Open-Xchange Security Advisory 2013-11-25
Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 29648 (Bug ID) Vulnerability type: CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page) Vulnerable version: 6.22.4 and earlier Vulnerable component: frontend6 Fixed version: 6.22.3-rev5, 6.22.4-rev12 Report confidence: Confirmed Solution status: Fixed by Vendor Vendor notification: 2013-11-05 Solution date: 2013-11-12 Public disclosure: 2013-11-25 CVE reference: CVE-2013-6242 CVSSv2: 5.7 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:POC/RL:U/RC:C/CDP:LM/TD:H/CR:ND/IR:ND/AR:ND) Vulnerability Details: Embedding JavaScript code within an E-Mail gets executed when using misplaced closing TITLE tag at the mail subject, followed by script tags. Risk: Malicious script code can be executed within a users context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). This affects users of the OX6 UI, AppSuite UI is not affected. Solution: Service providers should update to the latest available patch releases. Users should avoid opening E-Mail attachments from untrusted sources. Users may disable presentation of HTML E-Mail within the browser. Internal reference: 29642 (Bug ID) Vulnerability type: CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page) Vulnerable version: 7.4.0 and earlier Vulnerable component: backend Fixed version: 7.2.2-rev27, 7.4.0-rev20 Report confidence: Confirmed Solution status: Fixed by Vendor Vendor notification: 2013-11-05 Solution date: 2013-11-12 Public disclosure: 2013-11-25 CVE reference: CVE-2013-6242 CVSSv2: 5.7 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:POC/RL:U/RC:C/CDP:LM/TD:H/CR:ND/IR:ND/AR:ND) Vulnerability Details: Embedding JavaScript code within an E-Mail gets executed when using the META tag at the mail body, for example using the refresh action to load a base64 encoded JS string as content. Risk: Malicious script code can be executed within a users context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). This affects users of the OX6 UI, AppSuite UI is not affected. Solution: Service providers should update to the latest available patch releases. Users should avoid accessing E-Mail from untrusted sources. Users may disable presentation of HTML E-Mail within the browser. Internal reference: 29412 (Bug ID) Vulnerability type: CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page) Vulnerable version: 7.4.0 and earlier Vulnerable component: backend Fixed version: 7.2.2-rev26, 7.4.0-rev16 Report confidence: Confirmed Solution status: Fixed by Vendor Vendor notification: 2013-10-22 Solution date: 2013-10-30 Public disclosure: 2013-11-25 CVE reference: CVE-2013-6242 CVSSv2: 5.7 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:POC/RL:U/RC:C/CDP:LM/TD:H/CR:ND/IR:ND/AR:ND) Vulnerability Details: Embedding JavaScript code within a URL parameter to access publications, triggering a reflected XSS vulnerability. The cause for this is an error response that contains the originally requested publication name, in this case a piece of JavaScript code. Risk: Malicious script code can be executed within a users context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.) Solution: Service providers should update to the latest available patch releases. Users should avoid opening E-Mail attachments and links from untrusted sources.
[ MDVSA-2013:282 ] perl-HTTP-Body
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:282 http://www.mandriva.com/en/support/security/ ___ Package : perl-HTTP-Body Date: November 25, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated perl-HTTP-Body package fixes security vulnerability: Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to upload files to a service that uses HTTP::Body::Multipart could potentially execute commands on the server if these temporary filenames are used in subsequent commands without further checks (CVE-2013-4407). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4407 http://advisories.mageia.org/MGASA-2013-0352.html ___ Updated Packages: Mandriva Business Server 1/X86_64: 937c5f147525ee62b2001e67a302ad53 mbs1/x86_64/perl-HTTP-Body-1.150.0-2.1.mbs1.noarch.rpm 57d5d2097c71c85059fca544e89f5ff3 mbs1/SRPMS/perl-HTTP-Body-1.150.0-2.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSkvlamqjQ0CJFipgRAvZNAJ96fw2maxgrqSYyOcIbXiahQDqyFACaAvtz TdApfNmgQCtTBqB77Q8QiGM= =0R6q -END PGP SIGNATURE-
[ MDVSA-2013:283 ] glibc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:283 http://www.mandriva.com/en/support/security/ ___ Package : glibc Date: November 25, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated glibc packages fixes the following security issues: Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow (CVE-2012-4412). Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function (CVE-2012-4424). pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system (CVE-2013-2207). NOTE! This is fixed by removing pt_chown wich may break chroots if their devpts was not mounted correctly (make sure to mount the devpts correctly with gid=5). sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image (CVE-2013-4237). Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions (CVE-2013-4332). A stack (frame) overflow flaw, which led to a denial of service (application crash), was found in the way glibc#039;s getaddrinfo() function processed certain requests when called with AF_INET6. A similar flaw to CVE-2013-1914, this affects AF_INET6 rather than AF_UNSPEC (CVE-2013-4458). The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context- dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address (CVE-2013-4788). Other fixes in this update: - Correct the processing of #039;\x80#039; characters in crypt_freesec.c - fix typo in nscd.service ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4424 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2207 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788 http://advisories.mageia.org/MGASA-2013-0340.html ___ Updated Packages: Mandriva Business Server 1/X86_64: 55e626f90fc3cf28ab6ec66ab762b12f mbs1/x86_64/glibc-2.14.1-12.2.mbs1.x86_64.rpm fece70755163abb58742056a4f4e3773 mbs1/x86_64/glibc-devel-2.14.1-12.2.mbs1.x86_64.rpm a84eb58b428b2413863c8b90af89ac25 mbs1/x86_64/glibc-doc-2.14.1-12.2.mbs1.noarch.rpm f1630ad8a642250f4d067b207cd86e91 mbs1/x86_64/glibc-doc-pdf-2.14.1-12.2.mbs1.noarch.rpm 80aae07c11abca7d1aef77c8c6bb85d2 mbs1/x86_64/glibc-i18ndata-2.14.1-12.2.mbs1.x86_64.rpm 681d1f18d54f927d1468d01431cdeee4 mbs1/x86_64/glibc-profile-2.14.1-12.2.mbs1.x86_64.rpm 73c26fe8c0598539cbd8600b6ae5426c mbs1/x86_64/glibc-static-devel-2.14.1-12.2.mbs1.x86_64.rpm 6c966f5e50d38d244ed23595035be72d mbs1/x86_64/glibc-utils-2.14.1-12.2.mbs1.x86_64.rpm d6b26cd43c42324daf59e75eabbc2db1 mbs1/x86_64/nscd-2.14.1-12.2.mbs1.x86_64.rpm 912e1f62eb8aeb0dd8745c83c1c97bb9 mbs1/SRPMS/glibc-2.14.1-12.2.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg
[ MDVSA-2013:284 ] glibc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:284 http://www.mandriva.com/en/support/security/ ___ Package : glibc Date: November 25, 2013 Affected: Enterprise Server 5.0 ___ Problem Description: Multiple vulnerabilities was found and corrected in glibc: Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow (CVE-2012-4412). Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function (CVE-2012-4424). Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions (CVE-2013-4332). A stack (frame) overflow flaw, which led to a denial of service (application crash), was found in the way glibc#039;s getaddrinfo() function processed certain requests when called with AF_INET6. A similar flaw to CVE-2013-1914, this affects AF_INET6 rather than AF_UNSPEC (CVE-2013-4458). The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context- dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address (CVE-2013-4788). The updated packages have been patched to correct these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4424 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788 ___ Updated Packages: Mandriva Enterprise Server 5: ca2e58ecf7a2d62e523b1395175896b5 mes5/i586/glibc-2.8-1.20080520.5.10mnb2.i586.rpm 917ad59055eaebd5e68e5c2e73bb1839 mes5/i586/glibc-devel-2.8-1.20080520.5.10mnb2.i586.rpm 38faa00ce7b79dc37a7494b90c0b4f6c mes5/i586/glibc-doc-2.8-1.20080520.5.10mnb2.i586.rpm 8510201c6ee5f9b9ff4e5a62ea6082d8 mes5/i586/glibc-doc-pdf-2.8-1.20080520.5.10mnb2.i586.rpm a2f9bfe66d75446bd5e963673cb99184 mes5/i586/glibc-i18ndata-2.8-1.20080520.5.10mnb2.i586.rpm b4513eff5fef362f619f6ae0ea35ce5f mes5/i586/glibc-profile-2.8-1.20080520.5.10mnb2.i586.rpm a82b76207b1aca73c057c486a5e07636 mes5/i586/glibc-static-devel-2.8-1.20080520.5.10mnb2.i586.rpm df8b74ecfd447b107364e217da29f5d9 mes5/i586/glibc-utils-2.8-1.20080520.5.10mnb2.i586.rpm 3e9ce8665a7e61176c3b11cd266172b0 mes5/i586/nscd-2.8-1.20080520.5.10mnb2.i586.rpm 8e2ebc125c5a6e7dcf17d4535f7f911c mes5/SRPMS/glibc-2.8-1.20080520.5.10mnb2.src.rpm Mandriva Enterprise Server 5/X86_64: 7c1b3450ba04c65d1a911e44c1554b67 mes5/x86_64/glibc-2.8-1.20080520.5.10mnb2.x86_64.rpm f5fe7d527fc92c69118e8c492e88de4f mes5/x86_64/glibc-devel-2.8-1.20080520.5.10mnb2.x86_64.rpm cc8afd4f3f5d54455d008d24412edc3d mes5/x86_64/glibc-doc-2.8-1.20080520.5.10mnb2.x86_64.rpm 0a946db4c66a3ae2985b983870d9b3fb mes5/x86_64/glibc-doc-pdf-2.8-1.20080520.5.10mnb2.x86_64.rpm 35f418e46f2739e07666b2b80a968c55 mes5/x86_64/glibc-i18ndata-2.8-1.20080520.5.10mnb2.x86_64.rpm c750b3334f6bb43d62370fbf1fc30a74 mes5/x86_64/glibc-profile-2.8-1.20080520.5.10mnb2.x86_64.rpm c6795a180161f94eb06074fdf588a5ed mes5/x86_64/glibc-static-devel-2.8-1.20080520.5.10mnb2.x86_64.rpm 01dd2eaae2dd444ed7b1e80411478a03 mes5/x86_64/glibc-utils-2.8-1.20080520.5.10mnb2.x86_64.rpm 0e29e9d7d90d5a92b19b53cda9642d6c mes5/x86_64/nscd-2.8-1.20080520.5.10mnb2.x86_64.rpm 8e2ebc125c5a6e7dcf17d4535f7f911c mes5/SRPMS/glibc-2.8-1.20080520.5.10mnb2.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the
[SECURITY] [DSA 2800-1] nss security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2800-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso November 25, 2013 http://www.debian.org/security/faq - - Package: nss Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2013-5605 Andrew Tinits reported a potentially exploitable buffer overflow in the Mozilla Network Security Service library (nss). With a specially crafted request a remote attacker could cause a denial of service or possibly execute arbitrary code. For the oldstable distribution (squeeze), this problem has been fixed in version 3.12.8-1+squeeze7. For the stable distribution (wheezy), this problem has been fixed in version 2:3.14.5-1. For the testing distribution (jessie), this problem has been fixed in version 2:3.15.3-1. For the unstable distribution (sid), this problem has been fixed in version 2:3.15.3-1. We recommend that you upgrade your nss packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCgAGBQJSk6prAAoJEAVMuPMTQ89ElaEP/0P2asJjRPsE1nNcJfi9F/N1 tmjVoGtEPRHDF56MDnJaTxiUOttfXDv7b0N5fdLcptjIoz+EmMOIsoAGtAM3jLHy OluWh0S0xi47T7ClVysERsGC/KhKyTQMSnCDcx5yYb3urS6w+A+npJnxdus2eKau IhIbY59nEiz1fDij0WrW8+4dXaA3meRMp/dxzI26oXMbLY0FFzOqDyi5F8oJ1uU+ 2Ynje1WhtTcH4bXcxoBJJqu+HG1oHiPd4mc2Wpasu3KTuGju1P9mv1VenrO6qSnR NXnqU6ugi79QxOLSD7tB/OA76uGvkaQZ9pc5CSYi4gYwiX0O1rnWI3t5FXx++f6p vGcGUv2W/YNx/y5dvtpXlOFesK/nH3dvEJuUKNRhnoRABZ2H+ietUUR0uJkuzRyh 5ClPBlMWHho2aLMLTVRJLKS9NnTiTA7hGLSO6XBjRhLGXIVF/dIg/hZtEpRzWSqF Zx4c0tIFW3wEY0yg8SMzMJcD1SHSgGXJN2NfpGRRP+AK8RrlMazo6gdiwa47afns N4EcvGFBiu4h2ZnqkZC6s/15mGnH4QuEaRGF87Ax1ekbPpMEBafaeteeMZ2oLGV9 xL2F4ks5Gj6KKdN+jowyr4ZZ/J9ANsYBKGONOlrKwUkiAn9ORU6qxxwJW0KVRwAe cepySQ+PmtTtyd4tiPO/ =aPVh -END PGP SIGNATURE-
[ MDVSA-2013:285 ] bugzilla
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:285 http://www.mandriva.com/en/support/security/ ___ Package : bugzilla Date: November 26, 2013 Affected: Business Server 1.0 ___ Problem Description: Multiple vulnerabilities was found and corrected in bugzilla: Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision token (CVE-2013-1733). Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via an update action (CVE-2013-1734). Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) sortkey parameter (CVE-2013-1742). Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the (1) summary or (2) real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189 (CVE-2013-1743). The updated packages have been upgraded to the 4.2.7 version which is not affected by these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1733 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1734 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1742 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1743 http://www.bugzilla.org/releases/4.2.6/release-notes.html http://www.bugzilla.org/releases/4.2.7/release-notes.html ___ Updated Packages: Mandriva Business Server 1/X86_64: 9a1a55ee22eeeac4627983498b7f595c mbs1/x86_64/bugzilla-4.2.7-1.mbs1.noarch.rpm 0a3fa051b8bc513811ffc89bfd7aff22 mbs1/x86_64/bugzilla-contrib-4.2.7-1.mbs1.noarch.rpm 56ca09432b832fad00398056f148e3cc mbs1/SRPMS/bugzilla-4.2.7-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSlGoYmqjQ0CJFipgRAgzyAKDf2bSWn3YByiwJ5Tpy1IGe8UEGWwCg7ous FI4snEnJtYak1Y5RHIAh5Ig= =FTVm -END PGP SIGNATURE-
[ MDVSA-2013:286 ] ruby
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:286 http://www.mandriva.com/en/support/security/ ___ Package : ruby Date: November 26, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: A vulnerability was found and corrected in ruby: Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse (CVE-2013-4164). The updated packages have been patched to correct these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164 ___ Updated Packages: Mandriva Enterprise Server 5: 1294917053856fc539899d0b44ad0dbc mes5/i586/ruby-1.8.7-7p72.7mdvmes5.2.i586.rpm 3f2db72bc1631e542779316343e966c4 mes5/i586/ruby-devel-1.8.7-7p72.7mdvmes5.2.i586.rpm 39cfc6c4609fcc57176672475790b32b mes5/i586/ruby-doc-1.8.7-7p72.7mdvmes5.2.i586.rpm 0ec33b39a54d3bdf697f45da9f89e47a mes5/i586/ruby-tk-1.8.7-7p72.7mdvmes5.2.i586.rpm fd07a01ddd78a658dfc153a62031321f mes5/SRPMS/ruby-1.8.7-7p72.7mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: a931882acf32d122e07627496390d938 mes5/x86_64/ruby-1.8.7-7p72.7mdvmes5.2.x86_64.rpm b501426a2e620f092bbb599859250cbe mes5/x86_64/ruby-devel-1.8.7-7p72.7mdvmes5.2.x86_64.rpm ff3c3946cadf9572f9a9156ce1acc4d1 mes5/x86_64/ruby-doc-1.8.7-7p72.7mdvmes5.2.x86_64.rpm 7e11dfe3289d721f58692552d2dffe92 mes5/x86_64/ruby-tk-1.8.7-7p72.7mdvmes5.2.x86_64.rpm fd07a01ddd78a658dfc153a62031321f mes5/SRPMS/ruby-1.8.7-7p72.7mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 19f50bdda7f4d5298aad37fffcc161d2 mbs1/x86_64/ruby-1.8.7.p358-2.3.mbs1.x86_64.rpm cb212eb9e77942130daa03bd00129647 mbs1/x86_64/ruby-devel-1.8.7.p358-2.3.mbs1.x86_64.rpm 61727a178644e24a90893fd521beaf26 mbs1/x86_64/ruby-doc-1.8.7.p358-2.3.mbs1.noarch.rpm 7c7c74b929d64434f5fac3e9a6a16eac mbs1/x86_64/ruby-tk-1.8.7.p358-2.3.mbs1.x86_64.rpm 3b57d1f0167760c15f5a2b7187f9301b mbs1/SRPMS/ruby-1.8.7.p358-2.3.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSlGwWmqjQ0CJFipgRAro6AKDxx5aol75oiREPEvp6GwJOdrHV4ACdEiEp IDtHqkEQ0Csfty0PsqPR7Xg= =XUfQ -END PGP SIGNATURE-