-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:251-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : firefox Date : December 24, 2010 Affected: 2010.0 _______________________________________________________________________ Problem Description: Security issues were identified and fixed in firefox: Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are vulnerable to XSS attacks due to some characters being converted to angle brackets when displayed by the rendering engine. Sites using these character encodings would thus be potentially vulnerable to script injection attacks if their script filtering code fails to strip out these specific characters (CVE-2010-3770). Google security researcher Michal Zalewski reported that when a window was opened to a site resulting in a network or certificate error page, the opening site could access the document inside the opened window and inject arbitrary content. An attacker could use this bug to spoof the location bar and trick a user into thinking they were on a different site than they actually were (CVE-2010-3774). Mozilla security researcher moz_bug_r_a4 reported that the fix for CVE-2010-0179 could be circumvented permitting the execution of arbitrary JavaScript with chrome privileges (CVE-2010-3773). Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that JavaScript arrays were vulnerable to an integer overflow vulnerability. The report demonstrated that an array could be constructed containing a very large number of items such that when memory was allocated to store the array items, the integer value used to calculate the buffer size would overflow resulting in too small a buffer being allocated. Subsequent use of the array object could then result in data being written past the end of the buffer and causing memory corruption (CVE-2010-3767). Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a nsDOMAttribute node can be modified without informing the iterator object responsible for various DOM traversals. This flaw could lead to a inconsistent state where the iterator points to an object it believes is part of the DOM but actually points to some other object. If such an object had been deleted and its memory reclaimed by the system, then the iterator could be used to call into attacker-controlled memory (CVE-2010-3766). Security researcher Gregory Fleischer reported that when a Java LiveConnect script was loaded via a data: URL which redirects via a meta refresh, then the resulting plugin object was created with the wrong security principal and thus received elevated privileges such as the abilities to read local files, launch processes, and create network connections (CVE-2010-3775). Mozilla added the OTS font sanitizing library to prevent downloadable fonts from exposing vulnerabilities in the underlying OS font code. This library mitigates against several issues independently reported by Red Hat Security Response Team member Marc Schoenefeld and Mozilla security researcher Christoph Diehl (CVE-2010-3768). Security researcher wushi of team509 reported that when a XUL tree had an HTML \ element nested inside a \ element then code attempting to display content in the XUL tree would incorrectly treat the \ element as a parent node to tree content underneath it resulting in incorrect indexes being calculated for the child content. These incorrect indexes were used in subsequent array operations which resulted in writing data past the end of an allocated buffer. An attacker could use this issue to crash a victim's browser and run arbitrary code on their machine (CVE-2010-3772). Security researcher echo reported that a web page could open a window with an about:blank location and then inject an \ element into that page which upon submission would redirect to a chrome: document. The effect of this defect was that the original page would wind up with a reference to a chrome-privileged object, the opened window, which could be leveraged for privilege escalation attacks (CVE-2010-3771). Dirk Heinrich reported that on Windows platforms when document.write() was called with a very long string a buffer overflow was caused in line breaking routines attempting to process the string for display. Such cases triggered an invalid read past the end of an array causing a crash which an attacker could potentially use to run arbitrary code on a victim's computer (CVE-2010-3769). Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2010-3776, CVE-2010-3777). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 Additionally, some packages which require so, have been rebuilt and are being provided as updates. Update: A mistake was done with the MDVSA-2010:251 advisory where the actual firefox software was NOT updated to the 3.6.13 version which in turn lead to that some packages wasn't rebuilt against the correct version. The secteam wishes to apologise for the misfortunate mistake and also wishes everyone a great christmas. Regards // Santa Claus _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3768 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3769 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3776 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3777 http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.13 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.0: 7362b9c9765a78f005c4b665c5ffa3b6 2010.0/i586/beagle-0.3.9-20.20mdv2010.0.i586.rpm 1e266ec4fea5d204f940949178e43765 2010.0/i586/beagle-crawl-system-0.3.9-20.20mdv2010.0.i586.rpm 2cefff601507db1181c68d7cc6a5fe67 2010.0/i586/beagle-doc-0.3.9-20.20mdv2010.0.i586.rpm ed5d062b55bdc4a08c8c2cdab948621a 2010.0/i586/beagle-evolution-0.3.9-20.20mdv2010.0.i586.rpm 23d794739b1a79eb9a75694eacfb7010 2010.0/i586/beagle-gui-0.3.9-20.20mdv2010.0.i586.rpm dc0311b61ac69fbfb57abe3a4fbceebe 2010.0/i586/beagle-gui-qt-0.3.9-20.20mdv2010.0.i586.rpm e157d8acebfeeeecf306e32e729a76b2 2010.0/i586/beagle-libs-0.3.9-20.20mdv2010.0.i586.rpm 4dc171016cdcd713751797783d1fa3f1 2010.0/i586/firefox-3.6.13-0.1mdv2010.0.i586.rpm c2927e77d370dba2175e5ecaccf35721 2010.0/i586/firefox-devel-3.6.13-0.1mdv2010.0.i586.rpm 5dc79f2a9adb9a8d30badc40500c0ef2 2010.0/i586/firefox-ext-beagle-0.3.9-20.20mdv2010.0.i586.rpm a6a0920d05bdafa085f9bfeb99709584 2010.0/i586/firefox-ext-blogrovr-1.1.804-6.15mdv2010.0.i586.rpm 843f24eb522dd9071797435556443d28 2010.0/i586/firefox-ext-foxmarks-2.7.2-2.4mdv2010.0.i586.rpm 1313da214d5ea99f4df481a7fcd928f3 2010.0/i586/firefox-ext-mozvoikko-1.0-6.15mdv2010.0.i586.rpm ade481d041332878f5948f40517c01e6 2010.0/i586/firefox-ext-plasmanotify-0.3.1-0.10mdv2010.0.i586.rpm fb38c756d351106c9e75cb6291ea8a46 2010.0/i586/firefox-ext-r-kiosk-0.7.2-9.15mdv2010.0.i586.rpm b0d11d676ec6a1ff0fe5a7e2393eedef 2010.0/i586/firefox-ext-scribefire-3.5.1-0.9mdv2010.0.i586.rpm 4d963ff7a87bb11030b6e28e4b063e65 2010.0/i586/firefox-ext-xmarks-3.5.10-0.9mdv2010.0.i586.rpm 72c6e38a8844f558066cc3c514d5dd1f 2010.0/i586/firefox-theme-kfirefox-0.16-7.14mdv2010.0.i586.rpm d9640b653c7969f3e26eb94eee6ca364 2010.0/i586/gnome-python-extras-2.25.3-10.15mdv2010.0.i586.rpm 6643878b6a7c66545d4dbd4cccfd0575 2010.0/i586/gnome-python-gda-2.25.3-10.15mdv2010.0.i586.rpm f53e9bdf9e3692abb8d479198d7dfd71 2010.0/i586/gnome-python-gda-devel-2.25.3-10.15mdv2010.0.i586.rpm b5b48946228182c83d6500b5c77de0a2 2010.0/i586/gnome-python-gdl-2.25.3-10.15mdv2010.0.i586.rpm 58b06513c1ee76b050a5c538f1d0798e 2010.0/i586/gnome-python-gtkhtml2-2.25.3-10.15mdv2010.0.i586.rpm 6ed7e73a085db2858650a83c4925a69a 2010.0/i586/gnome-python-gtkmozembed-2.25.3-10.15mdv2010.0.i586.rpm 0ee2fbeb046190f2b1f1ccf569bac015 2010.0/i586/gnome-python-gtkspell-2.25.3-10.15mdv2010.0.i586.rpm 7259052b96bd807e8a9755a0e1a95f50 2010.0/i586/google-gadgets-common-0.11.2-0.10mdv2010.0.i586.rpm 807871d45d5b3bffb0d9fe995bc7e5c2 2010.0/i586/google-gadgets-gtk-0.11.2-0.10mdv2010.0.i586.rpm 651a021de8269f65b86d17fdb096a104 2010.0/i586/google-gadgets-qt-0.11.2-0.10mdv2010.0.i586.rpm 61698165914e1603ff8ac7a19f65647f 2010.0/i586/libggadget1.0_0-0.11.2-0.10mdv2010.0.i586.rpm d4de34cbc1fb5cc422a165d9c846cd52 2010.0/i586/libggadget-dbus1.0_0-0.11.2-0.10mdv2010.0.i586.rpm 40d01d884275a44c317a10b3ec78e41e 2010.0/i586/libggadget-gtk1.0_0-0.11.2-0.10mdv2010.0.i586.rpm 782c44f3cc5da470ce8f3a354e55085f 2010.0/i586/libggadget-js1.0_0-0.11.2-0.10mdv2010.0.i586.rpm 030ce727beec59e7ace7c4831c1c6eca 2010.0/i586/libggadget-npapi1.0_0-0.11.2-0.10mdv2010.0.i586.rpm 9643cb63dd8bb03d8b04531bc27a1f5b 2010.0/i586/libggadget-qt1.0_0-0.11.2-0.10mdv2010.0.i586.rpm 2a231ef630da0604d31146943c960111 2010.0/i586/libggadget-webkitjs0-0.11.2-0.10mdv2010.0.i586.rpm cb3fb13a0fadab536587f8e1d5005ad8 2010.0/i586/libggadget-xdg1.0_0-0.11.2-0.10mdv2010.0.i586.rpm a2e761817c086c5012c90a7c754f532e 2010.0/i586/libgoogle-gadgets-devel-0.11.2-0.10mdv2010.0.i586.rpm 6faf36e422103e598af415856d8ba458 2010.0/i586/libopensc2-0.11.9-1.15mdv2010.0.i586.rpm efe24a3cc32b55ee94c93e4684a19aef 2010.0/i586/libopensc-devel-0.11.9-1.15mdv2010.0.i586.rpm a7f23821bc28c7e46b07330a19a25844 2010.0/i586/mozilla-plugin-opensc-0.11.9-1.15mdv2010.0.i586.rpm d2298d9085709db208524850209782c8 2010.0/i586/mozilla-thunderbird-beagle-0.3.9-20.20mdv2010.0.i586.rpm d393fcead0795f183df5e7861367e0ef 2010.0/i586/opensc-0.11.9-1.15mdv2010.0.i586.rpm c733515bcac41571e388ef640bee809b 2010.0/i586/totem-2.28.5-1.12mdv2010.0.i586.rpm ee007e4b75baf6a29b3ccc805a5f654a 2010.0/i586/totem-mozilla-2.28.5-1.12mdv2010.0.i586.rpm 29a8a6939986c856c8112bf45ef59dd8 2010.0/i586/totem-nautilus-2.28.5-1.12mdv2010.0.i586.rpm f8b80a53722077bd279e9ee81787086e 2010.0/i586/yelp-2.28.0-1.17mdv2010.0.i586.rpm b860b8386158a27341ac2416ee61f1bb 2010.0/SRPMS/beagle-0.3.9-20.20mdv2010.0.src.rpm 10306951c9b1a637c77f84474f3ee218 2010.0/SRPMS/firefox-3.6.13-0.1mdv2010.0.src.rpm 3aabd2042024b964a9b1e9b6c10dd05c 2010.0/SRPMS/firefox-ext-blogrovr-1.1.804-6.15mdv2010.0.src.rpm 722c800bfc876b404a3352de99b8aeaf 2010.0/SRPMS/firefox-ext-foxmarks-2.7.2-2.4mdv2010.0.src.rpm 928da519cfc04251e4bd1bf8f386011c 2010.0/SRPMS/firefox-ext-mozvoikko-1.0-6.15mdv2010.0.src.rpm 6c4aab896ad56f20a3cc2ff70867449c 2010.0/SRPMS/firefox-ext-plasmanotify-0.3.1-0.10mdv2010.0.src.rpm 11f22050799c13dfa7d52ab8206a9e05 2010.0/SRPMS/firefox-ext-r-kiosk-0.7.2-9.15mdv2010.0.src.rpm 0b49bd2f901d7accb41af6c780e26b25 2010.0/SRPMS/firefox-ext-scribefire-3.5.1-0.9mdv2010.0.src.rpm c1e47f5f02230bb57542c7068640cb75 2010.0/SRPMS/firefox-ext-xmarks-3.5.10-0.9mdv2010.0.src.rpm 23bd5d436ba96dd9da528f2411e7accd 2010.0/SRPMS/firefox-theme-kfirefox-0.16-7.14mdv2010.0.src.rpm b300dfa39c51ce8a30b747a9e51fd150 2010.0/SRPMS/gnome-python-extras-2.25.3-10.15mdv2010.0.src.rpm 126d656df1bfb8987e001695d634d762 2010.0/SRPMS/google-gadgets-0.11.2-0.10mdv2010.0.src.rpm 42340517c49c4724d757ee7ccb93ec63 2010.0/SRPMS/opensc-0.11.9-1.15mdv2010.0.src.rpm a148ed3b50fea7e6eefe587159d876e4 2010.0/SRPMS/totem-2.28.5-1.12mdv2010.0.src.rpm eef36a9147ff02e6059f194f0f99628b 2010.0/SRPMS/yelp-2.28.0-1.17mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 0801a86f204d87ac53bcc850452c7f15 2010.0/x86_64/beagle-0.3.9-20.20mdv2010.0.x86_64.rpm 9029e090efb718f5d95817dbca069f53 2010.0/x86_64/beagle-crawl-system-0.3.9-20.20mdv2010.0.x86_64.rpm e1a74dc97183345906b0b89a4bf9fe4c 2010.0/x86_64/beagle-doc-0.3.9-20.20mdv2010.0.x86_64.rpm 8bca9cdedd9c2ef048016cdf3ae72302 2010.0/x86_64/beagle-evolution-0.3.9-20.20mdv2010.0.x86_64.rpm 81212249295ee1d3b4ba83499dc649cc 2010.0/x86_64/beagle-gui-0.3.9-20.20mdv2010.0.x86_64.rpm 16e2698132e44e964cd4ff2c0b838690 2010.0/x86_64/beagle-gui-qt-0.3.9-20.20mdv2010.0.x86_64.rpm 9d33ec7d9a8a1521cae7ded408b35d2f 2010.0/x86_64/beagle-libs-0.3.9-20.20mdv2010.0.x86_64.rpm bcbcbaf6086158f227529a9a08fb61d9 2010.0/x86_64/firefox-3.6.13-0.1mdv2010.0.x86_64.rpm ef670f774cbee1372252e2565a551d58 2010.0/x86_64/firefox-devel-3.6.13-0.1mdv2010.0.x86_64.rpm ec3d733438ffc6d27a8b3f73c82cdc50 2010.0/x86_64/firefox-ext-beagle-0.3.9-20.20mdv2010.0.x86_64.rpm badaa799dec99d0cddf0fc2689e910b1 2010.0/x86_64/firefox-ext-blogrovr-1.1.804-6.15mdv2010.0.x86_64.rpm aa57b08ab61e003b21b0ebbcaf0f2f2a 2010.0/x86_64/firefox-ext-foxmarks-2.7.2-2.4mdv2010.0.x86_64.rpm 83ce1041267763f61c5a251bd2ab7f75 2010.0/x86_64/firefox-ext-mozvoikko-1.0-6.15mdv2010.0.x86_64.rpm 1af95c82dbe7b1e135ed9c12dfc6d89b 2010.0/x86_64/firefox-ext-plasmanotify-0.3.1-0.10mdv2010.0.x86_64.rpm feb1563b8839bbd8acd3f725bdc6eaa7 2010.0/x86_64/firefox-ext-r-kiosk-0.7.2-9.15mdv2010.0.x86_64.rpm 7f351f40731624040530fae7a2f0ac2d 2010.0/x86_64/firefox-ext-scribefire-3.5.1-0.9mdv2010.0.x86_64.rpm f06f99f6304ed3024115d818e3630236 2010.0/x86_64/firefox-ext-xmarks-3.5.10-0.9mdv2010.0.x86_64.rpm bd1cc6232ca148ee69a65ca7ff281b28 2010.0/x86_64/firefox-theme-kfirefox-0.16-7.14mdv2010.0.x86_64.rpm 92700df25f6cfe91592e11f41fee71f0 2010.0/x86_64/gnome-python-extras-2.25.3-10.15mdv2010.0.x86_64.rpm 503e2372e4a1f9241f05ddd336fd3d46 2010.0/x86_64/gnome-python-gda-2.25.3-10.15mdv2010.0.x86_64.rpm 1707e9feda489a7781338214691f7925 2010.0/x86_64/gnome-python-gda-devel-2.25.3-10.15mdv2010.0.x86_64.rpm b392561eb56093266212a57709c39097 2010.0/x86_64/gnome-python-gdl-2.25.3-10.15mdv2010.0.x86_64.rpm 1ec7c05d0fdcea08cb20b4ddddca69a3 2010.0/x86_64/gnome-python-gtkhtml2-2.25.3-10.15mdv2010.0.x86_64.rpm 9e9e435879b47b96233e6e1002d1116a 2010.0/x86_64/gnome-python-gtkmozembed-2.25.3-10.15mdv2010.0.x86_64.rpm 0393ae8e7811a12f4e4c4f6c74795d34 2010.0/x86_64/gnome-python-gtkspell-2.25.3-10.15mdv2010.0.x86_64.rpm 7fe419ee466d37853f6057d7280623cf 2010.0/x86_64/google-gadgets-common-0.11.2-0.10mdv2010.0.x86_64.rpm 74046268f87f71c8a987e25a30266d25 2010.0/x86_64/google-gadgets-gtk-0.11.2-0.10mdv2010.0.x86_64.rpm 3459e809d2cd28903ec5caa4a65d0b3c 2010.0/x86_64/google-gadgets-qt-0.11.2-0.10mdv2010.0.x86_64.rpm 498b74099be7691a0c193089b9e82780 2010.0/x86_64/lib64ggadget1.0_0-0.11.2-0.10mdv2010.0.x86_64.rpm 69b51c23d4043ab86e06a5d46d420d35 2010.0/x86_64/lib64ggadget-dbus1.0_0-0.11.2-0.10mdv2010.0.x86_64.rpm 18480cd491373dea57a7677108628075 2010.0/x86_64/lib64ggadget-gtk1.0_0-0.11.2-0.10mdv2010.0.x86_64.rpm b43f05c0bdd2ba8c9eb0b7260853399d 2010.0/x86_64/lib64ggadget-js1.0_0-0.11.2-0.10mdv2010.0.x86_64.rpm d81be70624a13c64ac723c05c6268342 2010.0/x86_64/lib64ggadget-npapi1.0_0-0.11.2-0.10mdv2010.0.x86_64.rpm 4739da14bfdd0d6cc91e76cfb5968268 2010.0/x86_64/lib64ggadget-qt1.0_0-0.11.2-0.10mdv2010.0.x86_64.rpm cb910134b7f99ae4ec3211091b0081ef 2010.0/x86_64/lib64ggadget-webkitjs0-0.11.2-0.10mdv2010.0.x86_64.rpm a442e71a3197f578935d2e117b2e70d5 2010.0/x86_64/lib64ggadget-xdg1.0_0-0.11.2-0.10mdv2010.0.x86_64.rpm db86be47c56ad241f977c9cdce160302 2010.0/x86_64/lib64google-gadgets-devel-0.11.2-0.10mdv2010.0.x86_64.rpm ccb21698ae0c0496332ffee801c9eb82 2010.0/x86_64/lib64opensc2-0.11.9-1.15mdv2010.0.x86_64.rpm f65e1bed5bb717d52d469087f524ed4f 2010.0/x86_64/lib64opensc-devel-0.11.9-1.15mdv2010.0.x86_64.rpm 00a19d2e61af0fbb2fddb1dd51f8bc4b 2010.0/x86_64/mozilla-plugin-opensc-0.11.9-1.15mdv2010.0.x86_64.rpm 15f9caade5585c278a207a3915e1c257 2010.0/x86_64/mozilla-thunderbird-beagle-0.3.9-20.20mdv2010.0.x86_64.rpm be7b03cddfd05cdf70f9aa2a01cd6f95 2010.0/x86_64/opensc-0.11.9-1.15mdv2010.0.x86_64.rpm c52546473a43cbdf345fe67d4e668baa 2010.0/x86_64/totem-2.28.5-1.12mdv2010.0.x86_64.rpm cf502322bd1e665e5196f79425c32bb6 2010.0/x86_64/totem-mozilla-2.28.5-1.12mdv2010.0.x86_64.rpm f9f119a0763df86d677b0b3f356be6a4 2010.0/x86_64/totem-nautilus-2.28.5-1.12mdv2010.0.x86_64.rpm 5a61acd18d334e1eaba84d9ee881462a 2010.0/x86_64/yelp-2.28.0-1.17mdv2010.0.x86_64.rpm b860b8386158a27341ac2416ee61f1bb 2010.0/SRPMS/beagle-0.3.9-20.20mdv2010.0.src.rpm 10306951c9b1a637c77f84474f3ee218 2010.0/SRPMS/firefox-3.6.13-0.1mdv2010.0.src.rpm 3aabd2042024b964a9b1e9b6c10dd05c 2010.0/SRPMS/firefox-ext-blogrovr-1.1.804-6.15mdv2010.0.src.rpm 722c800bfc876b404a3352de99b8aeaf 2010.0/SRPMS/firefox-ext-foxmarks-2.7.2-2.4mdv2010.0.src.rpm 928da519cfc04251e4bd1bf8f386011c 2010.0/SRPMS/firefox-ext-mozvoikko-1.0-6.15mdv2010.0.src.rpm 6c4aab896ad56f20a3cc2ff70867449c 2010.0/SRPMS/firefox-ext-plasmanotify-0.3.1-0.10mdv2010.0.src.rpm 11f22050799c13dfa7d52ab8206a9e05 2010.0/SRPMS/firefox-ext-r-kiosk-0.7.2-9.15mdv2010.0.src.rpm 0b49bd2f901d7accb41af6c780e26b25 2010.0/SRPMS/firefox-ext-scribefire-3.5.1-0.9mdv2010.0.src.rpm c1e47f5f02230bb57542c7068640cb75 2010.0/SRPMS/firefox-ext-xmarks-3.5.10-0.9mdv2010.0.src.rpm 23bd5d436ba96dd9da528f2411e7accd 2010.0/SRPMS/firefox-theme-kfirefox-0.16-7.14mdv2010.0.src.rpm b300dfa39c51ce8a30b747a9e51fd150 2010.0/SRPMS/gnome-python-extras-2.25.3-10.15mdv2010.0.src.rpm 126d656df1bfb8987e001695d634d762 2010.0/SRPMS/google-gadgets-0.11.2-0.10mdv2010.0.src.rpm 42340517c49c4724d757ee7ccb93ec63 2010.0/SRPMS/opensc-0.11.9-1.15mdv2010.0.src.rpm a148ed3b50fea7e6eefe587159d876e4 2010.0/SRPMS/totem-2.28.5-1.12mdv2010.0.src.rpm eef36a9147ff02e6059f194f0f99628b 2010.0/SRPMS/yelp-2.28.0-1.17mdv2010.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNFHONmqjQ0CJFipgRAsDgAJ9rxv4ztOOXmwScj6xJe7DuiROupwCfZDDd E6hUpLnRBrS2Xrzr7XIqRYw= =Hduw -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/