporating sudo version
1.6.8p9.

syslog
CVE-ID:  CVE-2005-3704
Available for:  Mac OS X v10.4.3, Mac OS X Server v10.4.3
Impact:  System log entries may be forged
Description:  The system log server records syslog messages verbatim.
By supplying control characters such as the newline character, a
local attacker could forge entries with the intention to mislead the
system administrator.  This update addresses the issue by specially
handling control characters and other non-printable characters.  This
issue does not affect systems prior to Mac OS X v10.4.  Credit to
HELIOS Software GmbH for reporting this issue.

Additional Information

Also included in this update are enhancements to Safari to improve
handling of credit card security codes (Mac OS X v10.3.9 and Mac OS X
v10.4.3), CoreTypes to improve handling of Terminal files (Mac OS X
v10.4.3), QuickDraw Manager to improve rendering of PICT files (Mac
OS X v10.3.9), documentation regarding OpenSSH and PAM (Mac OS X
v10.4.3), and ServerMigration to remove unneeded privileges.

Security Update 2005-009 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.4.3
The download file is named:  "SecUpd2005-009Ti.dmg"
Its SHA-1 digest is:  544f51a7bc73a57dbca95e05693904aadb2f94b1

For Mac OS X Server v10.4.3
The download file is named:  "SecUpdSrvr2005-009Ti.dmg"
Its SHA-1 digest is:  b7620426151b8f1073c9ff73b2adf43b3086cc60

For Mac OS X v10.3.9
The download file is named:  "SecUpd2005-009Pan.dmg"
Its SHA-1 digest is:  ea17ad7852b3e6277f53c2863e51695ac7018650

For Mac OS X Server v10.3.9
The download file is named:  "SecUpdSrvr2005-009Pan.dmg"
Its SHA-1 digest is:  b03711729697ea8e6b683eb983343f2f3de3af13

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.1 (Build 2185)

iQEVAwUBQ4zotIHaV5ucd/HdAQJiPAf/S7bsLZk3R7I8FBidCKQ/bxSxjhTFx8sK
vqsVFNDsXzv+tEa3IP58D8lI8lF94o+50p59qaPWxHzl4HxPVKlH4YCiBesYmVRp
FcGo0qbzj5wJzdWADPV+I8O+/CR5k8J35PuKDIzPabnO67nxoXc/DF6go50e5Hr9
Yqs2477ufq0ANd8wG9dF5pfcYwD8KRLfOmfJ9ZVhbG8Up0uO4JH71cTQZIFcKkYf
g6N9SCnqx5JqCwsRx85a8WuY1x97K3zqP53/bt4Wzi76VaaSaYj01nVywworTik4
YzOWOckJmWU9+66iby9mKY2mzz+u/vwtiMp577yT4y9FiSg6yp7mWQ==
=jnz9
-----END PGP SIGNATURE-----
   
    

- 漏洞信息 (F41672)

HP Security Bulletin 2005-12.51 (PacketStormID:F41672)
2005-11-20 00:00:00
Hewlett Packard  hp.com
advisory,denial of service,arbitrary,vulnerability
hpux
CVE-2005-2491,CVE-2005-1268,CVE-2005-2728,CVE-2005-2088
[点击下载]

HP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerability could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00555254
Version: 1

HPSBUX02074 SSRT051251 - Apache-based Web Server on HP-UX mod_ssl,
proxy_http, Remote Execution of Arbitrary Code, Denial of Service
(DoS), and Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted
upon as soon as possible.

Release Date: 2005-11-10
Last Updated: 2005-11-15

Potential Security Impact: Remote execution of arbitrary code,
Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company,
        HP Software Security Response Team

VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with
Apache running on HP-UX. These vulnerability could be exploited
remotely to allow execution of arbitrary code, Denial of Service
(DoS), or unauthorized access.

References: CVE-2005-2491, CVE-2005-1268, CVE-2005-2728,
            CVE-2005-2088.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.00, B.11.11, B.11.23 running Apache-based Web Server
prior to v.2.0.55.

BACKGROUND

The following potential security vulnerabilities are resolved in
the software updates listed below:

CVE-2005-2088 (cve.mitre.org): HTTP Request Smuggling.

CVE-2005-2491 (cve.mitre.org): Integer overflow in pcre_compile.c.

CVE-2005-2728 (cve.mitre.org): Remote denial of service.

CVE-2005-1268 (cve.mitre.org): Remote denial of service.

AFFECTED VERSIONS

For IPv4:
HP-UX B.11.00
HP-UX B.11.11
=============
hpuxwsAPACHE
action: install revision A.2.0.55.00 or subsequent

For IPv6:
HP-UX B.11.11
=============
hpuxwsAPACHE,revision=B.1.0.00.01
hpuxwsAPACHE,revision=B.1.0.07.01
hpuxwsAPACHE,revision=B.1.0.08.01
hpuxwsAPACHE,revision=B.1.0.09.01
hpuxwsAPACHE,revision=B.1.0.10.01
hpuxwsAPACHE,revision=B.2.0.48.00
hpuxwsAPACHE,revision=B.2.0.49.00
hpuxwsAPACHE,revision=B.2.0.50.00
hpuxwsAPACHE,revision=B.2.0.51.00
hpuxwsAPACHE,revision=B.2.0.52.00
hpuxwsAPACHE,revision=B.2.0.53.00
hpuxwsAPACHE,revision=B.2.0.54.00
action: install revision B.2.0.55.00 or subsequent

HP-UX B.11.23
=============
hpuxwsAPACHE
action: install revision B.2.0.55.00 or subsequent

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve
the issue.

Software updates for the Apache-based Web Server are available
from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/
displayProductInfo.pl?productNumber=HPUXWSSUITE


HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based
Web Server v.2.0.55.00 or subsequent.

Apache Update Procedure

 Check for Apache Installation
 ----------------------------

To determine if the Apache web server from HP is installed on your
system, use Software Distributor's swlist command. All three
revisions of the product may co-exist on a single system.

For example, the results of the command

swlist -l product | grep -i apache

hpuxwsAPACHE B.2.0.54.00 HP-UX Apache-based Web Server

 Stop Apache
 -------------
Before updating, make sure to stop any previous Apache binary.
Otherwise, the previous binary will continue running, preventing
the new one from starting, although the installation would be
successful. After determining which Apache is installed, stop
Apache with the following commands:

for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

 Download and Install Apache
 -----------------------------
Download Apache from Software Depot:
http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/
displayProductInfo.pl?productNumber=HPUXWSSUITE
Verify successful download by comparing the cksum with the value
specified on the installation web page.

Use SD to swinstall the depot.
Installation of this new revision of HP Apache over an existing HP
Apache installation is supported, while installation over a non-HP
Apache is NOT supported.


 Removing Apache Installation
 ----------------------------
If you prefer to remove Apache from your system instead of
installing a newer revision to resolve the security problem, use
both Software Distributor's "swremove" command and also "rm -rf"
the home location as specified in the rc.config.d file "HOME"
variables.
 %ls /etc/rc.config.d |
 grep apache hpapache2conf hpws_apache[32]conf


MANUAL ACTIONS: Yes - Update plus other actions
Install the revision of the product.


PRODUCT SPECIFIC INFORMATION

HP-UX Security Patch Check: Security Patch Check revision B.02.00
analyzes all HP-issued Security Bulletins to provide a subset of
recommended actions that potentially affect a specific HP-UX
system. For more information:
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi
displayProductInfo.pl?productnumber=B6834AAtN

UPDATE HISTORY

Initial release: 15 November 2005



Support: For further information, contact normal HP Services
support channel.

Report: To report a potential security vulnerability with any HP
supported product, send Email to: security-alert@hp.com.  It is
strongly recommended that security related information being
communicated to HP be encrypted using PGP, especially exploit
information.  To get the security-alert PGP key, please send an
e-mail message as follows:
  To: security-alert@hp.com
  Subject: get key

Subscribe: To initiate a subscription to receive future HP
Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&
langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC

On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
  - check ALL categories for which alerts are required and
    continue.
Under Step2: your ITRC operating systems
  - verify your operating system selections are checked and
    save.

To update an existing subscription:
http://h30046.www3.hp.com/subSignIn.php
Log in on the web page:
  Subscriber's choice for Business: sign-in.
On the web page:
  Subscriber's Choice: your profile summary
    - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit:
http://www.itrc.hp.com/service/cki/secBullArchive.do

* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters of the
Bulletin number in the title:

    GN = HP General SW,
    MA = HP Management Agents,
    MI = Misc. 3rd party SW,
    MP = HP MPE/iX,
    NS = HP NonStop Servers,
    OV = HP OpenVMS,
    PI = HP Printing & Imaging,
    ST = HP Storage SW,
    TL = HP Trusted Linux,
    TU = HP Tru64 UNIX,
    UX = HP-UX,
    VV = HP Virtual Vault


System management and security procedures must be reviewed
frequently to maintain system integrity. HP is continually
reviewing and enhancing the security features of software products
to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to
bring to the attention of users of the affected HP products the
important security information contained in this Bulletin. HP
recommends that all users determine the applicability of this
information to their individual situations and take appropriate
action. HP does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently, HP
will not be responsible for any damages resulting from user's use
or disregard of the information provided in this Bulletin. To the
extent permitted by law, HP disclaims all warranties, either
express or implied, including the warranties of merchantability
and fitness for a particular purpose, title and non-infringement."


(c)Copyright 2005 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or
editorial errors or omissions contained herein. The information
provided is provided "as is" without warranty of any kind. To the
extent permitted by law, neither HP nor its affiliates,
subcontractors or suppliers will be liable for incidental, special
or consequential damages including downtime cost; lost profits;
damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration.
The information in this document is subject to change without
notice. Hewlett-Packard Company and the names of Hewlett-Packard
products referenced herein are trademarks of Hewlett-Packard
Company in the United States and other countries. Other product
and company names mentioned herein may be trademarks of their
respective owners.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQ3sfWOAfOvwtKn1ZEQKcWQCgiwu/tFKJGfFL6h6UqXv4R8dlN20AnAtX
AdO0xbRlYS0bWjiXvNb1K4Qj
=5gHE
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F40319)

Gentoo Linux Security Advisory 200509-19 (PacketStormID:F40319)
2005-09-28 00:00:00
Gentoo  security.gentoo.org
advisory,overflow,php
linux,gentoo
CVE-2005-2491,CVE-2005-2498
[点击下载]

Gentoo Linux Security Advisory GLSA 200509-19 - PHP makes use of a private copy of libpcre which is subject to an integer overflow leading to a heap overflow (see GLSA 200508-17). It also ships with an XML-RPC library affected by a script injection vulnerability (see GLSA 200508-13). Versions less than 4.4.0-r1 are affected.

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig2185A5EC3517B37082118ADD
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200509-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: PHP: Vulnerabilities in included PCRE and XML-RPC libraries
      Date: September 27, 2005
      Bugs: #102373
        ID: 200509-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

PHP makes use of an affected PCRE library and ships with an affected
XML-RPC library and is therefore potentially vulnerable to remote
execution of arbitrary code.

Background
==========

PHP is a general-purpose scripting language widely used to develop
web-based applications. It can run inside a web server using the
mod_php module or the CGI version of PHP, or can run stand-alone in a
CLI.

Affected packages
=================

    -------------------------------------------------------------------
     Package          /  Vulnerable  /                      Unaffected
    -------------------------------------------------------------------
  1  dev-php/php         < 4.4.0-r1                      *>= 4.3.11-r1
                                                           >= 4.4.0-r1
  2  dev-php/mod_php     < 4.4.0-r2                      *>= 4.3.11-r1
                                                           >= 4.4.0-r2
  3  dev-php/php-cgi     < 4.4.0-r2                      *>= 4.3.11-r2
                                                           >= 4.4.0-r2
    -------------------------------------------------------------------
     3 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
===========

PHP makes use of a private copy of libpcre which is subject to an
integer overflow leading to a heap overflow (see GLSA 200508-17). It
also ships with an XML-RPC library affected by a script injection
vulnerability (see GLSA 200508-13).

Impact
======

An attacker could target a PHP-based web application that would use
untrusted data as regular expressions, potentially resulting in the
execution of arbitrary code. If web applications make use of the
XML-RPC library shipped with PHP, they are also vulnerable to remote
execution of arbitrary PHP code.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All PHP users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose dev-php/php

All mod_php users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose dev-php/mod_php

All php-cgi users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose dev-php/php-cgi

References
==========

  [ 1 ] CAN-2005-2491
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
  [ 2 ] CAN-2005-2498
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
  [ 3 ] GLSA 200508-13
        http://www.gentoo.org/security/en/glsa/glsa-200508-13.xml
  [ 4 ] GLSA 200508-17
        http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200509-19.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


--------------enig2185A5EC3517B37082118ADD
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDOaq9vcL1obalX08RAjNJAJ4qC4jj5dU9QDgMbuvq7gionbCHuwCfWY4N
QXDhIZIWjI0OVKooy7v5Y1I=
=mtJx
-----END PGP SIGNATURE-----

--------------enig2185A5EC3517B37082118ADD--
    

- 漏洞信息 (F40235)

Debian Linux Security Advisory 819-1 (PacketStormID:F40235)
2005-09-24 00:00:00
Debian  debian.org
advisory,overflow,arbitrary,perl,python
linux,debian
CVE-2005-2491
[点击下载]

Debian Security Advisory DSA 819-1 - An integer overflow with a subsequent buffer overflow has been detected in PCRE, the Perl Compatible Regular Expressions library, which allows an attacker to execute arbitrary code, and is also present in Python. Exploiting this vulnerability requires an attacker to specify the used regular expression.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 819-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 23rd, 2005                    http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : python2.1
Vulnerability  : integer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2491
BugTraq ID     : 14620
Debian Bug     : 324531

An integer overflow with a subsequent buffer overflow has been detected
in PCRE, the Perl Compatible Regular Expressions library, which allows
an attacker to execute arbitrary code, and is also present in Python.
Exploiting this vulnerability requires an attacker to specify the used
regular expression.

For the old stable distribution (woody) this problem has been fixed in
version 2.1.3-3.4.

For the stable distribution (sarge) this problem has been fixed in
version 2.1.3dfsg-1sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 2.1.3dfsg-3.

We recommend that you upgrade your python2.1 packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4.dsc
      Size/MD5 checksum:     1283 c9ff65f00a6c41911c5574d11969e9bb
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4.diff.gz
      Size/MD5 checksum:    70770 55ed38527e9b65d527a69935858bce02
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3.orig.tar.gz
      Size/MD5 checksum:  6194246 1ae739aa5824de263923df3516eeaf80

  Architecture independent components:

    http://security.debian.org/pool/updates/main/p/python2.1/idle-python2.1_2.1.3-3.4_all.deb
      Size/MD5 checksum:   115520 b9e96bbe8c28888cba2b350a8ce61ec3
    http://security.debian.org/pool/updates/main/p/python2.1/idle_2.1.3-3.4_all.deb
      Size/MD5 checksum:    12906 42f979454e34fbb5e42a4b1496449689
    http://security.debian.org/pool/updates/main/p/python2.1/python-dev_2.1.3-3.4_all.deb
      Size/MD5 checksum:    15416 03c95719ca0bc991d5ea9f1c190ff82b
    http://security.debian.org/pool/updates/main/p/python2.1/python-doc_2.1.3-3.4_all.deb
      Size/MD5 checksum:    12846 c37e14660b68f3c1ed5c22804f23d9ae
    http://security.debian.org/pool/updates/main/p/python2.1/python-elisp_2.1.3-3.4_all.deb
      Size/MD5 checksum:    12852 1023483d1282f9861bb5dc76152bb2cd
    http://security.debian.org/pool/updates/main/p/python2.1/python-examples_2.1.3-3.4_all.deb
      Size/MD5 checksum:    12796 c635053e87fbcb91b343adc568050088
    http://security.debian.org/pool/updates/main/p/python2.1/python-gdbm_2.1.3-3.4_all.deb
      Size/MD5 checksum:    12778 c50be772b746baa28994c98929425ca3
    http://security.debian.org/pool/updates/main/p/python2.1/python-mpz_2.1.3-3.4_all.deb
      Size/MD5 checksum:    12784 ce6339d07a8210db3f29932d42544961
    http://security.debian.org/pool/updates/main/p/python2.1/python-tk_2.1.3-3.4_all.deb
      Size/MD5 checksum:    12906 559b6bc7983d4b018c181ee74a67c6d4
    http://security.debian.org/pool/updates/main/p/python2.1/python-xmlbase_2.1.3-3.4_all.deb
      Size/MD5 checksum:    12790 0eeabcaa82894500b998dc4ee0de939d
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-doc_2.1.3-3.4_all.deb
      Size/MD5 checksum:  1927148 d54d9ceada7fbcfb8e987b4f99d3a6ea
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-elisp_2.1.3-3.4_all.deb
      Size/MD5 checksum:    51646 430c2e53300bf98e81eb5d5e1ad643b5
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-examples_2.1.3-3.4_all.deb
      Size/MD5 checksum:   503508 20fb396858e134f1166fef3d8cf595fc
    http://security.debian.org/pool/updates/main/p/python2.1/python_2.1.3-3.4_all.deb
      Size/MD5 checksum:    25684 aed537d4b99f8f34775ef0326581adc8

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4_alpha.deb
      Size/MD5 checksum:  1804480 217a67f470e2ab38dc835997daf4b361
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.4_alpha.deb
      Size/MD5 checksum:   695474 8362aac0d826dfc55bc71dc952c8393f
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.4_alpha.deb
      Size/MD5 checksum:    19824 181a4baaa308247ce70a80eda1b33f38
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.4_alpha.deb
      Size/MD5 checksum:    23156 07c5f95931738c3b6bdc64f72a848a8e
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.4_alpha.deb
      Size/MD5 checksum:    82918 fe9968ccfe9e2f821a1940d0bee9d383
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.4_alpha.deb
      Size/MD5 checksum:    52186 b251d107146b0ef37fc6ac9acecae40e

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4_arm.deb
      Size/MD5 checksum:  1646836 75cf116caafe8291f89e3dec0ed12000
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.4_arm.deb
      Size/MD5 checksum:   620798 620d7ac7ee3a2095ee8d516855fd0370
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.4_arm.deb
      Size/MD5 checksum:    18688 76ffcd6642f3a578a8a33048f7c6d844
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.4_arm.deb
      Size/MD5 checksum:    21354 9631e9af46800ac48a6b2b431e4172fd
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.4_arm.deb
      Size/MD5 checksum:    80616 612eac4df59bbf526a4984a063a80d33
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.4_arm.deb
      Size/MD5 checksum:    49746 886b3cb921b6f87c7ac81d401deab81e

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4_i386.deb
      Size/MD5 checksum:  1591466 6665d726f457427dcd7d93464a84eb77
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.4_i386.deb
      Size/MD5 checksum:   568322 a96aa6e8be70a9ed9b1a7bf82749002d
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.4_i386.deb
      Size/MD5 checksum:    18420 c484dc99c7d7d0b645be1e1296201808
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.4_i386.deb
      Size/MD5 checksum:    21284 c14f2b042ab4813ab3159340f8633a61
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.4_i386.deb
      Size/MD5 checksum:    79542 f24ef7146c8981ec6669a8a648f0dbf6
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.4_i386.deb
      Size/MD5 checksum:    48724 993ce2e6f62ececcd3751bb28054dd45

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4_ia64.deb
      Size/MD5 checksum:  2080934 b37025311f812b588b36053762c33bde
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.4_ia64.deb
      Size/MD5 checksum:   770032 6a00b8a25d586b982d5b772e08ca57cc
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.4_ia64.deb
      Size/MD5 checksum:    21294 51c74e19dc41bcd70d70abd6b321a09f
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.4_ia64.deb
      Size/MD5 checksum:    26350 ed37d4fb88409d701da660fa25449d6e
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.4_ia64.deb
      Size/MD5 checksum:    86980 836b35afddce241e53d1fc9b5ab412eb
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.4_ia64.deb
      Size/MD5 checksum:    56060 1a5ea4c22c514ac63c20a16b0278e80b

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4_hppa.deb
      Size/MD5 checksum:  1832830 a81f1adeb76a6581e0cd37ebe02e002d
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.4_hppa.deb
      Size/MD5 checksum:   704584 0bc75db17cd0a3227a7727874c9b6e41
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.4_hppa.deb
      Size/MD5 checksum:    19718 36858ab4c9e7073c772bf962995bad7a
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.4_hppa.deb
      Size/MD5 checksum:    23902 b25baa54c07e43d9a54dff484360b9a1
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.4_hppa.deb
      Size/MD5 checksum:    83564 1d99fd8fe2424e2dbb820cbd0085aaad
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.4_hppa.deb
      Size/MD5 checksum:    53304 487779ed6eb27f092c2c43df4a960291

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4_m68k.deb
      Size/MD5 checksum:  1608986 123ca42f191413925eae3ff2f7831449
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.4_m68k.deb
      Size/MD5 checksum:   552570 09a5f9d8478d94f177e11b7fb014ad90
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.4_m68k.deb
      Size/MD5 checksum:    18622 bf771c2bd24983d84563066ac42e0e52
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.4_m68k.deb
      Size/MD5 checksum:    21230 78c99c3ecd4dcdefd77c021cfca6e152
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.4_m68k.deb
      Size/MD5 checksum:    80492 b2c50579eaa5dac4e72816de7fcf535e
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.4_m68k.deb
      Size/MD5 checksum:    49800 7d64b78e55d92488a19a4a2ac0421975

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4_mips.deb
      Size/MD5 checksum:  1661308 e4caaee980a49640433ffc55ccf2f2d8
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.4_mips.deb
      Size/MD5 checksum:   658156 bfa51052588c4ef31e09f6b22062bf39
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.4_mips.deb
      Size/MD5 checksum:    18638 b5d493035f10c856778ebd725c4d5906
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.4_mips.deb
      Size/MD5 checksum:    21786 1c2533f7f18fa6fa1cf2b02c1bae4c80
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.4_mips.deb
      Size/MD5 checksum:    79790 543a0d4bd543e3e6b06e3b0214a746eb
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.4_mips.deb
      Size/MD5 checksum:    48970 ccca5b8cac7365963bf960e283d625b4

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4_mipsel.deb
      Size/MD5 checksum:  1658132 f2515e9ff937d3b83334beb2409d4efe
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.4_mipsel.deb
      Size/MD5 checksum:   656332 8910d2235ece62d463e3a5489f0f5692
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.4_mipsel.deb
      Size/MD5 checksum:    18654 0bd61d832a0107c1a4606a3980aa300e
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.4_mipsel.deb
      Size/MD5 checksum:    21776 90db6005e1371167ece72bc8e995da5d
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.4_mipsel.deb
      Size/MD5 checksum:    79730 482fcf4bd3574f3a8c462516d19266ee
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.4_mipsel.deb
      Size/MD5 checksum:    49020 a374909f944737d2ccada1e497b3d4e3

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4_powerpc.deb
      Size/MD5 checksum:  1681526 e5397e7469d647c18540673d1b30df59
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.4_powerpc.deb
      Size/MD5 checksum:   639220 2a7bf1fb47209171b09b5e6730482cd7
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.4_powerpc.deb
      Size/MD5 checksum:    18826 db5df9bfc63f57c32b18b817140130cc
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.4_powerpc.deb
      Size/MD5 checksum:    21774 239530ed4f5e404199179cddc7f6f313
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.4_powerpc.deb
      Size/MD5 checksum:    81060 b2537479a821199ac1127fee07f5d408
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.4_powerpc.deb
      Size/MD5 checksum:    50224 77cbe38f8c25124e640c3e3985fa1554

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4_s390.deb
      Size/MD5 checksum:  1659532 7711a6a714eff218e85a4528a92b8da8
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.4_s390.deb
      Size/MD5 checksum:   586638 884064f7bda412e190b607c217549c2f
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.4_s390.deb
      Size/MD5 checksum:    19064 fd632d1d4df16a4d4378c7c8af5586a7
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.4_s390.deb
      Size/MD5 checksum:    22180 0eef6af154e623b626509a7d7e05863f
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.4_s390.deb
      Size/MD5 checksum:    81752 71743943617ffc402bb039aa93170565
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.4_s390.deb
      Size/MD5 checksum:    50058 07e2b3fad31db13986aab64b9c8625f1

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4_sparc.deb
      Size/MD5 checksum:  1731132 9c127d6a0f5e5ae2eaaffd9e2d890628
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.4_sparc.deb
      Size/MD5 checksum:   609068 6ec5f2b59e71ae008775587224504fb0
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.4_sparc.deb
      Size/MD5 checksum:    21788 c5578885185f84ca521e10aeb8ce7984
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.4_sparc.deb
      Size/MD5 checksum:    21344 57a4d854ef266c1859b2aec786e6cd11
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.4_sparc.deb
      Size/MD5 checksum:    80326 13939f51a750168770a75ad16124b224
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.4_sparc.deb
      Size/MD5 checksum:    50268 fbc679aeea5b46a84389f24b046fff52


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1.dsc
      Size/MD5 checksum:     1184 12c6d4c8dd42566464453f6c38b796ac
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1.diff.gz
      Size/MD5 checksum:  2111032 93997b13d9a2759e489a98050c4f4a01
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg.orig.tar.gz
      Size/MD5 checksum:  6175656 205410785a66a8ac8baedddc0a951688

  Architecture independent components:

    http://security.debian.org/pool/updates/main/p/python2.1/idle-python2.1_2.1.3dfsg-1sarge1_all.deb
      Size/MD5 checksum:   119916 49a185f6db5293290c8367b7b14f6753
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-doc_2.1.3dfsg-1sarge1_all.deb
      Size/MD5 checksum:  1915290 aaefb4e03697fef968f05d25000c884b
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-examples_2.1.3dfsg-1sarge1_all.deb
      Size/MD5 checksum:   511510 5459bbb37e25443fec6d3f31ac392894

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_alpha.deb
      Size/MD5 checksum:  1978192 041e59f80498c9c84557af691202b43a
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_alpha.deb
      Size/MD5 checksum:  1127908 8b7d9c79a5f6dce934c2b82842cf65ed
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_alpha.deb
      Size/MD5 checksum:    24900 77980b0e9ab3dfab09a5c9dac16bddba
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_alpha.deb
      Size/MD5 checksum:    28866 ecd0316ec863178b83cb4d78eec86895
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_alpha.deb
      Size/MD5 checksum:    96692 6bac9a080aabeb68ca5a0c20c93a56cf
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_alpha.deb
      Size/MD5 checksum:    57262 a074831d3bbec3ea61822d64118b3d06

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_amd64.deb
      Size/MD5 checksum:  1865476 4b8819793c1cb845f3fc7453665ebf9f
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_amd64.deb
      Size/MD5 checksum:   911316 87bf260387a244bab4f6358c39fb76ce
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_amd64.deb
      Size/MD5 checksum:    24490 f7055fdd07d2fe8200fde63cb2f93a35
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_amd64.deb
      Size/MD5 checksum:    27910 aabf4fa2b1e72cd33d56acf626e9ca81
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_amd64.deb
      Size/MD5 checksum:    95384 98600afa897927444c338b58f73149e8
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_amd64.deb
      Size/MD5 checksum:    56688 c2a5ec3502f44785914c619c51757bee

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_arm.deb
      Size/MD5 checksum:  1782008 af4f1929dadf976c7a4eca9a3a12bec9
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_arm.deb
      Size/MD5 checksum:   922324 add54437f1ad50c52c0c3f75a5850341
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_arm.deb
      Size/MD5 checksum:    23912 faeb515cc4d3e4f72e346e727acf1850
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_arm.deb
      Size/MD5 checksum:    26612 43273cddfd2674689187c9b26736a5b9
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_arm.deb
      Size/MD5 checksum:    93166 2b9102d8e0d966daee94fd6facec96ef
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_arm.deb
      Size/MD5 checksum:    54812 80fc320f2c1c2ae5d9de0abcaa627ea1

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_i386.deb
      Size/MD5 checksum:  1792418 9463e695e03f37538af2ac8116075bef
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_i386.deb
      Size/MD5 checksum:   832364 cd37a75158f57152258e96c060891e76
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_i386.deb
      Size/MD5 checksum:    24034 144f445e4f81e06a6c4e8a962b1c1bfc
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_i386.deb
      Size/MD5 checksum:    27010 bf3f3fdaa8b6736a6fd80c022ef85c00
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_i386.deb
      Size/MD5 checksum:    93284 710209ec9af4ed2a966f545f761d44ed
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_i386.deb
      Size/MD5 checksum:    55094 23296c78d10a45e98d54ea2484aafb5f

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_ia64.deb
      Size/MD5 checksum:  2214262 86276c3d8c01a788e530b010154ad4ee
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_ia64.deb
      Size/MD5 checksum:  1227110 6fb0cff7b7116e5054f2c60daf5259cb
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_ia64.deb
      Size/MD5 checksum:    26400 ee6225b8884217963680eb8d7651b7c4
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_ia64.deb
      Size/MD5 checksum:    31418 0f98383f49e4347807798fc083cc757b
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_ia64.deb
      Size/MD5 checksum:   101782 25fe852423b01a1a60f8f0961006cffe
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_ia64.deb
      Size/MD5 checksum:    60468 dedc7bf39c74b91d19486003ac0408f6

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_hppa.deb
      Size/MD5 checksum:  1967224 0da9422ef655962f85365e9e6899e239
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_hppa.deb
      Size/MD5 checksum:  1002804 7e102b8ac728ae67a4768f9fcc4d8456
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_hppa.deb
      Size/MD5 checksum:    25088 77b51af40c6470604a3f70ec9d32740d
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_hppa.deb
      Size/MD5 checksum:    28862 45fa6b0cdee3c17ee5c4bee4a7ac7054
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_hppa.deb
      Size/MD5 checksum:    96574 59eb2c3b5ae40c6dd8537ccd3bb945e2
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_hppa.deb
      Size/MD5 checksum:    58162 dc47c26b909a4d6b89334c72c80f35b2

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_m68k.deb
      Size/MD5 checksum:  1768776 e12eb70d34a93db2031a3c9f2af4ea05
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_m68k.deb
      Size/MD5 checksum:   754898 8716edbb29d3a1bfe7b64e0a4e7e0738
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_m68k.deb
      Size/MD5 checksum:    23910 00c9e87b5c5698a9a5b79ef837f7f219
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_m68k.deb
      Size/MD5 checksum:    26526 c1ee7a57ebfb040e50231bbdbe53c90d
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_m68k.deb
      Size/MD5 checksum:    93400 c5f2addc9e6be01e61c5273294d6bbae
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_m68k.deb
      Size/MD5 checksum:    55364 921f1aea46a4f4359a2fe9603d02d3ee

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_mips.deb
      Size/MD5 checksum:  1842582 7a7d623e5a9cdd9aad818d3b80c9ba09
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_mips.deb
      Size/MD5 checksum:   958016 74e0f276185f8ece447ec8b7c3caa75c
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_mips.deb
      Size/MD5 checksum:    24140 96a123a25b5ebf9fd1c1f4f0a335f3ec
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_mips.deb
      Size/MD5 checksum:    27378 23aa6662ad1002015e5822f07314bbdc
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_mips.deb
      Size/MD5 checksum:    93232 165f5d3c1f5e7f6e1dc8193e86cce721
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_mips.deb
      Size/MD5 checksum:    54688 e7df65092deceb4cd6743a0f9bffa21b

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_mipsel.deb
      Size/MD5 checksum:  1839098 977f53067073ca6489fa628dd09d7b58
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_mipsel.deb
      Size/MD5 checksum:   954270 ade59db8db88c522498665359a4cf663
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_mipsel.deb
      Size/MD5 checksum:    24106 748b4746d1eca32c1121f86c3266876d
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_mipsel.deb
      Size/MD5 checksum:    27338 e86f970c06e9d87b471a575badeefc27
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_mipsel.deb
      Size/MD5 checksum:    93100 e2ece9e3b247026c43f6939201fec974
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_mipsel.deb
      Size/MD5 checksum:    54736 306ff1b8a9f5a2eb5c844858a5a7a97f

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_powerpc.deb
      Size/MD5 checksum:  1909576 29c0b7e62c6e8612ffdd8505d39329f9
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_powerpc.deb
      Size/MD5 checksum:   928832 bdb6c103e179097909154c2dae059480
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_powerpc.deb
      Size/MD5 checksum:    25708 86c0406236188b6dcc62e6f177a1b932
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_powerpc.deb
      Size/MD5 checksum:    28972 e10c27864c7e4814833838aa4d1d87e4
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_powerpc.deb
      Size/MD5 checksum:    95122 64a8b620789fafed608dbdbe8a180041
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_powerpc.deb
      Size/MD5 checksum:    56970 9e36aa32d96985c193c3406097b7dc8b

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_s390.deb
      Size/MD5 checksum:  1904722 2e4950e173cd3280bc0aa00346bc158e
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_s390.deb
      Size/MD5 checksum:   938600 5b5ad8318b796a25932629d73b030efa
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_s390.deb
      Size/MD5 checksum:    24776 e518cb016de594f018612303def0fc24
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_s390.deb
      Size/MD5 checksum:    28186 de4fb810694802c6eb8817a7e9e5b802
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_s390.deb
      Size/MD5 checksum:    96186 30100d4d052a809a0d6b09a3d1c19ec0
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_s390.deb
      Size/MD5 checksum:    56810 3b8697f5bd3bddd1d6f1757286773711

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_sparc.deb
      Size/MD5 checksum:  1819696 23c7a5005ca174ffc4871480fabb3c5e
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_sparc.deb
      Size/MD5 checksum:   886008 eca306315f878d226473d0fee2aa338d
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_sparc.deb
      Size/MD5 checksum:    24022 8e57cde5f67ca67a2efe3c98745a3bf4
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_sparc.deb
      Size/MD5 checksum:    26892 cc7cf864e196d53b4a602659d887be5a
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_sparc.deb
      Size/MD5 checksum:    93520 4ce7f0f00e648da49c87445dad6ed731
    http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_sparc.deb
      Size/MD5 checksum:    55142 312879952369a024402430002203e735


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDM8rgW5ql+IAeqTIRAo+9AJ4+o7PqFmJ7QuRQ8JAE4HJeq3PCrACfaywS
MzvpaiacxHklaew6eJYZ04M=
=JncF
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F40170)

Gentoo Linux Security Advisory 200509-12 (PacketStormID:F40170)
2005-09-22 00:00:00
Gentoo  security.gentoo.org
advisory,overflow
linux,gentoo
CVE-2005-2491,CVE-2005-2700
[点击下载]

Gentoo Linux Security Advisory GLSA 200509-12 - mod_ssl contains a security issue when SSLVerifyClient optional is configured in the global virtual host configuration (CVE-2005-2700). Also, Apache's httpd includes a PCRE library, which makes it vulnerable to an integer overflow (CVE-2005-2491). Versions less than 2.8.24 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200509-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Apache, mod_ssl: Multiple vulnerabilities
      Date: September 19, 2005
      Bugs: #103554, #104807
        ID: 200509-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

mod_ssl and Apache are vulnerable to a restriction bypass and a
potential local privilege escalation.

Background
==========

The Apache HTTP server is one of the most popular web servers on the
Internet. mod_ssl provides SSL v2/v3 and TLS v1 support for Apache 1.3
and is also included in Apache 2.

Affected packages
=================

    -------------------------------------------------------------------
     Package          /   Vulnerable   /                    Unaffected
    -------------------------------------------------------------------
  1  net-www/mod_ssl       < 2.8.24                          >= 2.8.24
  2  net-www/apache      < 2.0.54-r15                    >= 2.0.54-r15
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
===========

mod_ssl contains a security issue when "SSLVerifyClient optional" is
configured in the global virtual host configuration (CAN-2005-2700).
Also, Apache's httpd includes a PCRE library, which makes it vulnerable
to an integer overflow (CAN-2005-2491).

Impact
======

Under a specific configuration, mod_ssl does not properly enforce the
client-based certificate authentication directive, "SSLVerifyClient
require", in a per-location context, which could be potentially used by
a remote attacker to bypass some restrictions. By creating a specially
crafted ".htaccess" file, a local attacker could possibly exploit
Apache's vulnerability, which would result in a local privilege
escalation.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All mod_ssl users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-www/mod_ssl-2.8.24"

All Apache 2 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-www/apache-2.0.54-r15"

References
==========

  [ 1 ] CAN-2005-2491
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
  [ 2 ] CAN-2005-2700
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200509-12.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息 (F39997)

Gentoo Linux Security Advisory 200509-8 (PacketStormID:F39997)
2005-09-13 00:00:00
Gentoo  security.gentoo.org
advisory,overflow,python
linux,gentoo
CVE-2005-2491
[点击下载]

Gentoo Linux Security Advisory GLSA 200509-08 - The re Python module makes use of a private copy of libpcre which is subject to an integer overflow leading to a heap overflow (see GLSA 200508-17). Versions less than 2.3.5-r2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200509-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Python: Heap overflow in the included PCRE library
      Date: September 12, 2005
      Bugs: #104009
        ID: 200509-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

The "re" Python module is vulnerable to a heap overflow, possibly
leading to the execution of arbitrary code.

Background
==========

Python is an interpreted, interactive, object-oriented, cross-platform
programming language. The "re" Python module provides regular
expression functions.

Affected packages
=================

    -------------------------------------------------------------------
     Package          /  Vulnerable  /                      Unaffected
    -------------------------------------------------------------------
  1  dev-lang/python     < 2.3.5-r2                        >= 2.3.5-r2

Description
===========

The "re" Python module makes use of a private copy of libpcre which is
subject to an integer overflow leading to a heap overflow (see GLSA
200508-17).

Impact
======

An attacker could target a Python-based web application (or SUID
application) that would use untrusted data as regular expressions,
potentially resulting in the execution of arbitrary code (or privilege
escalation).

Workaround
==========

Python users that don't run any Python web application or SUID
application (or that run one that wouldn't use untrusted inputs as
regular expressions) are not affected by this issue.

Resolution
==========

All Python users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-lang/python-2.3.5-r2"

References
==========

  [ 1 ] CAN-2005-2491
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
  [ 2 ] GLSA 200508-17
        http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200509-08.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息 (F39822)

Gentoo Linux Security Advisory 200509-2 (PacketStormID:F39822)
2005-09-05 00:00:00
Gentoo  security.gentoo.org
advisory,overflow
linux,gentoo
CVE-2005-2491
[点击下载]

Gentoo Linux Security Advisory GLSA 200509-02 - Gnumeric contains a private copy of libpcre which is subject to an integer overflow leading to a heap overflow (see GLSA 200508-17). Versions less than 1.4.3-r2 are affected.

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigEBE31FF446FD9FB4C316A31A
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200509-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Gnumeric: Heap overflow in the included PCRE library
      Date: September 03, 2005
      Bugs: #104010
        ID: 200509-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Gnumeric is vulnerable to a heap overflow, possibly leading to the
execution of arbitrary code.

Background
==========

The Gnumeric spreadsheet is a versatile application developed as part
of the GNOME Office project. libpcre is a library providing functions
for Perl-compatible regular expressions.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /  Vulnerable  /                  Unaffected
    -------------------------------------------------------------------
  1  app-office/gnumeric     < 1.4.3-r2                    >= 1.4.3-r2

Description
===========

Gnumeric contains a private copy of libpcre which is subject to an
integer overflow leading to a heap overflow (see GLSA 200508-17).

Impact
======

An attacker could potentially exploit this vulnerability by tricking a
user into opening a specially crafted spreadsheet, which could lead to
the execution of arbitrary code with the privileges of the user running
Gnumeric.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Gnumeric users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-office/gnumeric-1.4.3-r2"

References
==========

  [ 1 ] CAN-2005-2491
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
  [ 2 ] GLSA 200508-17
        http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200509-02.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


--------------enigEBE31FF446FD9FB4C316A31A
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDGWnMvcL1obalX08RAh7HAJ9oLDq2HchDmUb+uOyOk8eU+jAAxQCdGnVp
xDtclCeCxM840PxKb72GhU4=
=jY2F
-----END PGP SIGNATURE-----

--------------enigEBE31FF446FD9FB4C316A31A--
    

- 漏洞信息 (F39613)

Gentoo Linux Security Advisory 200508-17 (PacketStormID:F39613)
2005-08-26 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-2491
[点击下载]

Gentoo Linux Security Advisory GLSA 200508-17 - libpcre fails to check certain quantifier values in regular expressions for sane values. Versions less than 6.3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200508-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: libpcre: Heap integer overflow
      Date: August 25, 2005
      Bugs: #103337
        ID: 200508-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

libpcre is vulnerable to a heap integer overflow, possibly leading to
the execution of arbitrary code.

Background
==========

libpcre is a library providing functions for Perl-compatible regular
expressions.

Affected packages
=================

    -------------------------------------------------------------------
     Package           /  Vulnerable  /                     Unaffected
    -------------------------------------------------------------------
  1  dev-libs/libpcre        < 6.3                              >= 6.3

Description
===========

libpcre fails to check certain quantifier values in regular expressions
for sane values.

Impact
======

An attacker could possibly exploit this vulnerability to execute
arbitrary code by sending specially crafted regular expressions to
applications making use of the libpcre library.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All libpcre users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/libpcre-6.3"

References
==========

  [ 1 ] CAN-2005-2491
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
  [ 2 ] SecurityTracker Alert ID 1014744
        http://www.securitytracker.com/alerts/2005/Aug/1014744.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200508-17.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息

18906
Perl-Compatible Regular Expression (PCRE) Quantifier Value Processing Overflow
Input Manipulation
Loss of Integrity Upgrade
Vendor Verified

- 漏洞描述

- 时间线

2005-08-20 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 6.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

PCRE Regular Expression Heap Overflow Vulnerability
Boundary Condition Error 14620
Yes No
2005-08-20 12:00:00 2011-07-15 05:00:00
The discoverer of this vulnerability is currently unknown.

- 受影响的程序版本

VMWare ESX Server 2.5.4
VMWare ESX Server 2.5.3
VMWare ESX Server 2.1.3
VMWare ESX Server 2.0.2
Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Workstation 7.0
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux 10 F...
TurboLinux Personal
TurboLinux Multimedia
Turbolinux Home
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
SuSE SUSE Linux Enterprise Server 9
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
Sun Solaris 10_x86
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux -current
SGI ProPack 3.0 SP6
SCO Open Server 6.0
SCO Open Server 5.0.7
SCO Open Server 5.0.6 a
SCO Open Server 5.0.6
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Desktop 1.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 2.1 IA64
RedHat Enterprise Linux AS 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Python Software Foundation Python 2.3.5
Python Software Foundation Python 2.3.4
Python Software Foundation Python 2.2.3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux AS 3
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Python Software Foundation Python 2.2.2
Python Software Foundation Python 2.2
+ Conectiva Linux 8.0
+ MandrakeSoft Linux Mandrake 8.2 ppc
+ MandrakeSoft Linux Mandrake 8.2
+ MandrakeSoft Linux Mandrake 8.1 ia64
+ MandrakeSoft Linux Mandrake 8.1
Python Software Foundation Python 2.1.3
Python Software Foundation Python 2.1
PHP PHP 5.0.5
PHP PHP 5.0.4
PHP PHP 5.0.3
PHP PHP 5.0.2
PHP PHP 5.0.1
PHP PHP 5.0 candidate 3
PHP PHP 5.0 candidate 2
PHP PHP 5.0 candidate 1
PHP PHP 5.0 .0
PHP PHP 4.4.1
PHP PHP 4.4 .0
PHP PHP 4.3.11
PHP PHP 4.3.10
PHP PHP 4.3.9
PHP PHP 4.3.8
PHP PHP 4.3.7
PHP PHP 4.3.6
PHP PHP 4.3.5
PHP PHP 4.3.4
PHP PHP 4.3.3
PHP PHP 4.3.2
PHP PHP 4.3.1
PHP PHP 4.3
PHP PHP 4.2.3
PHP PHP 4.2.2
PHP PHP 4.2.1
- FreeBSD FreeBSD 4.6
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
+ Slackware Linux 8.1
PHP PHP 4.2 .0
PHP PHP 4.2 -dev
PHP PHP 4.1.2
PHP PHP 4.1.1
PHP PHP 4.1 .0
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
PHP PHP 4.0.7 RC3
PHP PHP 4.0.7 RC2
PHP PHP 4.0.7 RC1
PHP PHP 4.0.7
PHP PHP 4.0.6
PHP PHP 4.0.5
PHP PHP 4.0.4
PHP PHP 4.0.3 pl1
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 i386
+ S.u.S.E. Linux 6.4 alpha
+ S.u.S.E. Linux 6.4
PHP PHP 4.0.3
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ Sun Cobalt Control Station 4100CS
+ Sun Cobalt Qube3 Japanese 4000WGJ
+ Sun Cobalt Qube3 Japanese w/ Caching and RAID 4100WGJ
+ Sun Cobalt Qube3 Japanese w/Caching 4010WGJ
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ XTR Japanese 3500R-ja
PHP PHP 4.0.2
PHP PHP 4.0.1 pl2
PHP PHP 4.0.1 pl1
PHP PHP 4.0.1
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt Qube3 w/ Caching and RAID 4100WG
+ Sun Cobalt Qube3 w/Caching 4010WG
+ Sun Cobalt RaQ4 3001R
+ Sun Cobalt RaQ4 Japanese RAID 3100R-ja
+ Sun Cobalt RaQ4 RAID 3100R
PHP PHP 4.0 0
PCRE PCRE 6.1
PCRE PCRE 6.0
PCRE PCRE 5.0
+ Red Hat Fedora Core4
PCRE PCRE 4.5
PCRE PCRE 4.4
PCRE PCRE 3.9
PCRE PCRE 3.7
PCRE PCRE 3.4
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Linux Mandrake 10.2 x86_64
MandrakeSoft Linux Mandrake 10.2
MandrakeSoft Linux Mandrake 10.1 x86_64
MandrakeSoft Linux Mandrake 10.1
MandrakeSoft Linux Mandrake 10.0 AMD64
MandrakeSoft Linux Mandrake 10.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
IBM HTTP Server 2.0.47 .1
IBM HTTP Server 2.0.47
IBM HTTP Server 2.0.42 .2
IBM HTTP Server 2.0.42 .1
IBM HTTP Server 2.0.42
HP System Management Homepage 2.1.4
HP System Management Homepage 2.1.3 .132
HP System Management Homepage 2.1.3
HP System Management Homepage 2.1.2
HP System Management Homepage 2.1.1
HP System Management Homepage 2.1
HP System Management Homepage 2.0.2
HP System Management Homepage 2.0.1
HP System Management Homepage 2.0
HP OpenVMS Secure Web Server 1.2
HP OpenVMS Secure Web Server 1.1 -1
HP OpenVMS Secure Web Server 2.1-1
HP HP-UX 11.23
HP HP-UX 11.11
HP HP-UX 11.0 4
HP HP-UX 11.0
HP HP-UX B.11.23
HP HP-UX B.11.11
HP HP-UX B.11.00
GNU Gnumeric 1.4.3
GNU Gnumeric 1.4.2
GNU Gnumeric 1.2.13
GNU Gnumeric 0.31
+ GNU Gnome 1.0
GNU Gnumeric 0.27
Gentoo Linux
Conectiva Linux 10.0
Avaya Intuity LX
Avaya Interactive Response 1.3
Avaya Interactive Response 1.2.1
Avaya Interactive Response
Avaya Integrated Management 2.1
Avaya Integrated Management
Avaya CVLAN
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.3.9
Apple Mac OS X Server 10.3.8
Apple Mac OS X Server 10.3.7
Apple Mac OS X Server 10.3.6
Apple Mac OS X Server 10.3.5
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.3.3
Apple Mac OS X Server 10.3.2
Apple Mac OS X Server 10.3.1
Apple Mac OS X Server 10.3
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apple Mac OS X 10.3.9
Apple Mac OS X 10.3.8
Apple Mac OS X 10.3.7
Apple Mac OS X 10.3.6
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.4
Apple Mac OS X 10.3.3
Apple Mac OS X 10.3.2
Apple Mac OS X 10.3.1
Apple Mac OS X 10.3
Apache Software Foundation Apache 2.0.54
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
Apache Software Foundation Apache 2.0.53
Apache Software Foundation Apache 2.0.52
Apache Software Foundation Apache 2.0.51
Apache Software Foundation Apache 2.0.50
Apache Software Foundation Apache 2.0.49
Apache Software Foundation Apache 2.0.48
+ MandrakeSoft Linux Mandrake 10.0 AMD64
+ MandrakeSoft Linux Mandrake 10.0
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.47
Apache Software Foundation Apache 2.0.46
Apache Software Foundation Apache 2.0.45
Apache Software Foundation Apache 2.0.44
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.42
Apache Software Foundation Apache 2.0.40
+ RedHat Linux 9.0 i386
+ RedHat Linux 8.0
+ Terra Soft Solutions Yellow Dog Linux 3.0
Apache Software Foundation Apache 2.0.39
Apache Software Foundation Apache 2.0.37
Apache Software Foundation Apache 2.0.36
Apache Software Foundation Apache 2.0.35
VMWare ESX Server 2.5.4 Patch 1
VMWare ESX Server 2.5.3 Patch 4
VMWare ESX Server 2.1.3 Patch 2
VMWare ESX Server 2.0.2 Patch 2
PHP PHP 5.1
PCRE PCRE 6.2
HP System Management Homepage 2.1.5
HP OpenVMS Secure Web Server 2.2
Apache Software Foundation Apache 2.0.55

- 不受影响的程序版本

VMWare ESX Server 2.5.4 Patch 1
VMWare ESX Server 2.5.3 Patch 4
VMWare ESX Server 2.1.3 Patch 2
VMWare ESX Server 2.0.2 Patch 2
PHP PHP 5.1
PCRE PCRE 6.2
HP System Management Homepage 2.1.5
HP OpenVMS Secure Web Server 2.2
Apache Software Foundation Apache 2.0.55

- 漏洞讨论

PCRE is prone to a heap-overflow vulnerability. This issue is due to the library's failure to properly perform boundary checks on user-supplied input before copying data to an internal memory buffer.

The impact of successful exploitation of this vulnerability depends on the application and the user credentials using the vulnerable library. A successful attack may ultimately permit an attacker to control the contents of critical memory control structures and write arbitrary data to arbitrary memory locations.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

Updates are available. Please see the references for more information.


HP HP-UX B.11.23

HP HP-UX B.11.11

GNU Gnumeric 1.4.2

Apple Mac OS X 10.3.1

Apple Mac OS X Server 10.3.2

Apple Mac OS X 10.3.3

Apple Mac OS X Server 10.3.4

Apple Mac OS X 10.3.4

Apple Mac OS X Server 10.3.6

Apple Mac OS X 10.3.8

Apple Mac OS X Server 10.3.8

Apple Mac OS X Server 10.3.9

Apple Mac OS X Server 10.4

Apple Mac OS X 10.4.2

Apple Mac OS X Server 10.4.3

Apple Mac OS X 10.4.3

HP HP-UX 11.23

HP System Management Homepage 2.0.2

Apache Software Foundation Apache 2.0.40

IBM HTTP Server 2.0.42 .1

IBM HTTP Server 2.0.42

Apache Software Foundation Apache 2.0.44

Apache Software Foundation Apache 2.0.48

Apache Software Foundation Apache 2.0.54

HP System Management Homepage 2.1

HP System Management Homepage 2.1.1

HP System Management Homepage 2.1.4

Python Software Foundation Python 2.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站