[ GLSA 200709-03 ] Streamripper: Buffer overflow

[Raphael Marichez]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200709-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Streamripper: Buffer overflow
  Date: September 13, 2007
  Bugs: #188698
ID: 200709-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


A buffer overflow vulnerability has been discovered in Streamripper,
allowing for user-assisted execution of arbitrary code.

Background
==

Streamripper is a tool for extracting and recording mp3 files from a
Shoutcast stream.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  media-sound/streamripper  < 1.62.2  >= 1.62.2

Description
===

Chris Rohlf discovered several boundary errors in the
httplib_parse_sc_header() function when processing HTTP headers.

Impact
==

A remote attacker could entice a user to connect to a malicious
streaming server, resulting in the execution of arbitrary code with the
privileges of the user running Streamripper.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Streamripper users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-sound/streamripper-1.62.2"

References
==

  [ 1 ] CVE-2007-4337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4337

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200709-03.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


pgppvab8SAoDx.pgp
Description: PGP signature

[ GLSA 200709-04 ] po4a: Insecure temporary file creation

[Raphael Marichez]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200709-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: po4a: Insecure temporary file creation
  Date: September 13, 2007
  Bugs: #189440
ID: 200709-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


A vulnerability has been discovered in po4a, allowing for a symlink
attack.

Background
==

po4a is a set of tools for helping with the translation of
documentation.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  app-text/po4a  < 0.32-r1   >= 0.32-r1

Description
===

The po4a development team reported a race condition in the gettextize()
function when creating the file "/tmp/gettextization.failed.po".

Impact
==

A local attacker could perform a symlink attack, possibly overwriting
files with the permissions of the user running po4a.

Workaround
==

There is no known workaround at this time.

Resolution
==

All po4a users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/po4a-0.32-r1"

References
==

  [ 1 ] CVE-2007-4462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4462

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200709-04.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


pgpkXWRcW66EU.pgp
Description: PGP signature

[ MDKSA-2007:182 ] - Updated quagga packages fix vulnerability and bugs

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___
 
 Mandriva Linux Security Advisory MDKSA-2007:182
 http://www.mandriva.com/security/
 ___
 
 Package : quagga
 Date: September 13, 2007
 Affected: Corporate 4.0
 ___
 
 Problem Description:
 
 The bgpd daemon in Quagga prior to 0.99.9 allowed remote BGP peers
 to cause a denial of service crash via a malformed OPEN message or
 COMMUNITY attribute.
 
 Updated packages are available that bring Quagga to version 0.99.9
 which provides numerous bugfixes over the previous 0.99.3 version,
 and also correct this issue.
 ___

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4826
 ___
 
 Updated Packages:
 
 Corporate 4.0:
 ab6e0e1d280a6945ce7a5b47d908181c  
corporate/4.0/i586/libquagga0-0.99.9-0.1.20060mlcs4.i586.rpm
 f0744b4772d1d15dc5d02d0642e5f0da  
corporate/4.0/i586/libquagga0-devel-0.99.9-0.1.20060mlcs4.i586.rpm
 6d5921788f7a5c169f053013fa4dd0c5  
corporate/4.0/i586/quagga-0.99.9-0.1.20060mlcs4.i586.rpm
 cde3640e96e96e47384181a940a9e8c1  
corporate/4.0/i586/quagga-contrib-0.99.9-0.1.20060mlcs4.i586.rpm 
 5e64b02beff305ba5a37272e13592739  
corporate/4.0/SRPMS/quagga-0.99.9-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 24474feed270055ce5e5ed096c227e50  
corporate/4.0/x86_64/lib64quagga0-0.99.9-0.1.20060mlcs4.x86_64.rpm
 cac13525b2e2935e314fe8a8a0dd1626  
corporate/4.0/x86_64/lib64quagga0-devel-0.99.9-0.1.20060mlcs4.x86_64.rpm
 dcb01be5184742e412f99f5fa601f7a7  
corporate/4.0/x86_64/quagga-0.99.9-0.1.20060mlcs4.x86_64.rpm
 c8978f69636129050debd2e721bba887  
corporate/4.0/x86_64/quagga-contrib-0.99.9-0.1.20060mlcs4.x86_64.rpm 
 5e64b02beff305ba5a37272e13592739  
corporate/4.0/SRPMS/quagga-0.99.9-0.1.20060mlcs4.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG6WgbmqjQ0CJFipgRAoPJAJ9gZxTHQMiR/Z+WjwIErpa/JmMQRwCg4Ckf
bzjs45A3TRaGLqsKFHZ9qqQ=
=PJRI
-END PGP SIGNATURE-

[ GLSA 200709-02 ] KVIrc: Remote arbitrary code execution

[Raphael Marichez]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200709-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: KVIrc: Remote arbitrary code execution
  Date: September 13, 2007
  Bugs: #183174
ID: 200709-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


A vulnerability has been discovered in KVIrc, allowing for the remote
execution of arbitrary code.

Background
==

KVIrc is a free portable IRC client based on Qt.

Affected packages
=

---
 Package/   Vulnerable   /  Unaffected
---
  1  net-irc/kvirc  < 3.2.6_pre20070714   >= 3.2.6_pre20070714

Description
===

Stefan Cornelius from Secunia Research discovered that the
"parseIrcUrl()" function in file src/kvirc/kernel/kvi_ircurl.cpp does
not properly sanitise parts of the URI when building the command for
KVIrc's internal script system.

Impact
==

A remote attacker could entice a user to open a specially crafted
irc:// URI, possibly leading to the remote execution of arbitrary code
with the privileges of the user running KVIrc. Successful exploitation
requires that KVIrc is registered as the default handler for irc:// or
similar URIs.

Workaround
==

There is no known workaround at this time.

Resolution
==

All KVIrc users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-irc/kvirc-3.2.6_pre20070714"

References
==

  [ 1 ] CVE-2007-2951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200709-02.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


pgpPAgcCzKsGC.pgp
Description: PGP signature

Re: Next generation malware: Windows Vista's gadget API

[Todd Manning]

On Sep 13, 2007, at 04:16 AM, Tim Brown wrote:


A paper has just been released on the Windows Vista's gadget API.  The
abstract is as follows:

Windows has had the ability to embed HTML into it’s user interface  
for many
years. Right back to and including Windows NT 4.0, it has been  
possible to
embed HTML into the task bar, but the OS has always maintained a  
sandbox,
from which the HTML has been unable to escape. All this changes  
with Windows

Vista. This paper seeks to inform system administrators, users and the
wider community on both potential attack vectors using gadgets and the
mitigations provided by Windows Vista.

The full paper can be found at http://www.portcullis-security.com/ 
165.php.





Good paper; Since this is out there I figure I'll forward the much  
shorter article I wrote that details an attack against the contact  
gadget, which was patched last month.


https://strikecenter.bpointsys.com/articles/2007/08/26/vista-gadget- 
patches-in-ms07-048

Next generation malware: Windows Vista's gadget API

[Tim Brown]

A paper has just been released on the Windows Vista's gadget API.  The 
abstract is as follows:

Windows has had the ability to embed HTML into it’s user interface for many 
years. Right back to and including Windows NT 4.0, it has been possible to 
embed HTML into the task bar, but the OS has always maintained a sandbox, 
from which the HTML has been unable to escape. All this changes with Windows 
Vista. This paper seeks to inform system administrators, users and the
wider community on both potential attack vectors using gadgets and the 
mitigations provided by Windows Vista.

The full paper can be found at http://www.portcullis-security.com/165.php.

Cheers,
Tim
-- 
Tim Brown

WinSCP < 4.04 url protocol handler flaw

[Kender . Security]

-Affected products: WinSCP 4.03 and older

-Details:
By default WinSCP installs url protocol handlers for the scp:// and sftp:// 
protocols.
These could be used by malicious web content to automatically upload any file 
from the local system to a remote server, or automatically  download files from 
a remote server to the local system.

Since version 3.8.2 there is a sort of protection against this, but this does 
not stop all forms of attack.

-PoC:
On a machine you control set up an scp-only account with the username "scp" 
with any password.
Place this on a website:

This will upload a file to the server when the page is visited by a user with a 
vulnerable WinSCP installed.

Downloading a file from the server to any location writable by the current user 
also works.

-Tested on:
IE6 & IE7 works.
FF older than 2.0.0.5 works.
FF 2.0.0.5 and newer show a confirmation dialog before executing WinSCP.

-Solution
Upgrade to version 4.04 or higher from http://winscp.net/download.php

-Timeline
24-Jul-2007 Vulnerability reported to Martin Prikryl
25-07-2007 Proposed fix to Martin
31-07-2007 Response from Martin
01-09-2007 Martin confirms fix
02-09-2007 New version done
06-09-2007 WinSCP v4.04 released

NDSS 2008 CfP Papers Due September 21

[Crispin Cowan]

NDSS (Network and Distributed Systems Security) is a traditional
academic scholarly conference, with an emphasis on practical security
matters. This year we are continuing our theme of cross-over between the
academic security research community and the "hacker" security research
community, and so we encourage submissions with novelty merit from both
communities.

Papers are due September 21st
http://www.isoc.org/isoc/conferences/ndss/08/cfp.shtml

The conference itself is February 10-13 in San Diego.

Thanks,
Crispin

-- 
Crispin Cowan, Ph.D.   http://crispincowan.com/~crispin/
Director of Software Engineering   http://novell.com
AppArmor Chat: irc.oftc.net/#apparmor

[ MDKSA-2007:180 ] - Updated id3lib packages fix vulnerability

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___
 
 Mandriva Linux Security Advisory MDKSA-2007:180
 http://www.mandriva.com/security/
 ___
 
 Package : id3lib
 Date: September 12, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0
 ___
 
 Problem Description:
 
 A programming error was found in id3lib by Nikolaus Schulz that could
 lead to a denial of service through symlink attacks.
 
 Updated packages have been patched to prevent these issues.
 ___

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4460
 ___
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 89ededb20e4a560dc4a15bc028bde937  
2007.0/i586/id3lib-3.8.3-10.1mdv2007.0.i586.rpm
 911e99bcbd3adc8d49175fa12297d6dd  
2007.0/i586/libid3_3.8_3-3.8.3-10.1mdv2007.0.i586.rpm
 d792ca59dcbfbba0ec75742383dd0740  
2007.0/i586/libid3_3.8_3-devel-3.8.3-10.1mdv2007.0.i586.rpm
 b5263e43bcc2c3e52cb96ce70769d663  
2007.0/i586/libid3_3.8_3-static-devel-3.8.3-10.1mdv2007.0.i586.rpm 
 8046c1d4ed9191e1ea40caf4b7ba20f5  
2007.0/SRPMS/id3lib-3.8.3-10.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 330799502bac0ea9cdf3e87a89836b61  
2007.0/x86_64/id3lib-3.8.3-10.1mdv2007.0.x86_64.rpm
 1be980ac246eee399e840933912c38dd  
2007.0/x86_64/lib64id3_3.8_3-3.8.3-10.1mdv2007.0.x86_64.rpm
 9c89408b8df0db6e0525818d72179b28  
2007.0/x86_64/lib64id3_3.8_3-devel-3.8.3-10.1mdv2007.0.x86_64.rpm
 a46d3015c2b8281d89adcd6463b74fd0  
2007.0/x86_64/lib64id3_3.8_3-static-devel-3.8.3-10.1mdv2007.0.x86_64.rpm 
 8046c1d4ed9191e1ea40caf4b7ba20f5  
2007.0/SRPMS/id3lib-3.8.3-10.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 012881ba00ae7a43fdda8daede5094ef  
2007.1/i586/id3lib-3.8.3-10.1mdv2007.1.i586.rpm
 0bb593e49f8c41552d27e4e663b56273  
2007.1/i586/libid3_3.8_3-3.8.3-10.1mdv2007.1.i586.rpm
 1a91fab14f81fb583f7acea0486220d7  
2007.1/i586/libid3_3.8_3-devel-3.8.3-10.1mdv2007.1.i586.rpm
 ec3ec3f058a7aa84e19870bd11f3949f  
2007.1/i586/libid3_3.8_3-static-devel-3.8.3-10.1mdv2007.1.i586.rpm 
 eff155d8383d433ef3b6cee13fa3c0c4  
2007.1/SRPMS/id3lib-3.8.3-10.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 7e6e147491fce23225e257049ea54231  
2007.1/x86_64/id3lib-3.8.3-10.1mdv2007.1.x86_64.rpm
 6e958567c9dcdd32cca5908af3d3d230  
2007.1/x86_64/lib64id3_3.8_3-3.8.3-10.1mdv2007.1.x86_64.rpm
 65dc5829f1df5aa29e16a7208f78efa0  
2007.1/x86_64/lib64id3_3.8_3-devel-3.8.3-10.1mdv2007.1.x86_64.rpm
 0cffc56e63ae5ed9bc0f6ac5143f225a  
2007.1/x86_64/lib64id3_3.8_3-static-devel-3.8.3-10.1mdv2007.1.x86_64.rpm 
 eff155d8383d433ef3b6cee13fa3c0c4  
2007.1/SRPMS/id3lib-3.8.3-10.1mdv2007.1.src.rpm

 Corporate 3.0:
 490549e67ef6b52bd06eaaf6dbff508a  
corporate/3.0/i586/libid3_3.8_3-3.8.3-6.1.C30mdk.i586.rpm
 4647513ebae5dc1355d3e7f9b7ee51a5  
corporate/3.0/i586/libid3_3.8_3-devel-3.8.3-6.1.C30mdk.i586.rpm
 2339afded61377eff9f912bed1218cd1  
corporate/3.0/i586/libid3_3.8_3-static-devel-3.8.3-6.1.C30mdk.i586.rpm 
 3c659b0444946057c77a019af1678810  
corporate/3.0/SRPMS/id3lib-3.8.3-6.1.C30mdk.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG6EwOmqjQ0CJFipgRAodMAKC5yfiviupxANt/gXfqY6zdaVMf9ACeN5u+
S+u0izuqWpkjKrkVecA359k=
=ysgi
-END PGP SIGNATURE-

[ MDKSA-2007:181 ] - Updated librpcsecgss packages fix vulnerabilities

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___
 
 Mandriva Linux Security Advisory MDKSA-2007:181
 http://www.mandriva.com/security/
 ___
 
 Package : librpcsecgss
 Date: September 12, 2007
 Affected: 2007.0, 2007.1, Corporate 4.0
 ___
 
 Problem Description:
 
 A stack buffer overflow vulnerability was discovered in the RPCSEC_GSS
 RPC library by Tenable Network Security that could potentially allow
 for the execution of arbitrary code.
 
 Updated packages have been patched to prevent these issues.
 ___

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999
 ___
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 adee4ad65f8a754f8ccc6b4c8045859a  
2007.0/i586/librpcsecgss2-0.12-2.1mdv2007.0.i586.rpm
 6667d2fe30b9afa56d545f41d439bab8  
2007.0/i586/librpcsecgss2-devel-0.12-2.1mdv2007.0.i586.rpm 
 82dd8353114027f39ea40147fa65d977  
2007.0/SRPMS/librpcsecgss-0.12-2.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 aa72629dcbf7b309d1255ba8b4e9c7a8  
2007.0/x86_64/lib64rpcsecgss2-0.12-2.1mdv2007.0.x86_64.rpm
 d4e208540e449e43ad3a791134b34085  
2007.0/x86_64/lib64rpcsecgss2-devel-0.12-2.1mdv2007.0.x86_64.rpm 
 82dd8353114027f39ea40147fa65d977  
2007.0/SRPMS/librpcsecgss-0.12-2.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 163c85ca6bcd8fb0255f09ed6dc87d25  
2007.1/i586/librpcsecgss3-0.14-1.1mdv2007.1.i586.rpm
 09660ca474ed5fa9264cba9260304271  
2007.1/i586/librpcsecgss3-devel-0.14-1.1mdv2007.1.i586.rpm 
 e0a0fe57468e16a68c106a8cab72f826  
2007.1/SRPMS/librpcsecgss-0.14-1.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 8b30c8009536197215abc9c0b5e43ae2  
2007.1/x86_64/lib64rpcsecgss3-0.14-1.1mdv2007.1.x86_64.rpm
 4e4d10c2f7eb72948d6baee8f9c0039d  
2007.1/x86_64/lib64rpcsecgss3-devel-0.14-1.1mdv2007.1.x86_64.rpm 
 e0a0fe57468e16a68c106a8cab72f826  
2007.1/SRPMS/librpcsecgss-0.14-1.1mdv2007.1.src.rpm

 Corporate 4.0:
 ecd5d4eff04e2e09f7a6850da0b4dff1  
corporate/4.0/i586/librpcsecgss0-0.5-1.1.20060mlcs4.i586.rpm
 7d77ed46e5427ce213987cbee409785e  
corporate/4.0/i586/librpcsecgss0-devel-0.5-1.1.20060mlcs4.i586.rpm
 3f64577e676dfd9aa09d829fe9de24bd  
corporate/4.0/i586/librpcsecgss2-0.12-1.1.20060mlcs4.i586.rpm
 2f5c87cc699941cb1062c00fe19e37a5  
corporate/4.0/i586/librpcsecgss2-devel-0.12-1.1.20060mlcs4.i586.rpm 
 33512d4c9c0c349ef5a013e4b9b25332  
corporate/4.0/SRPMS/librpcsecgss-0.12-1.1.20060mlcs4.src.rpm
 bd310e2ed1a24a876e8b06617034408f  
corporate/4.0/SRPMS/librpcsecgss0-0.5-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 65df0614cbc92a6135759f984001dc6f  
corporate/4.0/x86_64/lib64rpcsecgss0-0.5-1.1.20060mlcs4.x86_64.rpm
 0b37d5b2b99606080577a6e55cd92d49  
corporate/4.0/x86_64/lib64rpcsecgss0-devel-0.5-1.1.20060mlcs4.x86_64.rpm
 52c1e1c4cbfe5968e360a7c953bae101  
corporate/4.0/x86_64/lib64rpcsecgss2-0.12-1.1.20060mlcs4.x86_64.rpm
 7f324edf9b9eba95453d3f002f3688b7  
corporate/4.0/x86_64/lib64rpcsecgss2-devel-0.12-1.1.20060mlcs4.x86_64.rpm 
 33512d4c9c0c349ef5a013e4b9b25332  
corporate/4.0/SRPMS/librpcsecgss-0.12-1.1.20060mlcs4.src.rpm
 bd310e2ed1a24a876e8b06617034408f  
corporate/4.0/SRPMS/librpcsecgss0-0.5-1.1.20060mlcs4.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG6E7HmqjQ0CJFipgRArPRAJ9fYLAU84R61RV56hfXNc11O5NLqgCfQw4D
MNrgDMg9sKL5fNArPlz+CMc=
=sRJs
-END PGP SIGNATURE-