Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in mozilla, MozillaFirefox und MozillaThunderbird
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in mozilla, MozillaFirefox und MozillaThunderbird
ID: SUSE-SA:2007:036
Distribution: SUSE
Plattformen: SUSE Linux Enterprise Server 8, SUSE Linux Openexchange Server 4, SUSE UnitedLinux 1.0, SUSE Linux Standard Server 8, SUSE Linux School Server, SUSE Linux Enterprise Server 9, SUSE Novell Linux Desktop 9, SUSE Open Enterprise Server, SUSE Linux 10.0, SUSE LINUX 10.1, SUSE Novell Linux POS 9, SUSE LINUX Retail Solution 8, SUSE openSUSE 10.2, SUSE Linux Enterprise Desktop 10 SP1, SUSE Linux Enterprise Server 10 SP1
Datum: Mi, 27. Juni 2007, 15:22
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2871
Applikationen: Mozilla, Mozilla Firefox, Mozilla Thunderbird

Originalnachricht


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

SUSE Security Announcement

Package: mozilla,MozillaFirefox,MozillaThunderbird
Announcement ID: SUSE-SA:2007:036
Date: Wed, 27 Jun 2007 15:00:00 +0000
Affected Products: SUSE LINUX 10.0
SUSE LINUX 10.1
openSUSE 10.2
UnitedLinux 1.0
SuSE Linux Enterprise Server 8
SuSE Linux Openexchange Server 4
SuSE Linux Standard Server 8
SuSE Linux School Server
SUSE LINUX Retail Solution 8
SUSE SLES 9
Novell Linux Desktop 9
Open Enterprise Server
Novell Linux POS 9
SUSE Linux Enterprise Desktop 10 SP1
SUSE Linux Enterprise Server 10 SP1
Vulnerability Type: remote code execution
Severity (1-10): 7
SUSE Default Package: yes
Cross-References: CVE-2007-1362, CVE-2007-1558, CVE-2007-1562
CVE-2007-2867, CVE-2007-2868, CVE-2007-2869
CVE-2007-2870, CVE-2007-2871, MFSA 2007-11
MFSA 2007-12, MFSA 2007-13, MFSA 2007-14
MFSA 2007-15, MFSA 2007-16, MFSA 2007-17

Content of This Advisory:
1) Security Vulnerability Resolved:
Mozilla security problems
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report
6) Authenticity Verification and Additional Information

______________________________________________________________________________

1) Problem Description and Brief Discussion

Various Mozilla family browsers have been updated to their current
security release versions.

The Mozilla Seamonkey suite was brought to security update version
1.0.9.

The Mozilla Firefox browser was brought to security update version
1.5.0.12 on Novell Linux Desktop 9 and 2.0.0.4 on SUSE Linux Enterprise
10, SUSE Linux 10.0, 10.1 and openSUSE 10.2.

The Mozilla Thunderbird mailreader was brought to security update
version 1.5.0.12 on SUSE Linux 10.0, 10.1 and openSUSE 10.2.

Note that most of the packages were released some weeks ago already,
only MozillaFirefox for SLE10 Service Pack 1 was missing and released
today.

The following security issues have been fixed:
- MFSA 2007-17 / CVE-2007-2871:

Chris Thomas demonstrated that XUL popups opened by web content
could be placed outside the boundaries of the content area. This
could be used to spoof or hide parts of the browser chrome such as
the location bar.

- MFSA 2007-16 / CVE-2007-2870:

Mozilla contributor moz_bug_r_a4 demonstrated that the
addEventListener method could be used to inject script into another
site in violation of the browser's same-origin policy. This could
be used to access or modify private or valuable information from
that other site.

- MFSA 2007-15 / CVE-2007-1558:

Gaëtan Leurent informed us of a weakness in APOP authentication
that could allow an attacker to recover the first part of your mail
password if the attacker could interpose a malicious mail server on
your network masquerading as your legitimate mail server. With normal
settings it could take several hours for the attacker to gather
enough data to recover just a few characters of the password. This
result was presented at the Fast Software Encryption 2007 conference.

- MFSA 2007-14 / CVE-2007-1362:

Nicolas Derouet reported two problems with cookie handling in
Mozilla clients. Insufficient length checks could be use to exhaust
browser memory and so to crash the browser or at least slow it done
by a large degree.

The second issue was that the cookie path and name values were not
checked for the presence of the delimiter used for internal cookie
storage, and if present this confused future interpretation of the
cookie data. This is not considered to be exploitable.

- MFSA 2007-13 / CVE-2007-2869:

Marcel reported that a malicious web page could perform a denial
of service attack against the form autocomplete feature that would
persist from session to session until the malicious form data
was deleted. Filling a text field with millions of characters and
submitting the form will cause the victim's browser to hang for up
to several minutes while the form data is read, and this will happen
the first time autocomplete is triggered after every browser restart.

No harm is done to the user's computer, but the frustration caused
by the hang could prevent use of Thunderbird if users don't know
how to clear the bad state.

- MFSA 2007-12 / CVE-2007-2867 / CVE-2007-2868

As part of the Thunderbird 2.0.0.4 and 1.5.0.12 update releases
Mozilla developers fixed many bugs to improve the stability of
the product. Some of these crashes that showed evidence of memory
corruption under certain circumstances and we presume that with
enough effort at least some of these could be exploited to run
arbitrary code.

Without further investigation we cannot rule out the possibility
that for some of these an attacker might be able to prepare memory
for exploitation through some means other than JavaScript, such as
large images.

- MFSA 2007-11 / CVE-2007-1562:

Incorrect FTP PASV handling could be used by malicious ftp servers
to do a rudimentary port scanning of for instance internal networks
of the computer the browser is running on.

2) Solution or Work-Around

There is no known workaround, please install the update packages.

3) Special Instructions and Notes

Please restart running instances of the Mozilla browsers.

4) Package Location and Checksums

The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command

rpm -Fhv <file.rpm>

to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.


x86 Platform:

openSUSE 10.2:
MozillaFirefox-2.0.0.4-1.1.i586.rpm
f0934f90b9b1317cd4fde6f7283cb354
MozillaFirefox-translations-2.0.0.4-1.1.i586.rpm
477431b4794d05c1efb50450b621c8cc
MozillaThunderbird-1.5.0.12-3.2.i586.rpm
3de3e5a53878000c607328976321bce5
MozillaThunderbird-translations-1.5.0.12-3.2.i586.rpm
1b5d7f610238e4aa3bfd60b83719df2d
seamonkey-1.1.2-1.1.i586.rpm
a49ae41f41889ed3f95cc9e06d973f0a
seamonkey-dom-inspector-1.1.2-1.1.i586.rpm
0e19cbdb8265f6d694af0b051a2d0896
seamonkey-irc-1.1.2-1.1.i586.rpm
c10c9c6c19bf70bc1ae09432dafaa96a
seamonkey-mail-1.1.2-1.1.i586.rpm
9e188480b49becde5c7cb5aa11014b7f
seamonkey-spellchecker-1.1.2-1.1.i586.rpm
e5136aecd49e521d68b132cfc41ece95
seamonkey-venkman-1.1.2-1.1.i586.rpm
f73c8976ab4e150c703aa34a52b4485d

SUSE LINUX 10.1:
MozillaThunderbird-1.5.0.12-2.2.i586.rpm
29a0235bf253cfba50b5d49f23a0ec4a
MozillaThunderbird-translations-1.5.0.12-2.2.i586.rpm
6e8f11558a5e574f77b62a271cf5c9d8
seamonkey-1.0.9-1.1.i586.rpm
3f83847ddf92da3d4ad9631eeb85ba19
seamonkey-calendar-1.0.9-1.1.i586.rpm
c90a3696906c9d714a2e200ce4258f7b
seamonkey-dom-inspector-1.0.9-1.1.i586.rpm
6cf0ec81f12c45a905e494c21ea78441
seamonkey-irc-1.0.9-1.1.i586.rpm
8e01c1563ee640bf486285677d94758d
seamonkey-mail-1.0.9-1.1.i586.rpm
dd2330f0c7c6242bc7ca1cf438991eaa
seamonkey-spellchecker-1.0.9-1.1.i586.rpm
1f7047eca4842ed1cab60bff171063ce
seamonkey-venkman-1.0.9-1.1.i586.rpm
910edcadcad6643fc291b0063682844a

SUSE LINUX 10.0:
MozillaFirefox-2.0.0.4-1.1.i586.rpm
19191dc672c70531f82e31e790a3fd45
MozillaFirefox-translations-2.0.0.4-1.1.i586.rpm
03df32401f0d26fdb3b1f1f0ae81fc04
MozillaThunderbird-1.5.0.12-1.2.i586.rpm
d5b6b6efe54bc1f8f6a69eb6539d7f93
mozilla-1.8_seamonkey_1.0.9-2.3.i586.rpm
e67bbb6492ff7126bfa3f1a0e9558754
mozilla-calendar-1.8_seamonkey_1.0.9-2.3.i586.rpm
0701d27f3b9302af5a36cb9bd45a8d1f
mozilla-devel-1.8_seamonkey_1.0.9-2.3.i586.rpm
37186235502620f95aba619ae5d7cf8f
mozilla-dom-inspector-1.8_seamonkey_1.0.9-2.3.i586.rpm
38d2e3863af12395581fe2a1324c84e8
mozilla-irc-1.8_seamonkey_1.0.9-2.3.i586.rpm
67b2bac56505ef5e5c4855e3d08e902d
mozilla-ko-1.75-3.3.i586.rpm
6ec8abbe514b20e056ba0a002e572495
mozilla-mail-1.8_seamonkey_1.0.9-2.3.i586.rpm
6f06f6f190a5c1c49f8d81f18d9ff764
mozilla-spellchecker-1.8_seamonkey_1.0.9-2.3.i586.rpm
133292741f3846d8fc3a690631f6eec8
mozilla-venkman-1.8_seamonkey_1.0.9-2.3.i586.rpm
cd919366cb097546e2ee38528d6dc901
mozilla-zh-CN-1.7-6.3.i586.rpm
b630ace9d7f004f492586d0a743f5c38
mozilla-zh-TW-1.7-6.3.i586.rpm
252959495c13b3e0ae3db2f4a60152fa

Power PC Platform:

openSUSE 10.2:
MozillaFirefox-2.0.0.4-1.1.ppc.rpm
8bdbf5747caac7d8eadfcd699a8df876
MozillaFirefox-translations-2.0.0.4-1.1.ppc.rpm
93bddb126429b0ad45b33ba2e634c6eb
MozillaThunderbird-1.5.0.12-3.2.ppc.rpm
9e65077db02c442110b84d1b9d4686d7
MozillaThunderbird-translations-1.5.0.12-3.2.ppc.rpm
dda551a38752d5ea85f9c409101f9191
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/seamonkey-1.1.2-1.1.ppc.rpm
d5d6472b0f9072eeacd96eeae4066244
seamonkey-dom-inspector-1.1.2-1.1.ppc.rpm
def55111829f6e44c1014629afc71c4b
seamonkey-irc-1.1.2-1.1.ppc.rpm
f8249136cf999c1e2d0c041d38f50f8f
seamonkey-mail-1.1.2-1.1.ppc.rpm
155356604d1aa69a1fd820db1673d1b5
seamonkey-spellchecker-1.1.2-1.1.ppc.rpm
44e5e6121c374291647679b57b8bd14e
seamonkey-venkman-1.1.2-1.1.ppc.rpm
0ba59f4c2052134b724d367b1d03023e

SUSE LINUX 10.1:
MozillaThunderbird-1.5.0.12-2.2.ppc.rpm
6949a54dc88703fff895e90e0520bef9
MozillaThunderbird-translations-1.5.0.12-2.2.ppc.rpm
da04bee9642a2df6a134d7be4cd3d035
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/seamonkey-1.0.9-1.1.ppc.rpm
1a57483c12edd4441f65a4ccdb513ef3
seamonkey-calendar-1.0.9-1.1.ppc.rpm
4b5bcc76122bb0072ff19d25f476c6de
seamonkey-dom-inspector-1.0.9-1.1.ppc.rpm
3edf23d1784de11ea412de7f1aaebda6
seamonkey-irc-1.0.9-1.1.ppc.rpm
58ef7b10f710dd37c27f2a02035c4694
seamonkey-mail-1.0.9-1.1.ppc.rpm
8395dde13959dec487edf86f6ce325ed
seamonkey-spellchecker-1.0.9-1.1.ppc.rpm
75e87dbc39db69384e9f45cd683ce5e0
seamonkey-venkman-1.0.9-1.1.ppc.rpm
1a418b0a27c29435357f1566aa4f5316

SUSE LINUX 10.0:
MozillaFirefox-2.0.0.4-1.1.ppc.rpm
96d8813f7db159289729c60d197a9e5d
MozillaFirefox-translations-2.0.0.4-1.1.ppc.rpm
5297527f3321f6ca041ccbc9f36642a7
MozillaThunderbird-1.5.0.12-1.2.ppc.rpm
3881d9c68d0267d4e9249d06b826a44d
mozilla-1.8_seamonkey_1.0.9-2.3.ppc.rpm
72877090914acfd87f46aef0faea82c2
mozilla-calendar-1.8_seamonkey_1.0.9-2.3.ppc.rpm
bc23dff33ea37a9e97837ece4d52b233
mozilla-devel-1.8_seamonkey_1.0.9-2.3.ppc.rpm
9b744a729a813e8b38244b6526c1914a
mozilla-dom-inspector-1.8_seamonkey_1.0.9-2.3.ppc.rpm
1fce4602f57d3be5057aa414d5282e9e
mozilla-irc-1.8_seamonkey_1.0.9-2.3.ppc.rpm
51fdd891f1a6e16d0ade4820ff2fedc3
mozilla-ko-1.75-3.3.ppc.rpm
035eabc425e81c85ff8cb0d6dd02a68c
mozilla-mail-1.8_seamonkey_1.0.9-2.3.ppc.rpm
987f878b3cf8e748b8ed27ae73287708
mozilla-spellchecker-1.8_seamonkey_1.0.9-2.3.ppc.rpm
88f76c724fcc3f513b88b85921de5c34
mozilla-venkman-1.8_seamonkey_1.0.9-2.3.ppc.rpm
442e84c4943ef6c942e53975385f678c
mozilla-zh-CN-1.7-6.3.ppc.rpm
43e4d47d42dabf5cd2abc9d6d4364437
mozilla-zh-TW-1.7-6.3.ppc.rpm
42a78d68b32a01b609745d974ef801de

x86-64 Platform:

openSUSE 10.2:
MozillaFirefox-2.0.0.4-1.1.x86_64.rpm
c3ca2ab48d0b99dd7fb9f8c472e42747
MozillaFirefox-translations-2.0.0.4-1.1.x86_64.rpm
60ced8199dd3f92f8595a4d91bab75b6
MozillaThunderbird-1.5.0.12-3.2.x86_64.rpm
80ee951627791441458b891038627be7
MozillaThunderbird-translations-1.5.0.12-3.2.x86_64.rpm
40acbb81b9ea3407523bb6c3492be0ef
seamonkey-1.1.2-1.1.x86_64.rpm
1bab178914365c05b36e0c0b0568a0be
seamonkey-dom-inspector-1.1.2-1.1.x86_64.rpm
a595cec31ec16184eca0beb77cebfec5
seamonkey-irc-1.1.2-1.1.x86_64.rpm
bbd28d28373023b37b9b30bd795c2ec8
seamonkey-mail-1.1.2-1.1.x86_64.rpm
43ef6fea3d291ca0e04515b60871ccad
seamonkey-spellchecker-1.1.2-1.1.x86_64.rpm
e241f97f46061f6f21974d05bc1b50cf
seamonkey-venkman-1.1.2-1.1.x86_64.rpm
ac1923a3b07fdce0e3a6be5aa31ec820

SUSE LINUX 10.1:
MozillaThunderbird-1.5.0.12-2.2.x86_64.rpm
0855522ab6c4445dc40a764baa8422bb
MozillaThunderbird-translations-1.5.0.12-2.2.x86_64.rpm
782189e8cf043d733574c51230d3558c
seamonkey-1.0.9-1.1.x86_64.rpm
a2670116510c10ec57c7b7f2fc21f85a
seamonkey-calendar-1.0.9-1.1.x86_64.rpm
72a95a37d4492932ac433c2ea952ac0b
seamonkey-dom-inspector-1.0.9-1.1.x86_64.rpm
b9e46aaf2f41a71f8663df8b3fd304d9
seamonkey-irc-1.0.9-1.1.x86_64.rpm
44afaa26ae3a193a289636fe83265573
seamonkey-mail-1.0.9-1.1.x86_64.rpm
7409a8e3835eb9fa96fc44ce0cd79c0a
seamonkey-spellchecker-1.0.9-1.1.x86_64.rpm
5fa598537da5435a93d580f2cb30e409
seamonkey-venkman-1.0.9-1.1.x86_64.rpm
b5a7fefd3d0414676f54d28c91a7c6e0

SUSE LINUX 10.0:
MozillaThunderbird-1.5.0.12-1.2.x86_64.rpm
24b839f20854f85ed5c46cc521dd3e52
mozilla-1.8_seamonkey_1.0.9-2.3.x86_64.rpm
cd78f077f8edd9bd53aec4ecfb3458cb
mozilla-calendar-1.8_seamonkey_1.0.9-2.3.x86_64.rpm
c3b246702992a8ca436362fca091df3f
mozilla-devel-1.8_seamonkey_1.0.9-2.3.x86_64.rpm
a1a78ea192b84c48ffc88537f7c73e1c
mozilla-dom-inspector-1.8_seamonkey_1.0.9-2.3.x86_64.rpm
314a69dd24403c885bd5637e062c8e3b
mozilla-irc-1.8_seamonkey_1.0.9-2.3.x86_64.rpm
34e836368c3af95f2ed6fb29483d7f65
mozilla-ko-1.75-3.3.x86_64.rpm
f5b21cb007c78981e4378db7646addda
mozilla-mail-1.8_seamonkey_1.0.9-2.3.x86_64.rpm
67e4bf609a8c70660ac87383a9c748f4
mozilla-spellchecker-1.8_seamonkey_1.0.9-2.3.x86_64.rpm
eb3d340b84068fe10ba4ffe5087898a0
mozilla-venkman-1.8_seamonkey_1.0.9-2.3.x86_64.rpm
cb54d16f054aa90c095b9fe5fccc6ffd
mozilla-zh-CN-1.7-6.3.x86_64.rpm
f33d2cea73d1af5e1cb83177b8deac73
mozilla-zh-TW-1.7-6.3.x86_64.rpm
ae82f6f8930b389385896032913425dd

Sources:

openSUSE 10.2:
MozillaFirefox-2.0.0.4-1.1.src.rpm
5b8cc0328993e0f1e9e5d5170bad3cf8
MozillaThunderbird-1.5.0.12-3.2.src.rpm
5108a0596afc62d55f3b947ecbe1f688
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/seamonkey-1.1.2-1.1.src.rpm
576b5d0bc8639eb701617f4e205d61d4

SUSE LINUX 10.1:
MozillaThunderbird-1.5.0.12-2.2.src.rpm
250e065587d29b9b2c5f7e0ab316dff0
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/seamonkey-1.0.9-1.1.src.rpm
dce615a3b1eaedae46811ae232820c4b

SUSE LINUX 10.0:
MozillaFirefox-2.0.0.4-1.1.src.rpm
4623d81fe310e6b8500cc90d641ea66e
MozillaThunderbird-1.5.0.12-1.2.src.rpm
1d6cb946b6887d8bb90c2013b4f99b57
mozilla-1.8_seamonkey_1.0.9-2.3.src.rpm
20950f97fff97455295637ee2146e452
mozilla-ko-1.75-3.3.src.rpm
ffefb87fbb42e485fe9b4fd2dbc7073f
mozilla-zh-CN-1.7-6.3.src.rpm
e10f948d05e1195e6cd8380b0dcc267a
mozilla-zh-TW-1.7-6.3.src.rpm
19f1b77f3023a7c33a85168e775f0fee

Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:

Open Enterprise Server
Novell Linux POS 9
SUSE SLES 9
2b5bd41bb32a85566962cdcd145ebc9c.html

SUSE Linux Enterprise Server 10 SP1
SUSE Linux Enterprise Desktop 10 SP1
79d4c8b0ac0295ba7a79cbb3f332f569.html

Novell Linux Desktop 9
2b5bd41bb32a85566962cdcd145ebc9c.html
27f238ef9f4330d0baa92f474b175c68.html
f91eb16b534b592433bff9cd13cddd43.html

Novell Linux Desktop 9 for x86
f91eb16b534b592433bff9cd13cddd43.html

UnitedLinux 1.0
SuSE Linux Openexchange Server 4
SuSE Linux Enterprise Server 8
SuSE Linux Standard Server 8
SuSE Linux School Server
SUSE LINUX Retail Solution 8
82350c13101121c9602342904dd755b6.html
______________________________________________________________________________

5) Pending Vulnerabilities, Solutions, and Work-Arounds:

See SUSE Security Summary Report
______________________________________________________________________________

6) Authenticity Verification and Additional Information

- Announcement authenticity verification:

SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.

To verify the signature of the announcement, save it as text into a file
and run the command

gpg --verify <file>

replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:

gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team
<security@suse.de>"

where <DATE> is replaced by the date the document was signed.

If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command

gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc

- Package authenticity verification:

SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.

There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:

1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement

1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command

rpm -v --checksig <file.rpm>

to verify the signature of the package, replacing <file.rpm> with
the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build@suse.de with the key ID 9C800ACA.

This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.

2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command

md5sum <filename.rpm>

after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security@suse.de), the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.

- SUSE runs two security mailing lists to which any interested party may
subscribe:

opensuse-security@opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe@opensuse.org>.

opensuse-security-announce@opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe@opensuse.org>.

=====================================================================
SUSE's security contact is <security@suse.com> or
<security@suse.de>.
The <security@suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________

The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.

SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.

Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)

mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBRoJhrHey5gA9JdPZAQIL5QgAi1jnlMT/3v58qbE89kfm/oFNDQmSuogM
05YrAYtKW35z7wjHNj5oUp/8SWFigX2viE33ZPv++k2PgAer/gSI0EvGzXAexwXg
U3AQWRo6cjMPIphZ+ZIy0dQpV/s/SshkchIYmoWvHU+bfuPaqFesCz2zpXX33xwE
8BScBN0oAQjeCWf4jAvRIoZmWcTgHGFw4vyQudlaJ1ByOFmuoDr5TY0O8iT1ezLM
GzSpAn6GfzX6RXos4kcaK6QD2lf2zROGIMPxKoBXX6++tHWideish3VtJevmC8Rb
JCOg0aZBXDoxqbwSnspUvfrG7kdMpFo0OtulF9E5hbe0nmAOuc9b5Q==
=blDo
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung