[SECURITY] [DSA-2158-1] cgiirc security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2158-1 secur...@debian.org http://www.debian.org/security/ Steve Kemp February 9, 2011 http://www.debian.org/security/faq - Package: cgiirc Vulnerability : cross-site scripting Problem type : local Debian-specific: no CVE ID : CVE-2011-0050 Michael Brooks (Sitewatch) discovered a reflective XSS flaw in cgiirc, a web based IRC client, which could lead to the execution of arbitrary javascript. For the old-stable distribution (lenny), this problem has been fixed in version 0.5.9-3lenny1. For the stable distribution (squeeze), and unstable distribution (sid), this problem will be fixed shortly. We recommend that you upgrade your cgiirc packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAk1TB8gACgkQwM/Gs81MDZ3jaQCglAutQanent4qxHuBCtV5ycLz 2qoAn1ARj+1zU5rK64N0rlmA15VbUn8B =72nd -END PGP SIGNATURE-
[SECURITY] [DSA-2156-1] pcscd security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2156-1 secur...@debian.org http://www.debian.org/security/ Steve Kemp January 31, 2011 http://www.debian.org/security/faq - Package: pcscd Vulnerability : buffer overflow Problem type : local Debian-specific: no CVE ID : CVE-2010-4531 MWR InfoSecurity identified a buffer overflow in pcscd, middleware to access a smart card via PC/SC, which could lead to the execution of arbitrary code. For the stable distribution (lenny), this problem has been fixed in version 1.4.102-1+lenny4. For the testing distribution (squeeze), this problem has been fixed in version 1.5.5-4. For the unstable distribution (sid), this problem has been fixed in version 1.5.5-4. We recommend that you upgrade your pcscd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAk1GmzEACgkQwM/Gs81MDZ16QACgtj//ggRf90v63iYv0M3NChBH Qo4An2eHPeNMFlNqPcK2OAe5EzQ+6tRo =CaqX -END PGP SIGNATURE-
[SECURITY] [DSA 2147-1] Security update for pimd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2147-1 secur...@debian.org http://www.debian.org/security/Steve Kemp January 16, 2011 http://www.debian.org/security/faq - - Package: pimd Vulnerability : insecure temporary files Problem type : local Debian-specific: no CVE ID : CVE-2011-0007 Vincent Bernat discovered that pimd, a multicast routing daemon, creates files with predictable names upon the receipt of particular signals. For the stable distribution (lenny), this problem has been fixed in version 2.1.0-alpha29.17-8.1lenny1. The testing distribution (squeeze) and the unstable distribution (sid) will receive updates shortly. We recommend that you upgrade your pimd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAk0zA3UACgkQwM/Gs81MDZ2ZYwCfRRqE/K+mw1xff/9Rct11Oeob /HIAoMtm+Umsn24VfQcBtri6emmHzoZS =pYkp -END PGP SIGNATURE-
[SECURITY] [DSA 1668-1] New hf packages fix execution of arbitrary code
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1668-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp November 22, 2008 http://www.debian.org/security/faq - Package: hf Vulnerability : programming error Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-2378 Debian Bug : 504182 Steve Kemp discovered that hf, an amateur-radio protocol suite using a soundcard as a modem, insecurely tried to execute an external command which could lead to the elevation of privileges for local users. For the stable distribution (etch), this problem has been fixed in version 0.7.3-4etch1. For the unstable distribution (sid), this problem has been fixed in version 0.8-8.1. We recommend that you upgrade your hf package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Debian (stable) - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1.diff.gz Size/MD5 checksum:48134 aedcfbf8d991ebee97c1b1a57f677c32 http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3.orig.tar.gz Size/MD5 checksum: 776437 78d855ea6fccdd5fd1d1ee19d2fd5ea1 http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1.dsc Size/MD5 checksum: 665 c225ea8d68cac81421a85f960c26942c alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_alpha.deb Size/MD5 checksum: 734206 5bd691c27b46f64ce98c68a48e0798ab amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_amd64.deb Size/MD5 checksum: 690954 c966ca05f946b97569b38c9dccc7a80f arm architecture (ARM) http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_arm.deb Size/MD5 checksum: 664202 aad2e7d38d7b6724f2e842e8048bf840 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_hppa.deb Size/MD5 checksum: 731050 412d07e8cf470eba24b4a63994d3bb76 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_i386.deb Size/MD5 checksum: 656534 10eaf8da9cd5deaa7fc0cc655df9e28c ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_ia64.deb Size/MD5 checksum: 898636 2caa75fb4af2f56bd5ccfbf5b0387368 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_mips.deb Size/MD5 checksum: 705444 f41f671e6fc8a5980566c261dc3a6ee9 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_mipsel.deb Size/MD5 checksum: 698476 6e9465ba686b513e22a023f31d4f8980 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_powerpc.deb Size/MD5 checksum: 689566 3a6b281bb7a0fc7ae0d9bdba1e40dff6 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_s390.deb Size/MD5 checksum: 661218 315d7ac125355a89b4a6e253a6fb0172 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_sparc.deb Size/MD5 checksum: 656572 86bb446f37a7801a26859d3db1a177c5 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJJ+X2wM/Gs81MDZ0RAvDvAKC2QslfDIGoZ8Kr3KDVFByYDPkEEwCfU8zU 8CxLLsV531z7KaGZJ96QtEM= =4wBU -END PGP SIGNATURE-
[SECURITY] [DSA 1657-1] New qemu packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1657-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp October 20, 2008 http://www.debian.org/security/faq - Package: qemu Vulnerability : insecure temporary files Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-4553 Debian Bug : 496394 Dmitry E. Oboukhov discovered that the qemu-make-debian-root script in qemu, fast processor emulator, creates temporary files insecurely, which may lead to a local denial of service through symlink attacks. For the stable distribution (etch), this problem has been fixed in version 0.8.2-4etch2. For the testing (lenny) and unstable distribution (sid), this problem has been fixed in version 0.9.1-6. We recommend that you upgrade your qemu package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch2.dsc Size/MD5 checksum: 1130 fd503742c9e3e64be60f8ff265f05edc http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2.orig.tar.gz Size/MD5 checksum: 1501979 312eebc1386cca2e9b30a40763ab9c0d http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch2.diff.gz Size/MD5 checksum:65528 6b47c99fa9e0e99e4af47d5417bc497b amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch2_amd64.deb Size/MD5 checksum: 3697974 1e88b4385a82864d386fe57608c8617a i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch2_i386.deb Size/MD5 checksum: 3676128 cd73888cc1915af94792085994b946e3 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch2_powerpc.deb Size/MD5 checksum: 3578592 86133e0b1804cc53f78f8eb71779a337 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFI/OoqwM/Gs81MDZ0RAi1KAJ9u7MPZCS56SYaALfmEYuN6GP7/eACeLmqE 81SKUu5vlFvKQDlu8IwoLE0= =Szbv -END PGP SIGNATURE-
[SECURITY] [DSA 1654-1] New libxml2 packages fix execution of arbitrary code
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1654-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp October 14, 2008 http://www.debian.org/security/faq - Package: libxml2 Vulnerability : buffer overflow Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-3529 Debian Bug : 498768 It was discovered that libxml2, the GNOME XML library, didn't correctly handle long entity names. This could allow the execution of arbitrary code via a malicious XML file. For the stable distribution (etch), this problem has been fixed in version 2.6.27.dfsg-5. For the unstable distribution (sid), this problem has been fixed in version 2.6.32.dfsg-4. We recommend that you upgrade your libxml2 package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5.diff.gz Size/MD5 checksum: 220443 48cafbb8d1bd2c6093339fea3f14e4a0 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz Size/MD5 checksum: 3416175 5ff71b22f6253a6dd9afc1c34778dec3 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5.dsc Size/MD5 checksum: 893 0dc1f183dd20741e5b4e26a7f8e1c652 Architecture independent packages: http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-5_all.deb Size/MD5 checksum: 1328144 c1c5f0ceb391893a94e61c074b677ee9 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_alpha.deb Size/MD5 checksum: 820850 fac5556241bb0fde20913f25fb9c73ac http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_alpha.deb Size/MD5 checksum:37980 725b1c6925e610b5843ba0ad554dc7bc http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_alpha.deb Size/MD5 checksum: 184754 5ccbaf07b44dcfe528167074050bf270 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_alpha.deb Size/MD5 checksum: 916830 17d71480b7e2a447dabde99c11d752fa http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_alpha.deb Size/MD5 checksum: 881834 cac19a28b37f7afb9e07966f44ddd5b2 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_amd64.deb Size/MD5 checksum: 184130 a13372752d162d0fb2ccd58da6b73e20 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_amd64.deb Size/MD5 checksum:36684 8a0265229bebf9245dc7bb7cc6f41d36 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_amd64.deb Size/MD5 checksum: 796194 6019e59020269cca8fa8fea40f83c118 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_amd64.deb Size/MD5 checksum: 891922 606fc28448bead2709c39a1d3e529a25 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_amd64.deb Size/MD5 checksum: 745758 95bd39eb2818772c43c3351b22326fcd arm architecture (ARM) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_arm.deb Size/MD5 checksum: 741876 1b670c6bac3aa9f7df28f7ea3f1e5725 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_arm.deb Size/MD5 checksum:34678 9a992dc251b137a919a813eed2af8489 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_arm.deb Size/MD5 checksum: 165290 732b4e94b91a086c6b950d187af160bc http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_arm.deb Size/MD5 checksum: 817514 299c93a812ac02a8aa9da88f4cb5aedf http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_arm.deb Size/MD5 checksum: 673192 d2ff2c26ee8dae05f81c24aa6dfce9b5 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_hppa.deb Size/MD5 checksum: 191876 4d2e33090237b47bc10e9526329f0bc5 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27
[SECURITY] [DSA-1645-1] New lighttpd packages fix various problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1645-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp October 06, 2008 http://www.debian.org/security/faq - Package: lighttpd Vulnerability : various Problem type : remote Debian-specific: No CVE Id(s) : CVE-2008-4298 CVE-2008-4359 CVE-2008-4360 Several local/remote vulnerabilities have been discovered in lighttpd, a fast webserver with minimal memory footprint. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4298 A memory leak in the http_request_parse function could be used by remote attackers to cause lighttpd to consume memory, and cause a denial of service attack. CVE-2008-4359 Inconsistent handling of URL patterns could lead to the disclosure of resources a server administrator did not anticipate when using rewritten URLs. CVE-2008-4360 Upon file systems which don't handle case-insensitive paths differently it might be possible that unanticipated resources could be made available by mod_userdir. For the stable distribution (etch), these problems have been fixed in version 1.4.13-4etch11. For the unstable distribution (sid), these problems will be fixed shortly. We recommend that you upgrade your lighttpd package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch11.dsc Size/MD5 checksum: 1108 d747ed7b2063ad6696064bf821c50a00 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch11.diff.gz Size/MD5 checksum:38244 c6de19903fcf9972a3db86af50c3dfb6 Architecture independent packages: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch11_all.deb Size/MD5 checksum: 100436 4b00f0a8ec894c84f01e0924121ddc16 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch11_amd64.deb Size/MD5 checksum: 298530 b1ebecc6e7bf459f367d7cd697cfc826 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch11_amd64.deb Size/MD5 checksum:70718 17ccecf27a1fd3889cafbcf99b438959 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch11_amd64.deb Size/MD5 checksum:64420 7eeeab5dac95d1318f7c0ccafdc88db3 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch11_amd64.deb Size/MD5 checksum:59536 8c6c8f79f475e1168e7c6034fab19e7e http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch11_amd64.deb Size/MD5 checksum:61266 51b5201427b3ef3b14f1fd8346a2be69 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch11_amd64.deb Size/MD5 checksum:64070 d2558ad437f37b51370649f61bd594fa arm architecture (ARM) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch11_arm.deb Size/MD5 checksum:70076 9e71864930a9b029faa7d06cb83ad368 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch11_arm.deb Size/MD5 checksum:61170 bf9adc9694e8079789f74c1ef7f159d7 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch11_arm.deb Size/MD5 checksum:63226 613c8ac801f2897c61e9ff0e2da39e64 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch11_arm.deb Size/MD5 checksum:59046 939e326f979ffd4ec524a37398a9a668 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch11_arm.deb Size/MD5 checksum: 287252 373373dbe20c5073e93e8ecb2a7c293e http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch11_arm.deb Size/MD5 checksum:63434 b653d9e0dfefb364724ea7495cd98c39 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch11_hppa.deb Size/MD5 checksum: 324728 73b5dd3a1ffd0f0b0190ff0cdf95 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch11_hppa.deb Siz
[SECURITY] [DSA 1639-1] New twiki packages execution of arbitrary code
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1639-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp September 19, 2008http://www.debian.org/security/faq - Package: twiki Vulnerability : command execution Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-3195 Debian Bug : 499534 It was discovered that twiki, a web based collaboration platform, didn't properly sanitize the image parameter in its configuration script. This could allow remote users to execute arbitrary commands upon the system, or read any files which were readable by the webserver user. For the stable distribution (etch), this problem has been fixed in version 1:4.0.5-9.1etch1. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your twiki package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/t/twiki/twiki_4.0.5-9.1etch1.dsc Size/MD5 checksum: 657 402a4ba19643a0a537c9f790bd03c9d0 http://security.debian.org/pool/updates/main/t/twiki/twiki_4.0.5.orig.tar.gz Size/MD5 checksum: 4264148 d984b90886c12601b76f51419bb5352b http://security.debian.org/pool/updates/main/t/twiki/twiki_4.0.5-9.1etch1.diff.gz Size/MD5 checksum:40238 265511661493e751ffce5ba2b00c1555 Architecture independent packages: http://security.debian.org/pool/updates/main/t/twiki/twiki_4.0.5-9.1etch1_all.deb Size/MD5 checksum: 4254028 cd6524136eca86aefb207cc86abce619 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFI0/xqwM/Gs81MDZ0RAuyxAKDkEOe+fr78WK0CUe56xuVypEmB2ACg097f dvE1s1Hj/XgkcgG1Y4PDwno= =hzuq -END PGP SIGNATURE-
[SECURITY] [DSA 1635-1] New freetype packages fix multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1635-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp September 10, 2008 http://www.debian.org/security/faq - Package: freetype Vulnerability : multiple Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-1806 CVE-2008-1807 CVE-2008-1808 Several local vulnerabilities have been discovered in freetype, a FreeType 2 font engine, which could allow the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1806 An integer overflow allows context-dependent attackers to execute arbitrary code via a crafted set of values within the Private dictionary table in a Printer Font Binary (PFB) file. CVE-2008-1807 The handling of an invalid "number of axes" field in the PFB file could trigger the freeing of aribtrary memory locations, leading to memory corruption. CVE-2008-1808 Multiple off-by-one errors allowed the execution of arbitrary code via malformed tables in PFB files, or invalid SHC instructions in TTF files. For the stable distribution (etch), these problems have been fixed in version 2.2.1-5+etch3. For the unstable distribution (sid), these problems have been fixed in version 2.3.6-1. We recommend that you upgrade your freetype package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch3.diff.gz Size/MD5 checksum:33815 16f3a9f45c8ba0743fcce4db637b11bf http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch3.dsc Size/MD5 checksum: 806 5a9af398d4749d9b1da47b6d9dbab821 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_alpha.deb Size/MD5 checksum: 169018 c99046707c48ee95504b3584e3acaffa http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_alpha.deb Size/MD5 checksum: 733276 3db91ded5b0de609d968ab8e53920289 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_alpha.deb Size/MD5 checksum: 386320 bf7f4273b546ef4826416b2b33e4f94a http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_alpha.udeb Size/MD5 checksum: 279290 57b6163945dcedbc6269f4a9779c0fd1 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_amd64.deb Size/MD5 checksum: 673858 0501dce4dff1621ecee0e2ce3eaef4aa http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_amd64.udeb Size/MD5 checksum: 248168 9b5d402a5937e847a5e950384421d86c http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_amd64.deb Size/MD5 checksum: 151546 2a6ff47137700ff8730440ccd7f7d151 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_amd64.deb Size/MD5 checksum: 355500 87b2fb3932e86863c46c74916c1a5dde arm architecture (ARM) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_arm.deb Size/MD5 checksum: 646720 cd1705ecfef442f90d80e1fb83db292c http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_arm.deb Size/MD5 checksum: 333838 060a4e7f6977045c5d7f35a721edc041 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_arm.deb Size/MD5 checksum: 134028 e6dcac8b5abd633c83547bd34515dd82 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_arm.udeb Size/MD5 checksum: 227294 41c45c91535b5325ae06649a1e4a3b1c hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_hppa.deb Size/MD5 checksum: 369068 3bcfc3bbe665b9aae3b3933b25a04661 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_hppa.udeb Size/MD5 checksum: 260548 5cc41d234eea28201f11485b610fb046 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_hppa.deb Size/MD5 checksum
[SECURITY] [DSA 1631-1] New libxml2 packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1631-2 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp August 26, 2008 http://www.debian.org/security/faq - Package: libxml2 Vulnerability : denial of service Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-3281 The previous security update of the libxml2 package introduced some problems with other packages, most notably with librsvg. This update corrects these problems whilst still fixing the reported scurity problem. For reference the text of the previous security announcement follows: Andreas Solberg discovered that libxml2, the GNOME XML library, could be forced to recursively evaluate entities, until available CPU & memory resources were exhausted. For the stable distribution (etch), this problem has been fixed in version 2.6.27.dfsg-4. For the unstable distribution (sid), this problem has been fixed in version 2.6.32.dfsg-3. We recommend that you upgrade your libxml2 package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4.dsc Size/MD5 checksum: 893 71d8dbd9fb4d082a273289513941da33 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz Size/MD5 checksum: 3416175 5ff71b22f6253a6dd9afc1c34778dec3 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4.diff.gz Size/MD5 checksum: 145887 5579bcc5d4fb2e33789853d826e265a3 Architecture independent packages: http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-4_all.deb Size/MD5 checksum: 1328140 adb1d2d477eacbaf8347aa50eac782bb alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_alpha.deb Size/MD5 checksum: 820516 31ef1df11042703555ae2be4cd070d77 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_alpha.deb Size/MD5 checksum: 881632 3ed598806d32756af480a32db50d29bb http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_alpha.deb Size/MD5 checksum: 184762 9dcde3e1f90ff7dfc42b2c8ce0c0e24e http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_alpha.deb Size/MD5 checksum: 916300 ed1c5f1efa3dc141d5d4c79820bfef3c http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_alpha.deb Size/MD5 checksum:37978 47fe74c3d93abc8e596d836ef4eb8fcb amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_amd64.deb Size/MD5 checksum: 184120 58ab6cccdd5484e4bfcf4b6dd27c9e00 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_amd64.deb Size/MD5 checksum:36680 dd0b6f7984f011ae92bd7e09bf83f02f http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_amd64.deb Size/MD5 checksum: 795770 4063d07d3876bfbc3f6fcf19e5cafb4a http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_amd64.deb Size/MD5 checksum: 891790 b727f5ae98ce30abe97a1fba3ac40d38 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_amd64.deb Size/MD5 checksum: 745276 5af9ee2e1337339b2e892fedba428e3c arm architecture (ARM) http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_arm.deb Size/MD5 checksum: 165294 ad35b56851b1593e360b686ecfec65fc http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_arm.deb Size/MD5 checksum: 672778 b08822852ad4599685c9dc3188373c4d http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_arm.deb Size/MD5 checksum: 741398 47071e65bd39d46da2671a307254ae1e http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_arm.deb Size/MD5 checksum: 816988 f52a68650d018f67aab33ae26d5dd143 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_arm.deb Size/MD5 checksum:34672 a936724e14d1319ca9a79a0f3711d250 hppa architecture (H
[SECURITY] [DSA 1631-1] New libxml2 packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1631-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp August 22, 2008 http://www.debian.org/security/faq - Package: libxml2 Vulnerability : denial of service Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-3281 Andreas Solberg discovered that libxml2, the GNOME XML library, could be forced to recursively evaluate entities, until available CPU & memory resources were exhausted. For the stable distribution (etch), this problem has been fixed in version 2.6.27.dfsg-3. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your libxml2 package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz Size/MD5 checksum: 3416175 5ff71b22f6253a6dd9afc1c34778dec3 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-3.dsc Size/MD5 checksum: 901 800082d165a5627f571f019994bee93c http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-3.diff.gz Size/MD5 checksum: 146017 10fc8479d96fb23d17ac8a51bfe40db9 Architecture independent packages: http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-3_all.deb Size/MD5 checksum: 1325318 11e64cd82ae7b549fa975a657f773f73 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-3_alpha.deb Size/MD5 checksum:37976 909bab48a2b4a6c29e11b8b880dd464d http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-3_alpha.deb Size/MD5 checksum: 184758 2dbe0e48211dff90726296ee6786b73b http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-3_alpha.deb Size/MD5 checksum: 881704 110adb2bde79f8feb121beaa9ae8e15d http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-3_alpha.deb Size/MD5 checksum: 916192 fd97550bc89ee18ef4c58da00b2c8b1c http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-3_alpha.deb Size/MD5 checksum: 820740 47ba8095722f2bbdf6e88fa6881b365e amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-3_amd64.deb Size/MD5 checksum:36774 78fbbff7c5a940d516ddab2145af3a04 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-3_amd64.deb Size/MD5 checksum: 891114 54574b53e6e1d243c9a3a8db7a7ff845 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-3_amd64.deb Size/MD5 checksum: 182908 28cfebcd7ab010cf63e9261147be9806 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-3_amd64.deb Size/MD5 checksum: 746356 96ee63f89da370e08d4d7cf2d656c414 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-3_amd64.deb Size/MD5 checksum: 796450 d9e1bc7ac6e9ac08a50e4cc7fd245433 arm architecture (ARM) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-3_arm.deb Size/MD5 checksum: 672716 21723fdd5875eb16170ec69734fa4cd4 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-3_arm.deb Size/MD5 checksum: 165296 091714fdcb9c7c7909496ac14d9af71d http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-3_arm.deb Size/MD5 checksum:34676 d1acb4cd2a7036e35a7cfbcdc25362b7 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-3_arm.deb Size/MD5 checksum: 816944 102757770541cb1d1336bb4d3c086aa8 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-3_arm.deb Size/MD5 checksum: 741122 35af939918be6655ca6994462a3b9610 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-3_hppa.deb Size/MD5 checksum: 192856 0f670bcbefb06ace1dcd643e4045d5ce http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-3_hppa.deb Size/MD5 checksum: 85
[SECURITY] [DSA 1610-1] New gaim packages fix execution of arbitrary code
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1610-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp July 15, 2008 http://www.debian.org/security/faq - Package: gaim Vulnerability : integer overflow Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-2927 It was discovered that gaim, an multi-protocol instant messaging client, was vulnerable to several integer overflows in its MSN protocol handlers. These could allow a remote attacker to execute arbitrary code. For the stable distribution (etch), this problem has been fixed in version 1:2.0.0+beta5-10etch1. For the unstable distribution (sid), this package is not present. We recommend that you upgrade your gaim package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1.dsc Size/MD5 checksum: 1143 7c07047f910aa37b5d3237d2b9c2f746 http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5.orig.tar.gz Size/MD5 checksum: 9031658 b95158280b54f7c6e61c975ac6a1b2c5 http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1.diff.gz Size/MD5 checksum:40297 4481186566917128436fec7894a0849e Architecture independent packages: http://security.debian.org/pool/updates/main/g/gaim/gaim-data_2.0.0+beta5-10etch1_all.deb Size/MD5 checksum: 5155634 a771c9d07df618edbea2009b81a780eb alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_alpha.deb Size/MD5 checksum: 3941786 5ae6eb63afa93956d351b436c4dedce1 http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_alpha.deb Size/MD5 checksum: 151048 d2963922763948e431374e6035fce786 http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_alpha.deb Size/MD5 checksum: 1946668 a581acaee78397951203bb9ba75b92a5 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_amd64.deb Size/MD5 checksum: 151308 e02d048bb0b276819259b9eafb2da5c1 http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_amd64.deb Size/MD5 checksum: 3981722 f8dea9c85a995285842b9658b7f22e40 http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_amd64.deb Size/MD5 checksum: 1783578 68aa76888cdef8f740f45f50661234b1 arm architecture (ARM) http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_arm.deb Size/MD5 checksum: 3755878 f5fab49dc1d45ea2a6b5c57a52402cf9 http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_arm.deb Size/MD5 checksum: 151974 65cb42b3add06b9e623d14199c4f1955 http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_arm.deb Size/MD5 checksum: 1562534 cbde10538a351b4f7730a76c3d0d24d7 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_hppa.deb Size/MD5 checksum: 3885888 c6ecba97d3da131f507be4bb829f30d0 http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_hppa.deb Size/MD5 checksum: 151626 bd76b163486f8a778bea8a3cae124d66 http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_hppa.deb Size/MD5 checksum: 1982362 4c523a86d49a58204ef226d8b003adea i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_i386.deb Size/MD5 checksum: 1680010 33ada7f2c9454fe220feac62252ddb6f http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_i386.deb Size/MD5 checksum: 3753710 6a1c030a5bd9ed092d108d54b99e64ca http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_i386.deb Size/MD5 checksum: 151968 4132986afae49a8640f5e4a2c793da30 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_ia64.deb Size/MD5 checksum: 2446022 006e57d747b574fe007531dea875b1e7 http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_ia64.deb Size/MD5 checksum: 149394
[SECURITY] [DSA 1609-1] New lighttpd packages fix multiple DOS issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1609-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp July 15, 2008 http://www.debian.org/security/faq - Package: lighttpd Vulnerability : various Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-0983 CVE-2007-3948 Debian Bug : 434888 43 Several local/remote vulnerabilities have been discovered in lighttpd, a fast webserver with minimal memory footprint. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0983 lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access. CVE-2007-3948 connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service (failed assertion) via a large number of connection attempts. For the stable distribution (etch), these problems have been fixed in version 1.4.13-4etch9. For the unstable distribution (sid), these problems have been fixed in version 1.4.18-2. We recommend that you upgrade your lighttpd package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch9.dsc Size/MD5 checksum: 1106 b9e468fa16bb1874ceef9596827a0aee http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz Size/MD5 checksum: 793309 3a64323b8482b0e8a6246dbfdb4c39dc http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch9.diff.gz Size/MD5 checksum:37524 b935ac31122e596b50393b32412c4634 Architecture independent packages: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch9_all.deb Size/MD5 checksum:99444 f4da891e3055833d72cedb093ebe961b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch9_alpha.deb Size/MD5 checksum:65236 07a7c10a1a9e8e5be6591eafdcb2af70 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch9_alpha.deb Size/MD5 checksum: 319704 347221cd0521559c703e77a638101378 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch9_alpha.deb Size/MD5 checksum:59970 cd8eebac5cafbfc86a94b7bdec622cdc http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch9_alpha.deb Size/MD5 checksum:71720 2243711e9b479e7201bd075375341570 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch9_alpha.deb Size/MD5 checksum:61748 e082eba9bed47e7d41b97b8c3faf2ab4 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch9_alpha.deb Size/MD5 checksum:64804 2300124052e6cd3d16b5d912771a43d2 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch9_amd64.deb Size/MD5 checksum:70042 f216ba125297f9617e9b93ae5e9c1528 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch9_amd64.deb Size/MD5 checksum:60890 0cf8ebc595c92cf0e5133cfb0fdb45f1 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch9_amd64.deb Size/MD5 checksum:64028 22bef6211d9afd320292721a796671fb http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch9_amd64.deb Size/MD5 checksum:63726 1908fe9c6b35d03ac8cb8ca25bc119a8 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch9_amd64.deb Size/MD5 checksum:59294 a0bc743d9720b97db28764c6c1e0f79c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch9_amd64.deb Size/MD5 checksum: 297536 0de34b9f4ef546ae5f38991f4676143a arm architecture (ARM) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch9_arm.deb Size/MD5 checksum
[SECURITY] [DSA 1606-1] poppler packages fix execution of arbitrary code
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1606-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp July 09, 2008 http://www.debian.org/security/faq - Package: poppler Vulnerability : programming error Problem type : local Debian-specific: no CVE Id(s) : CVE 2008-1693 Debian Bug : 476842 It was discovered that poppler, a PDF rendering library, did not properly handle embedded fonts in PDF files, allowing attackers to execute arbitrary code via a crafted font object. For the stable distribution (etch), this problem has been fixed in version 0.4.5-5.1etch3. For the unstable distribution (sid), this problem has been fixed in version 0.8.0-1. We recommend that you upgrade your poppler package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch3.dsc Size/MD5 checksum: 757 1560882fd2916cf690dfab5b36caf393 http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch3.diff.gz Size/MD5 checksum: 484328 8f9c696fb31d332b65515d263b9b29da http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5.orig.tar.gz Size/MD5 checksum: 783752 2bb1c75aa3f9c42f0ba48b5492e6d32c alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_alpha.deb Size/MD5 checksum:30352 3a20e8e3a5f60e0c8a676a290e858a61 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_alpha.deb Size/MD5 checksum:43058 9bb013f968577d9320de44b82e7fd1f1 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_alpha.deb Size/MD5 checksum: 772710 d2b3b2490771162ac139f5246e85b231 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_alpha.deb Size/MD5 checksum:86580 c396dba838001d108bf56d477f08cd4b http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_alpha.deb Size/MD5 checksum:34056 5f12b52c57a11f9881e433bb9710acaa http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_alpha.deb Size/MD5 checksum:55052 fd976b4ba5a06387095fd5ab0eb1ddd3 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_alpha.deb Size/MD5 checksum: 504476 19e19093f81f966f0e8e2da723f8e07b amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_amd64.deb Size/MD5 checksum: 613694 30e519a2a6a52073527556f7be56e368 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_amd64.deb Size/MD5 checksum:30656 879a9f7b40b84395dec8667fbaed7a30 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_amd64.deb Size/MD5 checksum:46070 3fca3fa3a27cd8591e3b654e0063d818 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_amd64.deb Size/MD5 checksum:41768 0e876f9dde8c94548fb5a5f973d4d1fb http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_amd64.deb Size/MD5 checksum: 456526 1aa5b6834c6605b9c0c89d76c527b085 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_amd64.deb Size/MD5 checksum:29706 252693ce004ebe4da029cb8cac60c8ad http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_amd64.deb Size/MD5 checksum:83614 4f3e6d766e655a6a6e48ce379853e720 arm architecture (ARM) http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_arm.deb Size/MD5 checksum:40176 c220cbc637a1898a24f3d6facf2334b5 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_arm.deb Size/MD5 checksum:81782 513ca3c03a1d48caa5ab2ddd4ada7aed http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_arm.deb Size/MD5 checksum: 438142 f4b166156f43a8715d2cc8b27c621e53 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_arm.deb Size/MD5
[SECURITY] [DSA 1560-1] New sympa packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1600-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp July 01, 2008 http://www.debian.org/security/faq - Package: sympa Vulnerability : dos Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-1648 Debian Bug : 475163 It was discovered that sympa, a modern mailing list manager, would crash when processing certain types of malformed messages. For the stable distribution (etch), this problem has been fixed in version 5.2.3-1.2+etch1. For the unstable distribution (sid), this problem has been fixed in version 5.3.4-4. We recommend that you upgrade your sympa package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1.dsc Size/MD5 checksum: 625 c7e720e56b1c4e9778cea822ed150a19 http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1.diff.gz Size/MD5 checksum:96804 a93d8ec3dcbc0a0aed99e513c5749c0e http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3.orig.tar.gz Size/MD5 checksum: 5102528 355cb9174841205831191c93a83da895 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_alpha.deb Size/MD5 checksum: 3589148 26b92215ed7b17531c3702ff76b30901 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_amd64.deb Size/MD5 checksum: 3591854 531781d522ad5f02e6c5b658883ed37d arm architecture (ARM) http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_arm.deb Size/MD5 checksum: 3590606 dc3437760b7db4761f90e992e3638c52 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_hppa.deb Size/MD5 checksum: 3591482 5601933860831577cb017cb0aa3b31fe i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_i386.deb Size/MD5 checksum: 3567454 0c6e3d6046f7d0e9920ed7ce9780b103 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_ia64.deb Size/MD5 checksum: 3571256 c294184494968264ff0857fc2b907711 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_mips.deb Size/MD5 checksum: 3584362 1b3371fe22966b198a3c338167e71909 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_powerpc.deb Size/MD5 checksum: 3568314 57c566c13cd31f66bbe3652b4c9ea3e7 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_s390.deb Size/MD5 checksum: 3568574 afab57a71590dcdd685746b6500040b0 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_sparc.deb Size/MD5 checksum: 3568016 0bf312e31bb5df28404ea40842845caf These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIapKKwM/Gs81MDZ0RAqAtAJ4qQlnuRralKZTMQhtDqYvMXfaqdQCgof4S 6REh7OX9zxqgWYGHqQWtEpQ= =ANTa -END PGP SIGNATURE-
[SECURITY] [DSA 1584-1] New libfissound packages fix execution of arbitrary code
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1584-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp May 21, 2008 http://www.debian.org/security/faq - Package: libfishsound Vulnerability : integer overflow Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-1686 Debian Bug : 475152 It was discovered that libfishsound, a simple programming interface that wraps Xiph.Org audio codecs, didn't correctly handle negative values in a particular header field. This could allow malicious files to execute arbitrary code. For the stable distribution (etch), this problem has been fixed in version 0.7.0-2etch1. For the unstable distribution (sid), this problem has been fixed in version 0.7.0-2.2. We recommend that you upgrade your libfishsound package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound_0.7.0.orig.tar.gz Size/MD5 checksum: 426487 00ece8c9a0363b37957ce670bcf270d3 http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound_0.7.0-2etch1.dsc Size/MD5 checksum: 659 d72d4922c70c6bb10dff6ace5a814455 http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound_0.7.0-2etch1.diff.gz Size/MD5 checksum:16054 c5842b27bd7a05ef9bd26e701dfc56dc alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_alpha.deb Size/MD5 checksum:34582 9ef817deb3b892d9fa9f7fdc4a94e6a5 http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_alpha.deb Size/MD5 checksum:15304 eed92cc88865ae99cc768c0a7b33019c http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_alpha.deb Size/MD5 checksum: 7740 57cd0eae0976b9d78be65d0aeba32a3e amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_amd64.deb Size/MD5 checksum:30786 64fd312521a927ceb867f63e5f4734a5 http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_amd64.deb Size/MD5 checksum: 7794 8fb36c5bdd40a8dc5c370802da6ec050 http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_amd64.deb Size/MD5 checksum:14334 a6845973bc2f61f4783710a5797e5484 arm architecture (ARM) http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_arm.deb Size/MD5 checksum:29224 35d4c9d5a750ba8dd53ba6fd5bb248df http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_arm.deb Size/MD5 checksum:12462 6693b054221d19c6da6c2069466ef7dc http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_arm.deb Size/MD5 checksum: 7882 560e18366ae1e15d5aef32855f0ab731 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_hppa.deb Size/MD5 checksum:15162 68e6bc1466fcfa4d73edb3d760a9e5b8 http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_hppa.deb Size/MD5 checksum: 7802 5922374807b136070b2f002ba716807f http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_hppa.deb Size/MD5 checksum:31662 3c9fbc584f7942ff0ea88dd27daebbfd i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_i386.deb Size/MD5 checksum:29344 74a5b956c3dc3450f3da2ec91dcf2a34 http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_i386.deb Size/MD5 checksum:13384 559730ed3949728fc0dcf77d19a05712 http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_i386.deb Size/MD5 checksum: 7614 c2b9b6a8343bda423068fa8965411bf6 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_ia64.deb Size/MD5 checksum:
[SECURITY] [DSA 1570-1] New kazehakase packages fix execution of arbitrary code
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1570-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp May 06, 2008 http://www.debian.org/security/faq - Package: kazehakase Vulnerability : various Problem type : local Debian-specific: no CVE Id(s) : CVE-2006-7227 CVE-2006-7228 CVE-2006-7230 CVE-2007-1659 CVE-2007-1660 CVE-2007-1661 CVE-2007-1662 CVE-2007-4766 CVE-2007-4767 CVE-2007-4768 Debian Bug : 464756 Andrews Salomon reported that kazehakase, a GTK+-base web browser that allows pluggable rendering engines, contained an embedded copy of the PCRE library in its source tree which was compiled in and used in preference to the system-wide version of this library. The PCRE library has been updated to fix the security issues reported against it in previous Debian Security Advisories. This update ensures that kazehakase uses that supported library, and not its own embedded and insecure version. For the stable distribution (etch), this problem has been fixed in version 0.4.2-1etch1. We recommend that you upgrade your kazehakase package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1.diff.gz Size/MD5 checksum:29821 9ed08939091d62c63e28dd2448076879 http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2.orig.tar.gz Size/MD5 checksum: 1377901 439ba54dc27509a2ef518f0efc775acc http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1.dsc Size/MD5 checksum: 812 59f2a6ef066de3819891e121b0111b8c alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_alpha.deb Size/MD5 checksum: 831296 01e7938bbf1336d0c6a8b96645f3e79f amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_amd64.deb Size/MD5 checksum: 785472 c3eaac04243b72ab3b64458b0052aa3a arm architecture (ARM) http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_arm.deb Size/MD5 checksum: 739870 5952c1fc0c8eaaa521262118d2172736 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_hppa.deb Size/MD5 checksum: 882844 470611add8502f4a341e8cdef4499f4a i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_i386.deb Size/MD5 checksum: 759278 c679e8a553436a11345bca1bc88df09f mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_mips.deb Size/MD5 checksum: 721080 2cbff04efc16533a2b54c779ed1f04db mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_mipsel.deb Size/MD5 checksum: 717176 12c4bbbd600c7d6161a3707634a6017d powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_powerpc.deb Size/MD5 checksum: 769382 6e14ed4f3a1fadc97f5996ff29601a8b s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_s390.deb Size/MD5 checksum: 798436 f956cf4e29625f8d324bc5b2fd7b2300 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_sparc.deb Size/MD5 checksum: 757522 befeaed6fcca5045fda96b8450522768 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIIKfSwM/Gs81MDZ0RAnRSAKDdza14GlOXLf/Y3GwcJXF16x/ArwCgvKR2 Rnhh/Db/KhgdAg0g8+tMgC0= =41vh -END PGP SIGNATURE-
[SECURITY] [DSA 1566-1] New cpio packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1566-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp May 02, 2008 http://www.debian.org/security/faq - Package: cpio Vulnerability : programming error Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2007-4476 Dmitry Levin discovered a vulnerability in path handling code used by the cpio archive utility. The weakness could enable a denial of service (crash) or potentially the execution of arbitrary code if a vulnerable version of cpio is used to extract or to list the contents of a maliciously crafted archive. For the stable distribution (etch), these problems have been fixed in version 2.6-18.1+etch1. For the unstable distribution (sid), these problems have been fixed in version 2.9-5. We recommend that you upgrade your cpio packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6.orig.tar.gz Size/MD5 checksum: 556018 76b4145f33df088a5bade3bf4373d17d http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1.dsc Size/MD5 checksum: 556 fdcfe9fa17130663f3fcb21aebb52924 http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1.diff.gz Size/MD5 checksum:92775 78d1098c15d92c0d5bfe6c5dcc4e5652 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_alpha.deb Size/MD5 checksum: 146740 167eeae5237940f15b9eea7b1f754b65 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_amd64.deb Size/MD5 checksum: 136734 f827f70099b66a518fbd3e6782e7909b arm architecture (ARM) http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_arm.deb Size/MD5 checksum: 132108 b4ecfb2b81f84d1f82c268c0ccb0081d hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_hppa.deb Size/MD5 checksum: 143166 b7ca87731e442f3eaaf117113bfc941a i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_i386.deb Size/MD5 checksum: 132096 c490f550663e524725544d389546e56f ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_ia64.deb Size/MD5 checksum: 171990 be7ca34414f4bfa4129379c9eea3473f mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_mips.deb Size/MD5 checksum: 146084 f57b7e09e1705692427220cd1932ea1a mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_mipsel.deb Size/MD5 checksum: 145348 2010baf76d3039417c6b6bca1eba1246 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_powerpc.deb Size/MD5 checksum: 138322 229edae58b3b4387dcfdcf8717932cb4 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_s390.deb Size/MD5 checksum: 143878 60c6e036d5df8c67e74f301fa14b4e9f sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_sparc.deb Size/MD5 checksum: 131248 63a51ec9ac633327f21d27c616d604ba These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIGyxnwM/Gs81MDZ0RAka1AJ99sbmauR0AiUqM7utuOjCOPru/sQCgsjTU 8N0s+d1hbnAmCRe6DzExPAU= =YK94 -END PGP SIGNATURE-
[SECURITY] [DSA 1540-2] New lighttpd packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1540-2 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp April 15, 2008http://www.debian.org/security/faq - Package: lighttpd Vulnerability : DOS Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-1531 It was discovered that lighttpd, a fast webserver with minimal memory footprint, was didn't correctly handle SSL errors. This could allow a remote attacker to disconnect all active SSL connections. This security update fixes a regression in the previous one, which caused SSL failures. For the stable distribution (etch), this problem has been fixed in version 1.4.13-4etch8. We recommend that you upgrade your lighttpd package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8.diff.gz Size/MD5 checksum:37420 89efdab79fcbac119000a64cab648fcd http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz Size/MD5 checksum: 793309 3a64323b8482b0e8a6246dbfdb4c39dc http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8.dsc Size/MD5 checksum: 1098 87a04c4e704dd7921791bc44407b5e0e Architecture independent packages: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch8_all.deb Size/MD5 checksum:99618 ae68b64b7c0df0f0b3a9d19b87e7c40a amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_amd64.deb Size/MD5 checksum: 297300 19f5b871d2a9a483e1ecdaa2325c45cb http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_amd64.deb Size/MD5 checksum:63586 750cf5f5d7671986b195366f2335c9cc http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_amd64.deb Size/MD5 checksum:63884 72ee2b52772010ae7c63a0a2b4761ff5 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_amd64.deb Size/MD5 checksum:59138 45672a1a3af65311693a3aee58be5566 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_amd64.deb Size/MD5 checksum:69890 b84d4ea8c9af282e2aeeb5c05847a95a http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_amd64.deb Size/MD5 checksum:60742 f48ef372b71be1b2683d03b411c7e7cf hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_hppa.deb Size/MD5 checksum:59896 60a4e61e9b5e2bafbf53474d677b36bb http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_hppa.deb Size/MD5 checksum: 323946 642f46921f99dfdf8e52ed3777847cbc http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_hppa.deb Size/MD5 checksum:61890 4feb260d9f611c26979872b49b09ebc1 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_hppa.deb Size/MD5 checksum:65000 2ce28ddd20bcd1bf407e14bae053537b http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_hppa.deb Size/MD5 checksum:72946 33c93c114c3807d63bb18a5a9b3f33b9 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_hppa.deb Size/MD5 checksum:65520 82a4460351af3d4c8b9d84ec831bd006 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_i386.deb Size/MD5 checksum:63884 96876134f02cf6b3c5079d5deecca7d9 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_i386.deb Size/MD5 checksum:59086 f928fd96f37229e72661fa7140a0daa9 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_i386.deb Size/MD5 checksum: 289088 477ce333d4a1b9f506645ff22193191f http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_i386.deb Size/MD5 checksum:70932 90cd2be30fb0f0e0ff97820e1b8c19f1 http://security.debian.org/pool/updates/m
[SECURITY] [DSA 1540-1] New lighttpd packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1540-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp April 07, 2008http://www.debian.org/security/faq - Package: lighttpd Vulnerability : DOS Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-1531 It was discovered that lighttpd, a fast webserver with minimal memory footprint, was didn't correctly handle SSL errors. This could allow a remote attacker to disconnect all active SSL connections. For the stable distribution (etch), this problem has been fixed in version 1.4.13-4etch7. We recommend that you upgrade your lighttpd package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7.dsc Size/MD5 checksum: 1098 0d420a477511699665602b3c64b39179 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz Size/MD5 checksum: 793309 3a64323b8482b0e8a6246dbfdb4c39dc http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7.diff.gz Size/MD5 checksum:37428 1f54c20fa199127e6db25176bcbe5902 Architecture independent packages: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch7_all.deb Size/MD5 checksum:99548 11dbb6f839e908c0d641249fb3d4fdc4 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_alpha.deb Size/MD5 checksum:64532 d799861c011b78a8238777f49c6fb92d http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_alpha.deb Size/MD5 checksum: 318940 0e6314a5e9254d6500fb67555844d71b http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_alpha.deb Size/MD5 checksum:64964 bd1d1cd3aa8c601b9cfad9e48528cb75 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_alpha.deb Size/MD5 checksum:61294 55daca76be0d34892687511d3f4f1be9 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_alpha.deb Size/MD5 checksum:71764 74606f3ddea8f458c2ede8395bedb305 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_alpha.deb Size/MD5 checksum:59532 267cff02d1ecbfa394bba4128d475fc8 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_amd64.deb Size/MD5 checksum:60706 f8be0d85f9fbeb4c13812193f5d9fd97 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_amd64.deb Size/MD5 checksum:69852 e827323f52a4705c7181d183d4d91e28 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_amd64.deb Size/MD5 checksum:59104 310716e9e2e8c2f52bef3d6c604d6db0 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_amd64.deb Size/MD5 checksum: 297296 dbfccf2a8da12c6ebe829322be356345 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_amd64.deb Size/MD5 checksum:63842 b0f28737f30018c175bf880134b3a125 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_amd64.deb Size/MD5 checksum:63542 64b3baf663b5da3ecb2768583aea88db arm architecture (ARM) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_arm.deb Size/MD5 checksum:58644 dca9be439e843773122daa5116961f47 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_arm.deb Size/MD5 checksum:60770 834dbe952f348107cb9c67725a1f10a9 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_arm.deb Size/MD5 checksum: 286372 92f55d65c3270e7a7686e9dcc4238891 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_arm.deb Size/MD5 checksum:63016 3d2e94666a3a202be5c5a827fbdcb1b7 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_arm.deb Size/MD5 checksum:
[SECURITY] [DSA 1522-1] New xwine packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1526-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp March 20, 2008http://www.debian.org/security/faq - Package: xwine Vulnerability : various Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-0930 CVE-2008-0931 Steve Kemp from the Debian Security Audit project discovered several local vulnerabilities have been discovered in xwine, a graphical user interface for the WINE emulator. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0930 The xwine command makes unsafe use of local temporary files when printing. This could allow the removal of arbitrary files belonging to users who invoke the program. CVE-2008-0931 The xwine command changes the permissions of the global WINE configuration file such that it is world-writable. This could allow local users to edit it such that arbitrary commands could be executed whenever any local user executed a program under WINE. For the stable distribution (etch), these problems have been fixed in version 1.0.1-1etch1. We recommend that you upgrade your xwine package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1.diff.gz Size/MD5 checksum:27365 a7f1316789d0d54fbfdfbbbca8fb5c27 http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1.dsc Size/MD5 checksum: 619 477cc8074941df31e0d3c04c2d5ecf90 http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1.orig.tar.gz Size/MD5 checksum: 1527684 2748b66d5ab0b4cc172cbb296cc8363b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_alpha.deb Size/MD5 checksum: 1078778 f7f62194f4bcfcf08b3f24c2caad2cf0 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_amd64.deb Size/MD5 checksum: 1044810 5a9c6db84637c399f53ac631685d359d arm architecture (ARM) http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_arm.deb Size/MD5 checksum: 1042890 88b6f1cc95a3d1064be79c420535b70c hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_hppa.deb Size/MD5 checksum: 1054266 9eb4ea73d3ea9eef16f9f8002e9b3d43 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_i386.deb Size/MD5 checksum: 1049258 caf4aeb5e2a45b6c38abe8f5e0c7fb61 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_ia64.deb Size/MD5 checksum: 1099784 a3a5facdb404d481df42ee386402b4fa powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_powerpc.deb Size/MD5 checksum: 1045496 74235e48bda3cb5b43f589be5962c65f s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_s390.deb Size/MD5 checksum: 1021898 374b7326c9092fba9d34eea4e3d69ce0 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_sparc.deb Size/MD5 checksum: 1037724 32c6b9725b87a9f81074667290fab29b These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFH4rYOwM/Gs81MDZ0RAhM/AKClVPQIykIm2h9v/Te/vgF6Tb5RkgCgrWlL kEKXH2c6/XFtM4lF0jSFrIM= =Iknm -END PGP SIGNATURE-
[SECURITY] [DSA 1521-1] New lighttpd packages fix arbitrary file disclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1521-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp March 16, 2008http://www.debian.org/security/faq - Package: lighttpd Vulnerability : file disclosure Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-1270 Julien Cayzac discovered that under certain circumstances lighttpd, a fast webserver with minimal memory footprint, might allow the reading of arbitrary files from the system. This problem could only occur with a non-standard configuration. For the stable distribution (etch), this problem has been fixed in version 1.4.13-4etch6. We recommend that you upgrade your lighttpd package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch6.dsc Size/MD5 checksum: 1098 3e5a62a7162734998177e8707d2dba02 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch6.diff.gz Size/MD5 checksum:37066 853e653e4b56e0065b7d072bfdb038b9 Architecture independent packages: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch6_all.deb Size/MD5 checksum:99510 38af003d4b49531a371c58eec8c92797 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch6_alpha.deb Size/MD5 checksum:61252 f9a572ac4ece6cda80883e9ece59cf99 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch6_alpha.deb Size/MD5 checksum:64492 6d0802043b33391abf217b605ade53c6 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch6_alpha.deb Size/MD5 checksum: 318848 64225fd5e10a77386763b28a3fa6b310 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch6_alpha.deb Size/MD5 checksum:71726 8797d97bd147f2f502741d790d42781e http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch6_alpha.deb Size/MD5 checksum:59494 5537c07a1bf16c607d42cbb24af35b0e http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch6_alpha.deb Size/MD5 checksum:64924 e179a9988bc2b04a0188301040f7eb02 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch6_amd64.deb Size/MD5 checksum:60662 281bac93cddf6ed6fcd907dac5eb0720 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch6_amd64.deb Size/MD5 checksum:69818 74394f7d4528636f962133efa4a738da http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch6_amd64.deb Size/MD5 checksum:63506 b336b9d3d1836d2d06c5feaaefb8366e http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch6_amd64.deb Size/MD5 checksum:63806 6613f85008260c83222a2b5a8d183d50 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch6_amd64.deb Size/MD5 checksum: 297130 9a00e9837f11cb5647491e28bf8da877 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch6_amd64.deb Size/MD5 checksum:59060 1b1864819d7892f9dc1834ece83ba39f arm architecture (ARM) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch6_arm.deb Size/MD5 checksum:62786 e91afeac0b95ae32d9c346bf8b56ff2b http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch6_arm.deb Size/MD5 checksum:69506 928bd56baa76d302d2637c3edafa966a http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch6_arm.deb Size/MD5 checksum:58604 e060ddc287c0f62485c3b450f781a9c5 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch6_arm.deb Size/MD5 checksum: 286248 6915b4c299334a0aa608e69016579947 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch6_arm.deb Size/MD5 checksum:60736 c1dba99fad76965ea148addcedbe8d1e http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd
[SECURITY] [DSA 1513-1] New lighttpd packages fix CGI source disclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1513-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp March 06, 2008http://www.debian.org/security/faq - Package: lighttpd Vulnerability : information disclosure Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008- It was discovered that lighttpd, a fast webserver with minimal memory footprint, would display the source to CGI scripts if their execution failed in some circumstances. For the stable distribution (etch), this problem has been fixed in version 1.4.13-4etch5. For the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your lighttpd package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5.diff.gz Size/MD5 checksum:36835 fa55bbf4bf1b9a555cc4b7b368a059f6 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz Size/MD5 checksum: 793309 3a64323b8482b0e8a6246dbfdb4c39dc http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5.dsc Size/MD5 checksum: 1098 52f5881ec943188d8276c600902c84f5 Architecture independent packages: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch5_all.deb Size/MD5 checksum:99430 b13f37c0c8b55e145e6f823d5dd82dee alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_alpha.deb Size/MD5 checksum:71646 3d0308407b0b089bb8d8a215503f20d8 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_alpha.deb Size/MD5 checksum:59412 cf3dc4218076b66d5fb04e40cb6e6a03 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_alpha.deb Size/MD5 checksum:64832 c58a1cfc4a506351ef2425f4e4018113 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_alpha.deb Size/MD5 checksum:61170 0a2a5196ed776076f29fb8a85976387e http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_alpha.deb Size/MD5 checksum:64402 58268f6c0dc00b8e0fe16f5cf93a6d86 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_alpha.deb Size/MD5 checksum: 318776 55890a8afec6ff4fba50ff2e8ac4df6c amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_amd64.deb Size/MD5 checksum:69738 92677861a76629b9a3361c2c338d5bb0 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_amd64.deb Size/MD5 checksum:63434 98b26e827bb4c8a023239a90bfdb45a2 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_amd64.deb Size/MD5 checksum:60586 a3c573b8d1f921fb93fd28e33ee86d4f http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_amd64.deb Size/MD5 checksum:58994 de8951a3316888b5874f3b3ee0abe755 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_amd64.deb Size/MD5 checksum:63726 0ca9bf4df2ca8260495146011e6d3a53 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_amd64.deb Size/MD5 checksum: 297048 a12c33257671acdd291f41b7b7f8c64d arm architecture (ARM) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_arm.deb Size/MD5 checksum: 286092 3821f3f07c614ccf1a98cdec79301a18 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_arm.deb Size/MD5 checksum:58528 1e3e7f75c172bb082c7b083110194c9f http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_arm.deb Size/MD5 checksum:60664 489518ec1610f510562a1d0a2dfcb940 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_arm.deb Size/MD5 checksum:69414 41096405646828e7a63a6e4b208d5497 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13
[SECURITY] [DSA 1511-1] New libicu packages fix multiple problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1511-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp March 03, 2008http://www.debian.org/security/faq - Package: libicu Vulnerability : various Problem type : local Debian-specific: no CVE Id(s) : 2007-4770 2007-4771 Debian Bug : 463688 Several local vulnerabilities have been discovered in libicu, International Components for Unicode, The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-4770 libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames. CVE-2007-4771 Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. For the stable distribution (etch), these problems have been fixed in version 3.6-2etch1. For the unstable distribution (sid), these problems have been fixed in version 3.8-6. We recommend that you upgrade your libicu package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/i/icu/icu_3.6.orig.tar.gz Size/MD5 checksum: 9778863 0f1bda1992b4adca62da68a7ad79d830 http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch1.dsc Size/MD5 checksum: 591 13dcea6b1c9a282147b99c4867db6ee8 http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch1.diff.gz Size/MD5 checksum: 9552 82e560098b24b245872b163a522a80b8 Architecture independent packages: http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.6-2etch1_all.deb Size/MD5 checksum: 3332194 5da76263265814905245b97daec4c1c3 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_alpha.deb Size/MD5 checksum: 7028746 b6b13d0fa262501923c97a859b400d10 http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_alpha.deb Size/MD5 checksum: 5581984 0cd37ce9f234b9207accc424dc191f49 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_amd64.deb Size/MD5 checksum: 6585582 9fe0ee74625a985628c9af096dd13827 http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_amd64.deb Size/MD5 checksum: 5444228 250851db4a613e9a5d0029d73c1196c0 arm architecture (ARM) http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_arm.deb Size/MD5 checksum: 6631114 a73ff442415ca3bc336f1fb49e3aa701 http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_arm.deb Size/MD5 checksum: 5458358 c6d533fd7c1c51efbac58d2a96a386fb hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_hppa.deb Size/MD5 checksum: 7090294 aadca0bc8fb9307ea7fe293406a10e5f http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_hppa.deb Size/MD5 checksum: 5909956 07bd8e6c733072fca8b96cc10e210a68 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_i386.deb Size/MD5 checksum: 5468656 532aa02d6d67d4b6527ac8c29c9d110e http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_i386.deb Size/MD5 checksum: 6465540 bfd4d908b552bba2d871771f86369ec7 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_ia64.deb Size/MD5 checksum: 7238880 10b410fcd460e47c3619de88167b74f5 http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_ia64.deb Size/MD5 checksum: 5865536 dbc0ec913f08682cec4f1b75d35e0531 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_mips.deb Size/MD5 checksum: 7047506
[SECURITY] [DSA 1507-1] New turba2 packages fix permission testing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1507-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp February 24, 2008 http://www.debian.org/security/faq - Package: turba2 Vulnerability : programming error Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-0807 Debian Bug : 464058 Peter Paul Elfferich discovered that turba2, a contact management component for horde framework did not correctly check access rights before allowing users to edit addresses. This could result in valid users being able to alter private address records. For the stable distribution (etch), this problem has been fixed in version 2.1.3-1etch1. For the old stable distribution (sarge), this problem has been fixed in version 2.0.2-1sarge1. For the unstable distribution (sid), this problem has been fixed in version 2.1.7-1. We recommend that you upgrade your turba2 package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/t/turba2/turba2_2.0.2-1sarge1.dsc Size/MD5 checksum: 626 78ef803c5a5c3c0564ddd8b23a96da4d http://security.debian.org/pool/updates/main/t/turba2/turba2_2.0.2-1sarge1.diff.gz Size/MD5 checksum: 8049 8ccfd8d4f1886141a916d706217d8a73 http://security.debian.org/pool/updates/main/t/turba2/turba2_2.0.2.orig.tar.gz Size/MD5 checksum: 1221378 43381a9620d08ad17758fc533e865db3 Architecture independent packages: http://security.debian.org/pool/updates/main/t/turba2/turba2_2.0.2-1sarge1_all.deb Size/MD5 checksum: 1282950 ee4a5791cb7b942305f9095b9b3ae697 Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/t/turba2/turba2_2.1.3-1etch1.diff.gz Size/MD5 checksum: 7434 fcef7709711274ebf26b99e3032f4e7e http://security.debian.org/pool/updates/main/t/turba2/turba2_2.1.3.orig.tar.gz Size/MD5 checksum: 1790717 a0407717f3f64fb33f6a57e2244a12b4 http://security.debian.org/pool/updates/main/t/turba2/turba2_2.1.3-1etch1.dsc Size/MD5 checksum: 722 0aa309ef908c6ab95b62fa6fbb97d7c5 Architecture independent packages: http://security.debian.org/pool/updates/main/t/turba2/turba2_2.1.3-1etch1_all.deb Size/MD5 checksum: 1860044 0fb704f257a5d583196e10de104289f0 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHwWuDwM/Gs81MDZ0RAinaAJ9711WgcsQv3xAQ8dOautoN5BKMzgCfV4Ck Azcmd1e9g/lOp0fVreD+G+Y= =CWD7 -END PGP SIGNATURE-
[SECURITY] [DSA 1500-1] New splitvt packages fix privilege escalation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1500-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp February 21, 2008 http://www.debian.org/security/faq - Package: splitvt Vulnerability : privilege escalation Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-0162 Mike Ashton discovered that splitvt, a utility to run two programs in a split screen, did not drop group privileges prior to executing 'xprop'. This could allow any local user to gain the privileges of group utmp. For the stable distribution (etch), this problem has been fixed in version 1.6.5-9etch1. For the unstable distribution (sid), this problem has been fixed in version 1.6.6-4. We recommend that you upgrade your splitvt package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1.dsc Size/MD5 checksum: 602 38c5d340fe95abbd78edfa806618fce8 http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1.diff.gz Size/MD5 checksum:10746 ea95a61da623237d715e5b1fdce9e92a alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_alpha.deb Size/MD5 checksum:41314 06622ad249f48ee2009f03ef1b4ba1ad amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_amd64.deb Size/MD5 checksum:37754 dd591bff5b03378ab225dbf41648e037 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_hppa.deb Size/MD5 checksum:38398 f9c5dc35197dcd1b8a2843a29c200bbb i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_i386.deb Size/MD5 checksum:34754 70d76970fb5017197c78861c4d070cab ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_ia64.deb Size/MD5 checksum:50166 d2328ca3f1d1114cc9a2497d59e0ff9a mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_mips.deb Size/MD5 checksum:39434 3205ddfd371fd0edd5175333a5c94c1b powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_powerpc.deb Size/MD5 checksum:37800 7c8d9c7f20e4a4fc92531f0a5cd7bb26 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_s390.deb Size/MD5 checksum:37854 9c39d0109f6600022862c3ee6d1fb0c8 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHvd1awM/Gs81MDZ0RAg06AKDJ/V4YC2YkBD2zeAgBxlaZQagpnQCfUkSm EM24FdX8f8pceWCmyHPKnA8= =BVtM -END PGP SIGNATURE-
[SECURITY] [DSA 1498-1] New libimager-perl packages fix arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1498-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp February 19, 2008 http://www.debian.org/security/faq - Package: libimager-perl Vulnerability : buffer overflow Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-2459 Debian Bug : 421582 It was discovered that libimager-perl, a Perl extension for Generating 24 bit images, did not correctly handle 8-bit per-pixel compressed images, which could allow the execution of arbitrary code. For the stable distribution, this problem has been fixed in version 0.50-1etch1. We recommend that you upgrade your libimager-perl package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1.diff.gz Size/MD5 checksum: 3049 e82e882633056ddef2beec5107085163 http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1.dsc Size/MD5 checksum: 702 a2325e2e5fd0522924e1c394260fb902 http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50.orig.tar.gz Size/MD5 checksum: 757843 19cfffe047909599226f76694155f996 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_alpha.deb Size/MD5 checksum: 648188 54c4d2bfd5fc8db396cf8d9f30ee138e amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_amd64.deb Size/MD5 checksum: 610124 06b382fe65e0ab39f66436c9a7574c9e arm architecture (ARM) http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_arm.deb Size/MD5 checksum: 589256 185b679c399cbafeae33ceefe39e679c hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_hppa.deb Size/MD5 checksum: 620720 445a0a72c32922d42e7c37afb8c5a361 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_i386.deb Size/MD5 checksum: 605222 38189ae2167604712b8cb74dbefd5f7a ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_ia64.deb Size/MD5 checksum: 751930 17f9e9c322ed61445eea4a7c38b2b0fc mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_mips.deb Size/MD5 checksum: 557940 0e37144272d8f1aed97986e6af175870 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_mipsel.deb Size/MD5 checksum: 556756 b67b32674f7951f62496cce70e079f00 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_s390.deb Size/MD5 checksum: 571872 2472728525f114e0faebc7832eeb66c4 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_sparc.deb Size/MD5 checksum: 607238 eab7744246cea808db37625cc46aac6f These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHuzlawM/Gs81MDZ0RAnmoAJ4uDJZ/IVXuS3B3+KIo+h22JfA6UwCaA2Nf zc9AiJJUB/Y2QRhRrGyLzwQ= =CIt+ -END PGP SIGNATURE-
[SECURITY] [DSA 1486-1] New gnatsweb packages fix cross-site scripting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1486-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp February 04, 2008 http://www.debian.org/security/faq - Package: gnatsweb Vulnerability : cross-site scripting Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-2808 Debian Bug : 427156 "r0t" discovered that gnatsweb, a web interface to GNU GNATS, did not correctly sanitize the database parameter in the main CGI script. This could allow the injection of arbitrary HTML, or javascript code. For the stable distribution (etch), this problem has been fixed in version 4.00-1etch1. We recommend that you upgrade your gnatsweb package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/g/gnatsweb/gnatsweb_4.00-1etch1.dsc Size/MD5 checksum: 566 2f4db4f88a4018f68c19598e9b3781e1 http://security.debian.org/pool/updates/main/g/gnatsweb/gnatsweb_4.00.orig.tar.gz Size/MD5 checksum:87656 1d715610ea05ad3aa498d20158b01667 http://security.debian.org/pool/updates/main/g/gnatsweb/gnatsweb_4.00-1etch1.diff.gz Size/MD5 checksum: 2396 82f3180801f111b682a8e94c41c2627c Architecture independent packages: http://security.debian.org/pool/updates/main/g/gnatsweb/gnatsweb_4.00-1etch1_all.deb Size/MD5 checksum:56190 2decb55d6c8e571474b4375394fc14f0 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHqJgOwM/Gs81MDZ0RAr5PAJ4qyIYx7LWxsBtH/wSd/mY9iffMPwCfSF1K DcDb53eqirDDP0JmknAt73Q= =xmAs -END PGP SIGNATURE-
[SECURITY] [DSA 1465-2] New apt-listchanges packages fix arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1465-2 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp January 17, 2008 http://www.debian.org/security/faq - Package: apt-listchanges Vulnerability : programming error Problem type : local Debian-specific: yes CVE Id(s) : CVE-2008-0302 Felipe Sateler discovered that apt-listchanges, a package change history notification tool, used unsafe paths when importing its python libraries. This could allow the execution of arbitary shell commands if the root user executed the command in a directory which other local users may write to. This security update fixes a regression in the previous one, which caused the package to fail to work. For the stable distribution (etch), this problem has been fixed in version 2.72.5etch1. For the old stable distribution (sarge), this problem was not present. For the unstable distribution (sid), this problem has been fixed in version 2.82. We recommend that you upgrade your apt-listchanges package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Debian GNU/Linux 4.0 alias etch - --- Debian (stable) - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/a/apt-listchanges/apt-listchanges_2.72.5etch2.tar.gz Size/MD5 checksum:82907 2269a7d6e2bc1c964d214aa09696674f http://security.debian.org/pool/updates/main/a/apt-listchanges/apt-listchanges_2.72.5etch2.dsc Size/MD5 checksum: 665 3f7898a52530e876b443dd8984b58f98 Architecture independent packages: http://security.debian.org/pool/updates/main/a/apt-listchanges/apt-listchanges_2.72.5etch2_all.deb Size/MD5 checksum:65308 323f63a82a48342fa5a2dbfd8c045c14 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHj365wM/Gs81MDZ0RAgWSAKCquI3zg3sRhylg7kZtPkL/HFE6EACcDL9z NStMOkJ9uvo7YpqNnnQrrvU= =fp/A -END PGP SIGNATURE-
[SECURITY] [DSA 1465-1] New apt-listchanges packages fix arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1465-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp January 17, 2008 http://www.debian.org/security/faq - Package: apt-listchanges Vulnerability : programming erorr Problem type : local Debian-specific: yes CVE Id(s) : CVE-2008-0302 Felipe Sateler discovered that apt-listchanges, a package change history notification tool, used unsafe paths when importing its python libraries. This could allow the execution of arbitary shell commands if the root user executed the command in a directory which other local users may write to. For the stable distribution (etch), this problem has been fixed in version 2.72.5etch1. For the old stable distribution (sarge), this problem was not present. For the unstable distribution (sid), this problem has been fixed in version 2.82. We recommend that you upgrade your apt-listchanges package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/a/apt-listchanges/apt-listchanges_2.72.5etch1.dsc Size/MD5 checksum: 665 6dbbc030dc907a2358874c07a157f27d http://security.debian.org/pool/updates/main/a/apt-listchanges/apt-listchanges_2.72.5etch1.tar.gz Size/MD5 checksum:82788 e38490ef0a5515aae72011c95270dd92 Architecture independent packages: http://security.debian.org/pool/updates/main/a/apt-listchanges/apt-listchanges_2.72.5etch1_all.deb Size/MD5 checksum:65254 b452757a483df5f805e7ee7b6f112b71 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHj2gtwM/Gs81MDZ0RAi45AJ9Zxpq7Z6rhUW0GfV4JdMNg66Vf9ACgzIcF g/Zz9PAY8L+WRLZMcfZIkYE= =bEDP -END PGP SIGNATURE-
[SECURITY] [DSA 1455-1] New libarchive1 packages fix several problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1455-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp January 08, 2008 http://www.debian.org/security/faq - Package: libarchive1 Vulnerability : denial of service Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-3641, CVE-2007-3644, CVE-2007-3645 Debian Bug : 432924 Several local/remote vulnerabilities have been discovered in libarchive1, a single library to read/write tar, cpio, pax, zip, iso9660, archives. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3641 It was discovered that libarchive1 would miscompute the length of a buffer resulting in a buffer overflow if yet another type of corruption occurred in a pax extension header. CVE-2007-3644 It was discovered that if an archive prematurely ended within a pax extension header the libarchive1 library could enter an infinite loop. CVE-2007-3645 If an archive prematurely ended within a tar header, immediately following a pax extension header, libarchive1 could dereference a NULL pointer. The old stable distribution (sarge), does not contain this package. For the stable distribution (etch), these problems have been fixed in version 1.2.53-2etch1. For the unstable distribution (sid), these problems have been fixed in version 2.2.4-1. We recommend that you upgrade your libarchive package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/liba/libarchive/libarchive_1.2.53-2etch1.diff.gz Size/MD5 checksum: 6474 454b6a56eec392fff05fde2e39b33241 http://security.debian.org/pool/updates/main/liba/libarchive/libarchive_1.2.53.orig.tar.gz Size/MD5 checksum: 522540 2e2df461fef05049b3a92e5bedc2de2c http://security.debian.org/pool/updates/main/liba/libarchive/libarchive_1.2.53-2etch1.dsc Size/MD5 checksum: 723 6bd6417d5da3132138dfec988dd0b484 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/liba/libarchive/libarchive-dev_1.2.53-2etch1_alpha.deb Size/MD5 checksum: 125468 c5f6ca3fbd4dc58994e3322c54665189 http://security.debian.org/pool/updates/main/liba/libarchive/bsdtar_1.2.53-2etch1_alpha.deb Size/MD5 checksum:98258 7052caa8ea03fb8f8028e779c38007a9 http://security.debian.org/pool/updates/main/liba/libarchive/libarchive1_1.2.53-2etch1_alpha.deb Size/MD5 checksum:80802 e1cbce6999ca08b7c1873a2aa6f37ace amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/liba/libarchive/bsdtar_1.2.53-2etch1_amd64.deb Size/MD5 checksum:86144 75bbf5bd14366b2750a9fd07b94ea651 http://security.debian.org/pool/updates/main/liba/libarchive/libarchive-dev_1.2.53-2etch1_amd64.deb Size/MD5 checksum: 100862 d7d29d3b8712a1affdd661ce8671cc47 http://security.debian.org/pool/updates/main/liba/libarchive/libarchive1_1.2.53-2etch1_amd64.deb Size/MD5 checksum:73082 965a207cd79e4516897997dd4aa38224 arm architecture (ARM) http://security.debian.org/pool/updates/main/liba/libarchive/libarchive1_1.2.53-2etch1_arm.deb Size/MD5 checksum:71100 ccb4fadaa27c86e51657bcd364900a12 http://security.debian.org/pool/updates/main/liba/libarchive/bsdtar_1.2.53-2etch1_arm.deb Size/MD5 checksum:81560 6f300693d1c7e58758ffb58cb3792aa7 http://security.debian.org/pool/updates/main/liba/libarchive/libarchive-dev_1.2.53-2etch1_arm.deb Size/MD5 checksum:94672 f9153798aead194d92167ffce2eebac8 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/liba/libarchive/bsdtar_1.2.53-2etch1_hppa.deb Size/MD5 checksum:95492 fed8bf705c7d5376bccf45caaedccdaf http://security.debian.org/pool/updates/main/liba/libarchive/libarchive1_1.2.53-2etch1_hppa.deb Size/MD5 checksum:84962 69e703f5aaa825319b89038d0a69e5ac http://security.debian.org/pool/updates/main/liba/libarchive/libarchive-dev_1.2.53-2etch1_hppa.deb Size/MD5 checksum: 112720 4fee8dd2b8ff9d8c9d76cbfba4306899 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/liba/libarchive/libarchive1_1.2.53-2etch1_i386.deb Size/MD5 checksum:73122 9ae44a93dbe577fea5a3121b32e00bf5 http
[SECURITY] [DSA 1452-1] New wzdftpd packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1452-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp January 06, 2008 http://www.debian.org/security/faq - Package: wzdftpd Vulnerability : denial of service Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-5300 Debian Bug : 446192 "k1tk4t" discovered that wzdftpd, a portable, modular, small and efficient ftp server, did not correctly handle the receipt of long usernames. This could allow remote users to cause the daemon to exit. For the stable distribution (etch), this problem has been fixed in version 0.8.1-2etch1. For the old stable distribution (sarge), this problem has been fixed in version 0.5.2-1.1sarge3. For the unstable distribution (sid), this problem has been fixed in version 0.8.2-2.1. We recommend that you upgrade your wzdftpd package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - - Source archives: http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2.orig.tar.gz Size/MD5 checksum: 818860 62a4af39801fe581f85cd063c5fc4717 http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3.dsc Size/MD5 checksum: 769 56ce84eafc6683eae084c1edbe5a4567 http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3.diff.gz Size/MD5 checksum: 8531 80784497bc6ccee3adc676584fe1df75 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_alpha.deb Size/MD5 checksum: 294374 3b7e0d4266cdc03f93c1b3734f606287 http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_alpha.deb Size/MD5 checksum:49304 c1c1978ecd2b95b805e207e3a245682f http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_alpha.deb Size/MD5 checksum:30788 dd38408c8485348f8bc8164958a04860 http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_alpha.deb Size/MD5 checksum: 312336 6cb966eb16081a8d5ee88cd77d5ed95c http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_alpha.deb Size/MD5 checksum:31594 2adefb9d0050b4f98d862271bb1f81a3 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_amd64.deb Size/MD5 checksum:47248 f8b780ddb9256ef41b7ea0a8c7e23001 http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_amd64.deb Size/MD5 checksum: 217964 6de9a4f433f49c2fcbf98b4e445ad793 http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_amd64.deb Size/MD5 checksum: 286510 0814035329e48155cb473be2b0dd3568 http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_amd64.deb Size/MD5 checksum:30964 54692932158750e896d11eda8cda4d2d http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_amd64.deb Size/MD5 checksum:30066 c1bf50b51cfc2e6c2ffb9a98d4d66ee9 arm architecture (ARM) http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_arm.deb Size/MD5 checksum:29288 e9833e4f4693378b7c989d3540d8ca25 http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_arm.deb Size/MD5 checksum: 214440 53f72f4bfa1df22bade8f46b4666a2a9 http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_arm.deb Size/MD5 checksum:29590 7af9d441be7afc5584783869e7b4ad67 http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_arm.deb Size/MD5 checksum:45970 dec5a70db33cdc64bfd4354a9b4dedb3 http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_arm.deb Size/MD5 checksum: 264860 0a452abd94a4f4f94449bd297bbe93fc hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_hppa.deb Size/MD5 checksum:31272 21683dbdfe11b648f69eeb66b8d1efba http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_hppa.deb Size/MD5 checksum
[SECURITY] [DSA 1448-1] New eggdrop packages fix arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1448-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp January 05, 2008 http://www.debian.org/security/faq - Package: eggdrop Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-2807 Debian Bug : 427157 It was discovered that eggdrop, an advanced IRC robot, was vulnerable to a buffer overflow which could result in a remote user executing arbitrary code. For the stable distribution (etch), this problem has been fixed in version 1.6.18-1etch1. For the old stable distribution (sarge), this problem has been fixed in version 1.6.17-3sarge1. For the unstable distribution (sid), this problem has been fixed in version 1.6.18-1.1 We recommend that you upgrade your eggdrop package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1.diff.gz Size/MD5 checksum:36928 cfaa50371d39bd8e2994e37fecc6ff86 http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17.orig.tar.gz Size/MD5 checksum: 1030413 a0f9befca240072e45cd57908bb819d0 http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1.dsc Size/MD5 checksum: 651 b3522add4d8a7d6ca05072fa2e733509 Architecture independent packages: http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop-data_1.6.17-3sarge1_all.deb Size/MD5 checksum: 410510 bb84e646defd5d2f29eef07a4bcddc35 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_alpha.deb Size/MD5 checksum: 602006 bd5130ad50ff7a265a1a52bccf41ee4e amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_amd64.deb Size/MD5 checksum: 535646 67bf2ced5e6c6b7fd36a4f31e0dd563f arm architecture (ARM) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_arm.deb Size/MD5 checksum: 494010 03361c7e85a481bf32991fab01ebc544 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_hppa.deb Size/MD5 checksum: 594058 a7b7fedc13f8fff6812d02878c8ef871 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_i386.deb Size/MD5 checksum: 470438 f3a8dde2d859cbd72cfa8a50ef7c500d ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_ia64.deb Size/MD5 checksum: 733390 f5e186d15eb55594c203fc76f03fc6b4 m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_m68k.deb Size/MD5 checksum: 439430 876fa0049e3eae163c88f4fc21ef3991 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_mips.deb Size/MD5 checksum: 514084 8a2c0716911a4f14a79525f4bda97558 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_mipsel.deb Size/MD5 checksum: 516766 f9d2046d98a283c253b6bd0890e19a76 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_powerpc.deb Size/MD5 checksum: 516616 5e26e11c8cc8248ab55abb047469268d s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_s390.deb Size/MD5 checksum: 524026 e1a9c4e11d1ef39a5e9c95fa13b82d36 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_sparc.deb Size/MD5 checksum: 496820 f6226930abbc54b1c9f6f12ca16b0c4b Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18.orig.tar.gz Size/MD5 checksum: 1025608 c2734a51926bdf0380d8bb53f5a7b2ee http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1.dsc Size/MD5 checksum: 642 51a806bb57b49ad48aaf33de7ee68a22 http://security.debian.org/pool/updates/main/e/eggdrop
[SECURITY] [DSA 1448-1] New eggdrop packages fix execution of arbitrary code
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1448-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp January 05, 2008 http://www.debian.org/security/faq - Package: eggdrop Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-2807 Debian Bug : 427157 It was discovered that eggdrop, an advanced IRC robot, was vulnerable to a buffer overflow which could result in a remote user executing arbitrary code. For the stable distribution (etch), this problem has been fixed in version 1.6.18-1etch1. For the old stable distribution (sarge), this problem has been fixed in version 1.6.17-3sarge1. For the unstable distribution (sid), this problem has been fixed in version 1.6.18-1.1. We recommend that you upgrade your eggdrop package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1.diff.gz Size/MD5 checksum:36928 cfaa50371d39bd8e2994e37fecc6ff86 http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17.orig.tar.gz Size/MD5 checksum: 1030413 a0f9befca240072e45cd57908bb819d0 http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1.dsc Size/MD5 checksum: 651 b3522add4d8a7d6ca05072fa2e733509 Architecture independent packages: http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop-data_1.6.17-3sarge1_all.deb Size/MD5 checksum: 410510 bb84e646defd5d2f29eef07a4bcddc35 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_alpha.deb Size/MD5 checksum: 602006 bd5130ad50ff7a265a1a52bccf41ee4e amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_amd64.deb Size/MD5 checksum: 535646 67bf2ced5e6c6b7fd36a4f31e0dd563f arm architecture (ARM) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_arm.deb Size/MD5 checksum: 494010 03361c7e85a481bf32991fab01ebc544 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_hppa.deb Size/MD5 checksum: 594058 a7b7fedc13f8fff6812d02878c8ef871 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_i386.deb Size/MD5 checksum: 470438 f3a8dde2d859cbd72cfa8a50ef7c500d ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_ia64.deb Size/MD5 checksum: 733390 f5e186d15eb55594c203fc76f03fc6b4 m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_m68k.deb Size/MD5 checksum: 439430 876fa0049e3eae163c88f4fc21ef3991 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_mips.deb Size/MD5 checksum: 514084 8a2c0716911a4f14a79525f4bda97558 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_mipsel.deb Size/MD5 checksum: 516766 f9d2046d98a283c253b6bd0890e19a76 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_powerpc.deb Size/MD5 checksum: 516616 5e26e11c8cc8248ab55abb047469268d s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_s390.deb Size/MD5 checksum: 524026 e1a9c4e11d1ef39a5e9c95fa13b82d36 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_sparc.deb Size/MD5 checksum: 496820 f6226930abbc54b1c9f6f12ca16b0c4b Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18.orig.tar.gz Size/MD5 checksum: 1025608 c2734a51926bdf0380d8bb53f5a7b2ee http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1.dsc Size/MD5 checksum: 642 51a806bb57b49ad48aaf33de7ee68a22 http://security.debian.org/pool/updates/main/e/eggdrop
[SECURITY] [DSA 1450-1] New util-linux packages fix programming error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1450-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp January 05, 2008 http://www.debian.org/security/faq - Package: util-linux Vulnerability : programming error Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-5191 Debian Bug : XXX It was discovered that util-linux, Miscellaneous system utilities, didn't drop privileged users and groups in the correct order in the mount and umount commands. This could potentially allow a local user to gain additional privileges. For the stable distribution (etch), this problem has been fixed in version 2.12r-19etch1. For the old stable distribution (sarge), this problem has been fixed in version 2.12p-4sarge2. We recommend that you upgrade your util-linux package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2.dsc Size/MD5 checksum: 712 c16f823e59f4e6e844abb42a5d0d74c5 http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2.diff.gz Size/MD5 checksum:74396 9e13a2463ef33b2bd1596072742f8da8 http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p.orig.tar.gz Size/MD5 checksum: 2001658 d47e820f6880c21c8b4c0c7e8a7376cc Architecture independent packages: http://security.debian.org/pool/updates/main/u/util-linux/util-linux-locales_2.12p-4sarge2_all.deb Size/MD5 checksum: 1070176 a6404671c68d7f06a9da77b1dafc7a42 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_alpha.deb Size/MD5 checksum: 440162 5d79ed3df525038d07eee80e2872e625 http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_alpha.deb Size/MD5 checksum: 161046 c8f09ca56ba1d2e557ca8c730b02585e http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_alpha.deb Size/MD5 checksum:69054 6b36255a732ac7b3bddb4ed53d202e55 http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_alpha.udeb Size/MD5 checksum: 563462 dd3b17badda1e17440a29cc29ff439a4 arm architecture (ARM) http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_arm.deb Size/MD5 checksum: 387470 3df157ef832ed95ac9f92ff94383a7f1 http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_arm.deb Size/MD5 checksum:65422 c57935c9e9d5e3d9c3bbdda78b0047b1 http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_arm.udeb Size/MD5 checksum: 548928 c29b3f44c372b9129138d89ab17178a7 http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_arm.deb Size/MD5 checksum: 136594 6f762a670c52c716ef21b0fdca700447 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_hppa.deb Size/MD5 checksum: 423190 d15fcccebc85a5c173eb862eed237cab http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_hppa.udeb Size/MD5 checksum: 562828 4b3f69108bacc9f576125d55b450158d http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_hppa.deb Size/MD5 checksum: 149524 a7f26a0b62035eb0f395db4a0fb05cf6 http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_hppa.deb Size/MD5 checksum:68018 2966417cb1dbb3bd7321e78cf819953b i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_i386.udeb Size/MD5 checksum: 541402 f73c85cc3e687ce28163e1ec10aa25e6 http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_i386.deb Size/MD5 checksum:65834 198a771b904f201e49d04a0a401f02ea http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_i386.deb Size/MD5 checksum: 380538 c2cba4219351e9af5a90e772461d7015 http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_i386.deb Size/MD5 checksum: 140038 41d4c24fcd78ef78253ffe7d0dceab22 ia64 architecture (Intel ia64) http://security.debia
[SECURITY] [DSA 1449-1] New loop-aes-utils packages fix programming error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1449-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp January 05, 2008 http://www.debian.org/security/faq - Package: loop-aes-utils Vulnerability : programming error Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-5191 It was discovered that loop-aes-utils, tools for mounting and manipulating filesystems, didn't drop privileged users and groups in the correct order in the mount and umount commands. This could potentially allow a local user to gain additional privileges. For the stable distribution (etch), this problem has been fixed in version 2.12r-15+etch1. For the old stable distribution (sarge), this problem has been fixed in version 2.12p-4sarge2. We recommend that you upgrade your loop-aes-utils package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2.dsc Size/MD5 checksum: 684 df895a3729db10a19896a9251d4af5b2 http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p.orig.tar.gz Size/MD5 checksum: 2001658 d47e820f6880c21c8b4c0c7e8a7376cc http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2.diff.gz Size/MD5 checksum:69885 c9e24c3959fbac7e69f4d3ac1c6e672b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_alpha.deb Size/MD5 checksum: 170466 00b1327015aec6a2b3956ffa8bfdee89 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_amd64.deb Size/MD5 checksum: 150678 e17bf96e4c9867deb261202ef4eeca54 arm architecture (ARM) http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_arm.deb Size/MD5 checksum: 138000 0d8676188c35b75983c57028712bf47f hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_hppa.deb Size/MD5 checksum: 156870 61d0ebc346c6c30ac65a23d2dd41589d i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_i386.deb Size/MD5 checksum: 142336 caa1aa50c22e9de3beb71ee7ab40df94 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_ia64.deb Size/MD5 checksum: 191160 9283e92cd4264c0f569eafba62857543 m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_m68k.deb Size/MD5 checksum: 132518 77916de1d6874cc2892f81c50e48d317 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_mips.deb Size/MD5 checksum: 159770 3620a7cce148a8a4220dbfcd82045151 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_mipsel.deb Size/MD5 checksum: 160354 e23471a1fb0de436cfd564b14192d1b8 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_powerpc.deb Size/MD5 checksum: 155348 0ef3e79e1772e4af4f145900faa09fc1 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_s390.deb Size/MD5 checksum: 153500 5895ea5a39a63451214a5fb4885f851c sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_sparc.deb Size/MD5 checksum: 142348 9305eddb7b241033025ea36261a2ef77 Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1.diff.gz Size/MD5 checksum: 101918 90793118f962ba30a5fb4be50181477e http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1.dsc Size/MD5 checksum: 735 9e405af43b332e2b023ce6aa61d2649a alpha archite
[SECURITY] [DSA 1432-1] New link-grammar packages fix execution of code
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1432-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp December 16, 2007 http://www.debian.org/security/faq - Package: link-grammar Vulnerability : buffer overflow Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-5395 Debian Bug : 450695 Alin Rad Pop discovered that link-grammar, Carnegie Mellon University's link grammar parser for English, performed insufficient validation within its tokenizer, which could allow a malicious input file to execute arbitrary code. For the stable distribution (etch), this problem has been fixed in version 4.2.2-4etch1. For the old stable distribution (sarge), this package was not present. For the unstable distribution (sid), this problem was fixed in version 4.2.5-1. We recommend that you upgrade your link-grammar package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2.orig.tar.gz Size/MD5 checksum: 742163 798c165b7d7f26e60925c30515c45782 http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1.dsc Size/MD5 checksum: 669 535a962c3aefbf92b3d09bd9355d3b57 http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1.diff.gz Size/MD5 checksum: 8231 fa03dfbb7a2e0a47130c9f1385eb48d3 Architecture independent packages: http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar-dictionaries-en_4.2.2-4etch1_all.deb Size/MD5 checksum: 267530 52ef5d6278b5f8a5a0c0894b3d99235e alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_alpha.deb Size/MD5 checksum: 169386 f866bf37b179cf8f1c31f13b0ab9100a http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_alpha.deb Size/MD5 checksum:1 14b288d946738d5eefed5dc50e84040f http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_alpha.deb Size/MD5 checksum: 108456 826d5896c36850255bedfcc3b70a8ea1 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_amd64.deb Size/MD5 checksum:16038 ea80489f9db4f247d5009bf435f40707 http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_amd64.deb Size/MD5 checksum:95996 0851ea02bd3b4b600d68df09016915cf http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_amd64.deb Size/MD5 checksum: 127934 a43908000f552820cdcd2c1a7819f62f arm architecture (ARM) http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_arm.deb Size/MD5 checksum:15074 5a881ae17e13efc9ae731b9f86d7a0ff http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_arm.deb Size/MD5 checksum: 110896 54d4534ce7a06ed675d9c4d2c957e519 http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_arm.deb Size/MD5 checksum:87732 5dfce7e3245ab16bbab0f2325d462192 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_hppa.deb Size/MD5 checksum:16202 3f8cbe2ab057f5d3b387c1e52e4e9e51 http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_hppa.deb Size/MD5 checksum: 139488 2411aae738f8467e4180debc87b265ee http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_hppa.deb Size/MD5 checksum: 104292 105899d1fa1a37a2690a6d3372572912 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_i386.deb Size/MD5 checksum:15458 9b43845e6fdb26319c4dd3d88afe5fb4 http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_i386.deb Size/MD5 checksum:89456 ffa178b41a336d1a9e11bca02a3d2232 http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_i386.deb Size/MD5 checksum: 1
[SECURITY] [DSA 1433-1] New centericq packages fix execution of code
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1433-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp December 16, 2007 http://www.debian.org/security/faq - Package: centericq Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-3713 Several remote vulnerabilities have been discovered in centericq, a text-mode multi-protocol instant messenger client, which could allow remote attackers to execute arbitary code due to insufficient bounds-testing. For the stable distribution (etch), this problem has been fixed in version 4.21.0-18etch1. For the old stable distribution (sarge), this problem has been fixed in version 4.20.0-1sarge5. We recommend that you upgrade your centericq package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5.dsc Size/MD5 checksum: 875 0e3de98bb55d5af241acbb7c42c47cd0 http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5.diff.gz Size/MD5 checksum: 117817 a0d486891cbf0dbafd36acda7d329e7a http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0.orig.tar.gz Size/MD5 checksum: 1796894 874165f4fbd40e3be677bdd1696cee9d alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_alpha.deb Size/MD5 checksum: 1651664 69022dfe5342b1056abca9c9b433532d http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_alpha.deb Size/MD5 checksum: 337338 b408f37c75ebff4cca8e0fd9bae2a2e2 http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_alpha.deb Size/MD5 checksum: 1652642 b1e027154c70c15250c131bcd1584c30 http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_alpha.deb Size/MD5 checksum: 1651712 1fc9e5fbf1d193d8d6ec6c2fa9cf28bf amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_amd64.deb Size/MD5 checksum: 335496 e89f821a32c11d314b397ee454da5094 http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_amd64.deb Size/MD5 checksum: 1355704 f3371f5f48e1057f1fb80714c0ea98bc http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_amd64.deb Size/MD5 checksum: 1355942 dbaa8f53bcddceb3828e3b8b857bf833 http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_amd64.deb Size/MD5 checksum: 1355764 2752c6ff95628f99693521617bc32d73 arm architecture (ARM) http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_arm.deb Size/MD5 checksum: 2184304 34cd68e7c3f0374c40e545a61446f48c http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_arm.deb Size/MD5 checksum: 2185094 7cbfa8db84b905a267ddf518415a7553 http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_arm.deb Size/MD5 checksum: 336124 19e8fc68148e1ebc8dc6a51c2c488689 http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_arm.deb Size/MD5 checksum: 2184366 b5ac5dffa73e7273a3e03b91e4413be0 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_hppa.deb Size/MD5 checksum: 1812692 c21a00400546a5fbf571cf517bd34657 http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_hppa.deb Size/MD5 checksum: 1813624 f48400ea56e3027d2e828b3353442131 http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_hppa.deb Size/MD5 checksum: 336228 035a6af70173afb011a9a77631bdab3b http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_hppa.deb Size/MD5 checksum: 1812750 10f3220cf0a0334113b4eb6b03e7f63c i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_i386.deb Size/MD5 checksum: 1350010 fbf767b42da3ffc738073577afea697a http
[SECURITY] [DSA 1430-1] New libnss-ldap packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1430-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp December 11, 2007 http://www.debian.org/security/faq - Package: libnss-ldap Vulnerability : denial of service Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-5794 Debian Bug : 453868 It was reported that a race condition exists in libnss-ldap, an NSS module for using LDAP as a naming service, which could cause denial of service attacks when applications use pthreads. This problem was spotted in the dovecot IMAP/POP server but potentially affects more programs. For the stable distribution (etch), this problem has been fixed in version 251-7.5etch1. For the old stable distribution (sarge), this problem has been fixed in version 238-1sarge1. For the unstable distribution (sid), this problem has been fixed in version 256-1. We recommend that you upgrade your libnss-ldap package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238.orig.tar.gz Size/MD5 checksum: 219945 97fd929b381329b972b3c3ddca5a4bbf http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1.diff.gz Size/MD5 checksum:26236 c7191ee3845dc23ccf2712e78daed8f1 http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1.dsc Size/MD5 checksum: 681 3176fefa1d8d04afa9d3b458e40694a6 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_alpha.deb Size/MD5 checksum:86756 30a9c1691dcec614e36fdea923ba3906 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_amd64.deb Size/MD5 checksum:80218 18d9da468326040f466c10cac6f50734 arm architecture (ARM) http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_arm.deb Size/MD5 checksum:79216 adf473266dd1de600cc0360f697ec7d2 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_hppa.deb Size/MD5 checksum:86324 f98ade45a20c5426ef30cb1290e34164 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_i386.deb Size/MD5 checksum:78894 7bb744d57899867a0b1c326372de76ce ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_ia64.deb Size/MD5 checksum:91930 d25cce59d45f8b8dc90b0fe3fcbf3ce0 m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_m68k.deb Size/MD5 checksum:76894 3c574bc294eb02c337664de43e814f7f mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_mips.deb Size/MD5 checksum:80482 0e54d051dde87e3b7984650c47bc3b3e mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_mipsel.deb Size/MD5 checksum:80594 9f3f4b5d6d7c9e6f84edd9ab40767e04 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_powerpc.deb Size/MD5 checksum:81652 7ca152887a041fc3dc674a77e707d23f s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_s390.deb Size/MD5 checksum:83806 eab2386a51d35e31a4dd7fd0ed832a6d sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_sparc.deb Size/MD5 checksum:79224 7d2ec91b89037fd137e98d3640ba1bb4 Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1.diff.gz Size/MD5 checksum: 149322 04aa24732e69f40e5c3ab629b7e412d4 http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251.orig.tar.gz Size/MD5 checksum: 228931
[SECURITY] [DSA 1429-1] New htdig packages fix cross site scripting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1429-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp December 11, 2007 http://www.debian.org/security/faq - Package: htdig Vulnerability : cross site scripting Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-6110 Debian Bug : 453278 Michael Skibbe discovered that htdig, a WWW search system for an intranet or small internet, did not adequately quote values submitted to the search script, allowing remote attackers to inject arbitrary script or HTML into specially crafted links. For the stable distribution (etch), this problem has been fixed in version 1:3.2.0b6-3.1etch1 For the old stable distribution (sarge), this problem was not present. For the unstable distribution (sid), this problem has been fixed in version 1:3.2.0b6-4. We recommend that you upgrade your htdig package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1.dsc Size/MD5 checksum: 616 cd4c8534f4615e145331c49ce61d6dc8 http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6.orig.tar.gz Size/MD5 checksum: 3104936 8a6952f5b97e305dbb7489045bad220f http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1.diff.gz Size/MD5 checksum:86277 c604a5e5b383b92701751cc59dc42f64 Architecture independent packages: http://security.debian.org/pool/updates/main/h/htdig/htdig-doc_3.2.0b6-3.1etch1_all.deb Size/MD5 checksum: 528278 8ef47406cfd1e8e443a1fd52600f5852 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_alpha.deb Size/MD5 checksum: 2325066 ef903816a813b83eed9b02c2dbb3077f amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_amd64.deb Size/MD5 checksum: 1999104 8a655e8fdc0afff79c3fef3abd398511 arm architecture (ARM) http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_arm.deb Size/MD5 checksum: 1895400 06661a4521788928c65eb8182108eb66 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_hppa.deb Size/MD5 checksum: 2080404 ef595c4bc3044c90cd88516e9efd1355 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_i386.deb Size/MD5 checksum: 1850284 eb919a14cb3b39e5bb897d1402d70c52 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_ia64.deb Size/MD5 checksum: 2716226 2180649c4865fbdf33f05bb62c1ac0bf mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_mips.deb Size/MD5 checksum: 1949730 7b2188c83ce9e299f6994fe3af69fefc mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_mipsel.deb Size/MD5 checksum: 1941926 645a9efbaa025dbd39ec27b4b915c00e powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_powerpc.deb Size/MD5 checksum: 1888214 2dd55523e8ac8b405b34bba39da0e6ca s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_s390.deb Size/MD5 checksum: 2034030 22069288eb255b5d6bb975f14562813b sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_sparc.deb Size/MD5 checksum: 1866588 a523c05f8841bfed3009c92617fc585f These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHXwrowM/Gs81MDZ0RAmseAJ4icZcOwT3pJ0Bt+A4G0J+LwvKDlgCgtK1j eVbp3JLUj/U/ksWvVcN5o1Y= =bbnD -EN
[SECURITY] [DSA 1423-1] New sitebar packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1423-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp December 07, 2007 http://www.debian.org/security/faq - Package: sitebar Vulnerability : various Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-5491, CVE-2007-5492, CVE-2007-5693, CVE-2007-5694, CVE-2007-5695, CVE-2007-5692 Debian Bug : 447135, 448690, 448689 Several remote vulnerabilities have been discovered in sitebar, a web based bookmark manager written in PHP. The Common Vulnerabilities Exposures project identifies the following problems: CVE-2007-5491 A directory traversal vulnerability in the translation module allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter. CVE-2007-5492 A static code injection vulnerability in the translation module allows a remote authenticated user to execute arbitrary PHP code via the value parameter. CVE-2007-5693 An eval injection vulnerability in the translation module allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action. CVE-2007-5694 A path traversal vulnerability in the translation module allows remote authenticated users to read arbitrary files via an absolute path in the 'dir' parameter. CVE-2007-5695 An error in command.php allows remote attackers to redirect users to arbitrary web sites via the forward parameter in a Log In action. CVE-2007-5692 Multiple cross site scripting flaws allow remote attackers to inject arbitrary script or HTML fragments into several scripts. For the stable distribution (etch), these problem have been fixed in version 3.3.8-7etch1. For the old stable distribution (sarge), these problems have been fixed in version 3.2.6-7.1sarge1 For the unstable distribution (sid), these problems have been fixed in version 3.3.8-12.1. We recommend that you upgrade your sitebar package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7.1sarge1.diff.gz Size/MD5 checksum:12821 c38ed9e586c8b07b23349588f2be23b2 http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6.orig.tar.gz Size/MD5 checksum: 52 a86243f7a70a1a9ac80342fbcca14297 http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7.1sarge1.dsc Size/MD5 checksum: 580 7654849ce1ea822b9b70c52a98def837 Architecture independent packages: http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7.1sarge1_all.deb Size/MD5 checksum: 341570 6e106cf5dddb0ee63f29efdcf93d8d74 Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7etch1.dsc Size/MD5 checksum: 583 8af7750ff9a808798bf1b898c69b84d6 http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7etch1.diff.gz Size/MD5 checksum:22552 cdc186193c2ad2d4e69f220dd8372ccd http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8.orig.tar.gz Size/MD5 checksum: 686944 fa7b5367808966c8db6241f475f3ef2f Architecture independent packages: http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7etch1_all.deb Size/MD5 checksum: 709524 16eb8791acea7cf1c99ac61b7b47e4b1 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD4DBQFHWZclwM/Gs81MDZ0RAhwvAJY5qk56jr8xBSSoGonFR/T0hl0wAJ9ONcOq DVImtWUfKE4M1Ed/0yF1oQ== =PCk5 -END PGP SIGNATURE-
[SECURITY] [DSA 1422-1] New e2fsprogs packages fix arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1422[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp December 07, 2007 http://www.debian.org/security/faq - Package: e2fsprogs Vulnerability : integer overfows Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-5497 Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, ext2 file system utilities and libraries, contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These could result in heap-based overflows potentially allowing the execution of arbitrary code. For the stable distribution (etch), this problem has been fixed in version 1.39+1.40-WIP-2006.11.14+dfsg-2etch1. For the unstable distribution (sid), this problem will be fixed shortly. We recommend that you upgrade your e2fsprogs package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1.diff.gz Size/MD5 checksum: 2999 c17813eabc624458c075952683f41015 http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1.dsc Size/MD5 checksum: 911 9dd650fdce44d6405b4b61710abefcab http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs_1.39+1.40-WIP-2006.11.14+dfsg.orig.tar.gz Size/MD5 checksum: 4086966 fa654126ecf51b2951213b3d244fb109 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.udeb Size/MD5 checksum: 201182 f88beeddc2218431fb47b17a01f7ccb1 http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb Size/MD5 checksum:28098 458373f4e2c8af58e2bf808e476dad25 http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsck-static_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb Size/MD5 checksum: 573948 7a34a3f443d4038cfb3084557c8a46f3 http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb Size/MD5 checksum:35022 d50d8289431be1c69f6ddd85afc7a9fa http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb Size/MD5 checksum: 171438 2240b6ed7f1becbe50b0c440474440ab http://security.debian.org/pool/updates/main/e/e2fsprogs/uuid-dev_1.2-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb Size/MD5 checksum:51800 bec047bfcd4253cb7b54bdf88c0c30b6 http://security.debian.org/pool/updates/main/e/e2fsprogs/ss-dev_2.0-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb Size/MD5 checksum:22386 38042c7524b527cdc222849acec1cd2f http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb Size/MD5 checksum:45872 7e79a7ec8446e22993706eeabf76f631 http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.udeb Size/MD5 checksum: 6782 b89df6d88e1c32a1828d27b5f2d20a29 http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb Size/MD5 checksum: 105292 8d5ba24d9d75e8c33659aa032db5ea8f http://security.debian.org/pool/updates/main/e/e2fsprogs/libss2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb Size/MD5 checksum:39660 2bbf9f54f5cbed48aae170e31141afd5 http://security.debian.org/pool/updates/main/e/e2fsprogs/comerr-dev_2.1-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb Size/MD5 checksum:42508 69e1c635785190ed13c44a5385fb67a3 http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.udeb Size/MD5 checksum:16978 692e2ae97b4815f99975645b79aa1abc http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb Size/MD5 checksum: 632450 bf1208dc1eca192bd4cdf1a2bb1f0e28 http://security.debian.org/pool/updates/main/e/e2fsprogs/libcomerr2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb Size/MD5 checksum:32550 9a1599978bb6bf49193c9bce62bb1a12
[SECURITY] [DSA 1409-3] New samba packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1409-3 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp November 29, 2007 http://www.debian.org/security/faq - Package: samba Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-4572, CVE-2007-5398 This update fixes all currently known regressions introduced with the previous two revisions of DSA-1409. Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-5398 Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. CVE-2007-4572 Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. For the stable distribution (etch), these problems have been fixed in version 3.0.24-6etch8. For the old stable distribution (sarge), these problems have been fixed in version 3.0.14a-3sarge10. For the unstable distribution (sid), these problems have been fixed in version 3.0.27-1. We recommend that you upgrade your samba packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge10.dsc Size/MD5 checksum: 1083 0bfa07175e6a85cfb61a3830fb734eb3 http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a.orig.tar.gz Size/MD5 checksum: 15605851 ebee37e66a8b5f6fd328967dc09088e8 http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge10.diff.gz Size/MD5 checksum: 129540 5ea7188f82fa906546a6662b28af8297 Architecture independent packages: http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.14a-3sarge10_all.deb Size/MD5 checksum: 12117242 6c204acdb31569e289aadda70c68a654 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge10_alpha.deb Size/MD5 checksum: 1015718 c33f6ca75b9d1f6d73ffc13bab96d11c http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge10_alpha.deb Size/MD5 checksum: 4224078 1cc205092e39efdbdf4ec9bee64a5e0c http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge10_alpha.deb Size/MD5 checksum: 660394 829cc98a9a966343d322a8dd496d6c64 http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge10_alpha.deb Size/MD5 checksum: 1824874 38b963ae9101140895bd57ff53a44ab9 http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge10_alpha.deb Size/MD5 checksum: 3129422 e6602430b35d167c3578c9975fe4e606 http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge10_alpha.deb Size/MD5 checksum: 20270272 0a0ef0b4578ce431c0d828513d5ee2cf http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge10_alpha.deb Size/MD5 checksum: 459810 41b20720299851b45346b930d2fc36d0 http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge10_alpha.deb Size/MD5 checksum: 3251748 f4493391e5ab09339760837b172b72a5 http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge10_alpha.deb Size/MD5 checksum: 402474 de7b02b496661c57c2b978aa4724ac36 http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge10_alpha.deb Size/MD5 checksum: 2409218 8eafa00fffe5522860b4679640c93897 http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge10_alpha.deb Size/MD5 checksum: 5238790 b028a1ebf6a60cbe2a27ebdddcaeca2e amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge10_amd64.deb Size/MD5 checksum: 4123250 78b704b1cd7eb5bb3aaa2b7b885df247 http
[SECURITY] [DSA 1409-2] New samba packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1409-2 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp November 26, 2007 http://www.debian.org/security/faq - Package: samba Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-4572, CVE-2007-5398 The previous security update for samba introduced regressions in the handling of the depreciated filesystem smbfs. This update fixes the regression(s) whilst still fixing the security problems. The original text is reproduced below: Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-5398 Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. CVE-2007-4572 Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. For the stable distribution (etch), these problems have been fixed in version 3.0.24-6etch7. For the old stable distribution (sarge), these problems have been fixed in version 3.0.14a-3sarge9. For the unstable distribution (sid), these problems have been fixed in version 3.0.27-1. We recommend that you upgrade your samba packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a.orig.tar.gz Size/MD5 checksum: 15605851 ebee37e66a8b5f6fd328967dc09088e8 http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge8.dsc Size/MD5 checksum: 1081 d219867f057194fe6027bcc4a441e149 http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge9.diff.gz Size/MD5 checksum: 127722 98c7c8134087743f45d05b9fcb5f1f1b http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge9.dsc Size/MD5 checksum: 1081 f2bd424bc431d249b9f04843a67a9b1d http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge8.diff.gz Size/MD5 checksum: 124733 62e97fe98730a4a021df7742f8be4f46 Architecture independent packages: http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.14a-3sarge9_all.deb Size/MD5 checksum: 12117160 d6a86a56e2be89c94a658c420b98c53e http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.14a-3sarge8_all.deb Size/MD5 checksum: 12117174 bec97a8962199166fd0854fdf746e6e2 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge9_alpha.deb Size/MD5 checksum: 660324 95cdfed08605455004e48eca649af142 http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge9_alpha.deb Size/MD5 checksum: 4224024 85ce3744a7d6163b025cadeb7bb24eeb http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge9_alpha.deb Size/MD5 checksum: 1015664 33022c61325c9ce01d7c68fba9aca501 http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge9_alpha.deb Size/MD5 checksum: 402412 3975101b4b222c230d018a2e6be9fdfb http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge9_alpha.deb Size/MD5 checksum: 459738 c37efa95bc22c9cce33dd34f3f7e1700 http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge9_alpha.deb Size/MD5 checksum: 20270056 27b5bd651813fe2d7c42be3741538349 http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge9_alpha.deb Size/MD5 checksum: 2409142 6acedbfdff75b2e598babcc9cfc63cc3 http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge9_alpha.deb Size/MD5 checksum: 5238732 53f615c7f5848c4b58de15d04e2ebbd9 http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge9_alpha.deb Size/MD5
[SECURITY] [DSA 1409-1] New samba packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory 1409[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp November 22, 2007 http://www.debian.org/security/faq - Package: samba Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-4572, CVE-2007-5398 Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-5398 Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. CVE-2007-4572 Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. For the stable distribution (etch), these problems have been fixed in version 3.0.24-6etch5. For the old stable distribution (sarge), these problems have been fixed in version 3.0.14a-3sarge7. For the unstable distribution (sid), these problems have been fixed in version 3.0.27-1. We recommend that you upgrade your samba packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge7.diff.gz Size/MD5 checksum: 126599 dd69715fbe533f86261dba9c6df4121b http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a.orig.tar.gz Size/MD5 checksum: 15605851 ebee37e66a8b5f6fd328967dc09088e8 http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge7.dsc Size/MD5 checksum: 1081 9d0458572d346c0007f5ad69f5884f0d Architecture independent packages: http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.14a-3sarge7_all.deb Size/MD5 checksum: 12117138 fddb40f38a2fa55babbb4dc80c5fc67b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge7_alpha.deb Size/MD5 checksum: 660190 52f63b13c5a43948920c686767178471 http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge7_alpha.deb Size/MD5 checksum: 20269910 1ceef52818b1beedf40bd4da1c510a93 http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge7_alpha.deb Size/MD5 checksum: 402276 41642d0e295f9fbbeea6a7325b305096 http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge7_alpha.deb Size/MD5 checksum: 4223920 5231db946b3527c24c860a9100819b6e http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge7_alpha.deb Size/MD5 checksum: 1824694 b9e8dd0b3eeefa6aac54648290506520 http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge7_alpha.deb Size/MD5 checksum: 3129116 cc5b557ba1ae5b2fd791215e782db96b http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge7_alpha.deb Size/MD5 checksum: 3251528 8e835a384359a4662beae0f84de0b396 http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge7_alpha.deb Size/MD5 checksum: 5238590 0185e710feb3e56007be537744db93fe http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge7_alpha.deb Size/MD5 checksum: 2409008 46477a46365492bcb50610eadf5b2758 http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge7_alpha.deb Size/MD5 checksum: 459612 f013c425117b90a440b9670204d062ad http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge7_alpha.deb Size/MD5 checksum: 1015522 7cceff444f8053c998e307d0e3bbd0ba arm architecture (ARM) http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge7_arm.deb Size/MD5 checksum: 2599536 8ae40ec58f87a12bd2101132fa1dde9a http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge7_arm.deb Size/MD5 checksum: 1484914 6795a1c5c38080bb7402d70745e396bc
[SECURITY] [DSA 1402-1] New gforge packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1402-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp November 07, 2007 http://www.debian.org/security/faq - Package: gforge Vulnerability : insecure temporary files Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-3921 Steve Kemp from the Debian Security Audit project discovered that gforge, a collaborative development tool, used temporary files insecurely which could allow local users to truncate files upon the system with the privileges of the gforge user, or create a denial of service attack. For the stable distribution (etch), this problem has been fixed in version 4.5.14-22etch3. For the old stable distribution (sarge), this problem has been fixed in version 3.1-31sarge4. We recommend that you upgrade your gforge package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge4.dsc Size/MD5 checksum: 868 4005b2a103656a62f38e1786a227b1d0 http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1.orig.tar.gz Size/MD5 checksum: 1409879 c723b3a9efc016fd5449c4765d5de29c http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge4.diff.gz Size/MD5 checksum: 297962 8fd56957c8fbab462ac619339c2f00d3 Architecture independent packages: http://security.debian.org/pool/updates/main/g/gforge/sourceforge_3.1-31sarge4_all.deb Size/MD5 checksum:55884 f4b7e0aee840e3574a0febf1615070be http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_3.1-31sarge4_all.deb Size/MD5 checksum:70804 967a22a70e3ee974962073ab74cfb980 http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_3.1-31sarge4_all.deb Size/MD5 checksum:61044 7b10ab898c539af9aa118b38fcd77843 http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_3.1-31sarge4_all.deb Size/MD5 checksum:72508 7ad6f5e0672cbb256fd12f270130adc6 http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge4_all.deb Size/MD5 checksum:56432 fc8ee68a79928b0833e2a183228a3493 http://security.debian.org/pool/updates/main/g/gforge/gforge-sourceforge-transition_3.1-31sarge4_all.deb Size/MD5 checksum:59388 d0db9082a30227f4b9b60491d58a8c78 http://security.debian.org/pool/updates/main/g/gforge/gforge-cvs_3.1-31sarge4_all.deb Size/MD5 checksum:99248 6fb788e20a56a3b39688723a1c285680 http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_3.1-31sarge4_all.deb Size/MD5 checksum:59914 79c5932a61e0382017da8e1893307e66 http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_3.1-31sarge4_all.deb Size/MD5 checksum: 148476 e22948a815a5ffa5b4c829b926f04d8c http://security.debian.org/pool/updates/main/g/gforge/gforge-common_3.1-31sarge4_all.deb Size/MD5 checksum:93924 12005d816bb895cb93c3add804d137bf http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_3.1-31sarge4_all.deb Size/MD5 checksum:64834 bea186826f61ae4b1d473d45d2821538 http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_3.1-31sarge4_all.deb Size/MD5 checksum:65198 b17e85bb88554d2e083d9dcb799e6da7 http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_3.1-31sarge4_all.deb Size/MD5 checksum: 1108056 f812bd185a9dede06dec099e9abaa335 http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_3.1-31sarge4_all.deb Size/MD5 checksum:58298 c3abd99679008d3919d59e373589d8cd http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_3.1-31sarge4_all.deb Size/MD5 checksum:64732 941c0d9bc65f37e3e8860adf3181a3fc Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch3.dsc Size/MD5 checksum: 950 6099abb16f573f57a3bef4a5fec2df30 http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch3.diff.gz Size/MD5 checksum: 196475 94131f4f4040768e173c4568894f052f http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14.orig.tar.gz Size/MD5
[SECURITY] [DSA 1395-1] New xen-utils packages fix file truncation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA 1395-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp October 25th, 2007http://www.debian.org/security/faq - Package: xen-utils Vulnerability : insecure temporary files Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-3919 Debian Bug : 447795 Steve Kemp from the Debian Security Audit project discovered that xen-utils, a collection of XEN administrative tools, used temporary files insecurely within the xenmon tool allowing local users to truncate arbitrary files. For the stable distribution (etch) this problem has been fixed in version 3.0.3-0-4. For the old stable distribution (sarge) this package was not present. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your xen-3.0 (3.0.3-0-4) package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - Source archives: http://security.debian.org/pool/updates/main/x/xen-3.0/xen-3.0_3.0.3-0.orig.tar.gz Size/MD5 checksum: 6127238 71257a2d977a601594c70c9eac0a121b http://security.debian.org/pool/updates/main/x/xen-3.0/xen-3.0_3.0.3-0-4.dsc Size/MD5 checksum: 1107 9aaf5bf33920673789b8b74e2ecd9e6e http://security.debian.org/pool/updates/main/x/xen-3.0/xen-3.0_3.0.3-0-4.diff.gz Size/MD5 checksum:29265 c74760e053d31133c5fdf346690a53c0 Architecture independent packages: http://security.debian.org/pool/updates/main/x/xen-3.0/xen-docs-3.0_3.0.3-0-4_all.deb Size/MD5 checksum: 533424 88d27d762a7148cdce99a72535107c63 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/x/xen-3.0/xen-utils-3.0.3-1_3.0.3-0-4_amd64.deb Size/MD5 checksum: 365688 bd9812950fa970847a076938c32055da http://security.debian.org/pool/updates/main/x/xen-3.0/xen-hypervisor-3.0.3-1-amd64_3.0.3-0-4_amd64.deb Size/MD5 checksum: 270154 df8969438463aa3a003f6dd4fb257125 http://security.debian.org/pool/updates/main/x/xen-3.0/xen-ioemu-3.0.3-1_3.0.3-0-4_amd64.deb Size/MD5 checksum: 330978 d70e88b68bb0b8f1a8dbe17bec6bf2a4 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/x/xen-3.0/xen-utils-3.0.3-1_3.0.3-0-4_i386.deb Size/MD5 checksum: 349816 6d1ae523449ca20d0ebd0eb52d9b2e59 http://security.debian.org/pool/updates/main/x/xen-3.0/xen-hypervisor-3.0.3-1-i386_3.0.3-0-4_i386.deb Size/MD5 checksum: 248516 7742820766a6b9d1b6fd3ce68f2dd162 http://security.debian.org/pool/updates/main/x/xen-3.0/xen-hypervisor-3.0.3-1-i386-pae_3.0.3-0-4_i386.deb Size/MD5 checksum: 269058 1ae056e97944833d690efd4951e627c2 http://security.debian.org/pool/updates/main/x/xen-3.0/xen-ioemu-3.0.3-1_3.0.3-0-4_i386.deb Size/MD5 checksum: 316968 ea0b46058b45188db6488a386d494868 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHIK45wM/Gs81MDZ0RAuFiAKDUQn0500QsCrJ4PaI9JaBPLv1KiQCgtQbZ a0ZnOPpUbBjBNgY4LHmTaac= =opLF -END PGP SIGNATURE-
[SECURITY] [DSA 1372-2] New ktorrent packages fix directory traversal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA 1373-2 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp October 23th, 2007http://www.debian.org/security/faq - Package: ktorrent Vulnerability : directory traversal Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-1799 Debian Bug : 432007 It was discovered that ktorrent, a BitTorrent client for KDE, was vulnerable to a directory traversal bug which potentially allowed remote users to overwrite arbitrary files. This updated advisory correctly increases the version number of the fixed package such that it is installable upon the etch release of Debian. For the stable distribution (etch), this problem has been fixed in version 2.0.3+dfsg1-2.2etch1. For the old stable distribution (sarge), this package was not present. For the unstable distribution (sid), this problem was fixed in version 2.2.1.dfsg.1-1. We recommend that you upgrade your ktorrent package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1.diff.gz Size/MD5 checksum:12627 1b6b0147d315efb6eb18aad0bfe9d81c http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1.orig.tar.gz Size/MD5 checksum: 2183095 3aef60283e457b7e13c1719387251612 http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1.dsc Size/MD5 checksum: 667 caee4d3c81f64c004e7938019f9dd4a8 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_alpha.deb Size/MD5 checksum: 1678792 991f0a7a383cab54d05a150c188e399c amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_amd64.deb Size/MD5 checksum: 1588368 530a9f34f87c0536d6d5aaaca102fa67 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_hppa.deb Size/MD5 checksum: 1760924 f7599a003c13ea0ea7fff966a854a31d i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_i386.deb Size/MD5 checksum: 1580648 f62cffe248fd3d5789ce68367e5ed604 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_ia64.deb Size/MD5 checksum: 1801342 09fd6b644031eae012b63e1a7f3ea4d1 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_mips.deb Size/MD5 checksum: 1537896 c321b042f44b6ba5a29d112400f16ee5 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_mipsel.deb Size/MD5 checksum: 1518866 5602bbcc1edee4649f4fb269e0b7fa00 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_powerpc.deb Size/MD5 checksum: 1589362 37d8b62e6c350c5f6a7f500b9cc2f485 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_s390.deb Size/MD5 checksum: 1563700 de2364aa5aa3f2fe782927a525f20acf sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_sparc.deb Size/MD5 checksum: 1553124 df9cb0e0277295f58b8e95e039571dc3 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHHj9nwM/Gs81MDZ0RAreaAKCs6fUKGBuQmzYEJtvaHOzUXxNmtACgmSk8 +LnqESoXz25ZwsRfRRdpctY= =/wVl -END PGP SIGNATURE-
[SECURITY] [DSA 1393-1] New xfce4-terminal packages fix arbitrary command execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA 1393-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp October 23rd, 2007 http://www.debian.org/security/faq - Package: xfce4-terminal Vulnerability : insecure execution Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-3770 Debian Bug : 437454 It was discovered that xfce-terminal, a terminal emulater for the xfce environment, did not correctly escape arguments passed to the processes spawned by "Open Link". This allowed malicious links to execute arbitary commands upon the local system. For the stable distribution (etch), this problem has been fixed in version 0.2.5.6rc1-2etch1. For the unstable distribution (sid), this problem has been fixed in version 0.2.6-3. We recommend that you upgrade your xfce4-terminal package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1.dsc Size/MD5 checksum: 973 a767bcd32857b6dcaf9408bdb4de3f4d http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1.diff.gz Size/MD5 checksum:13295 a1acf7fdea075e053c0bd84d0c8348f1 http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1.orig.tar.gz Size/MD5 checksum: 1931925 25f5c03da6d048f68db208ac97cd4b78 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_alpha.deb Size/MD5 checksum: 1243092 c55bded377b1649d1ee5974e050c31ba amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_amd64.deb Size/MD5 checksum: 1235646 e15c9137067ee951ac59a97dd5408ef8 arm architecture (ARM) http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_arm.deb Size/MD5 checksum: 1229456 0aad07c1e2d8b4ee9aef6d14a18122aa hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_hppa.deb Size/MD5 checksum: 1235794 ac1de3bf6a19a6ef9606c4c9d49980bf i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_i386.deb Size/MD5 checksum: 1231226 9bd92a74e55983f42062b905cb075b76 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_ia64.deb Size/MD5 checksum: 1260480 2d3fdb96fad9b22c9735fb1814d66b1f mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_mips.deb Size/MD5 checksum: 1229220 57c8120bc3bfda7d06b2f45a4689eddc mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_mipsel.deb Size/MD5 checksum: 1228860 82f722ba9179ab366db71870272d0ce5 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_powerpc.deb Size/MD5 checksum: 1228390 1d71e441159f19e6a0590791cbcae7b0 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_s390.deb Size/MD5 checksum: 1233762 1768822b2d7f3b58aba7746bd7a646e3 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_sparc.deb Size/MD5 checksum: 1226378 7f230e00b3ed8fb6f64445af8ec0f489 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHHkGkwM/Gs81MDZ0RApMtAKDWnoG+wyk02RIJlszz8Ev5koo3mACgyHRW GvpCyy+x
[SECURITY] [DSA 1388-1] New dhcp packages fix arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA 1388-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp October 18th, 2007http://www.debian.org/security/faq - Package: dhcp Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-5365 Debian Bug : 446354 It was discovered that dhcp, a DHCP server for automatic IP address assignment, didn't correctly allocate space for network replies. This could potentially allow a malicious DHCP client to execute arbitary code upon the DHCP server. For the old stable distribution (sarge), this problem has been fixed in version 2.0pl5-19.1sarge3. For the stable distribution (etch), this problem has been fixed in version 2.0pl5-19.5etch1. For the unstable distribution (sid), this problem will be fixed shortly. We recommend that you upgrade your dhcp package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge3.diff.gz Size/MD5 checksum:86946 9a8f4a8219d0df0ea8d00a766afb1cb3 http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge3.dsc Size/MD5 checksum: 687 22ac1bac4dbdd4bb034921b496eb7ad8 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.1sarge3_alpha.udeb Size/MD5 checksum:53920 bdcdd8fe476006baff32bba6797ce8f6 http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge3_alpha.deb Size/MD5 checksum:80140 e2a2bea48927595e106b4f1261107e0b http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge3_alpha.deb Size/MD5 checksum: 122328 d6090dcc6f6ea0dd216723fe67495485 http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge3_alpha.deb Size/MD5 checksum: 115802 b9e74f333e37f9cb54b417f436eb3ef7 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge3_amd64.deb Size/MD5 checksum: 108782 e2c5b850e6d2cfaeee28e8a0cea6e978 http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge3_amd64.deb Size/MD5 checksum:76042 4482f2e622739b61bb36fa5709b7ba97 http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge3_amd64.deb Size/MD5 checksum: 116080 c3be5b81038f5f29ccf50726fb111cfc http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.1sarge3_amd64.udeb Size/MD5 checksum:47164 34edcdd4ec9571f151dd7ba763967fa2 arm architecture (ARM) http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge3_arm.deb Size/MD5 checksum: 113770 046155a2ebcaeff5177fa053acbf38b9 http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.1sarge3_arm.udeb Size/MD5 checksum:45586 e167fa982d418f5139d0acada21e582d http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge3_arm.deb Size/MD5 checksum:73770 46378f1b6fd06f3861cea60854847f68 http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge3_arm.deb Size/MD5 checksum: 106770 c1c4485c8c2cf462c532fae2a59805ab i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge3_i386.deb Size/MD5 checksum: 102632 c536a455a338b39df9e422f8014aee5c http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge3_i386.deb Size/MD5 checksum:71246 e83e575491184c6e43311cbb9a3b7c76 http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.1sarge3_i386.udeb Size/MD5 checksum:40786 0521d5a40275999472be2c6adea13dcd http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge3_i386.deb Size/MD5 checksum: 108930 fc742b760b3130fc35fbdca1b543e9ab ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.1sarge3_ia64.udeb Size/MD5 checksum:74626 02a39276494c2c4d574450c84b9d308e http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge3_ia64.deb Size/MD5 checksum: 144928 8bc8479e568cdea075d4b0cf198e8592
[SECURITY] [DSA 1362-2] New lighttpd packages fix buffer overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory 1362-2 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp October 7th, 2007 http://www.debian.org/security/faq - Package: lighttpd Vulnerability : buffer overflow Problem type : repmote Debian-specific: no CVE Id(s) : CVE-2007-4727 A problem was discovered in lighttpd, a fast webserver with minimal memory footprint, which could allow the execution of arbitary code via the overflow of CGI variables when mod_fcgi was enabled. This updated advisory correctly patches the security issue, which was not handled in DSA-1362-1. For the stable distribution (etch), this problem has been fixed in version 1.4.13-4etch4. We recommend that you upgrade your lighttpd package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - Source archives: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4.dsc Size/MD5 checksum: 1098 17dfd0625a22e95cfd3e9ec509fbdb5b http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4.diff.gz Size/MD5 checksum:36522 13f9e5815efe59582a154beaa70d8330 Architecture independent packages: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch4_all.deb Size/MD5 checksum:99910 e787e67007923593212e2d96f3fe8895 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4_alpha.deb Size/MD5 checksum: 318704 b25cf2719b09d58f9dcfebc7798699f1 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch4_alpha.deb Size/MD5 checksum:64748 a9fcb23262d0d958b90a93d1b9aa http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch4_alpha.deb Size/MD5 checksum:64318 91f28b1d19baea7957d057e97146e537 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch4_alpha.deb Size/MD5 checksum:71554 2a74fb10316f0f5972f6401a367566b3 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_alpha.deb Size/MD5 checksum:61084 5af9bcebd8c89cdde6fd980c61fb3e2d http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch4_alpha.deb Size/MD5 checksum:59324 020186058063587f76a9762b6b226665 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch4_amd64.deb Size/MD5 checksum:64016 eb011dc4ccd17d1894faa08871aa62d6 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4_amd64.deb Size/MD5 checksum: 297074 f5003c131e1fd7a277ae003c429baa10 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch4_amd64.deb Size/MD5 checksum:59410 01be5c483651d0fac93a2d68a71cd2c4 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch4_amd64.deb Size/MD5 checksum:64360 1d712d6a59dfb479f3ec55e4bc68d7c2 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch4_amd64.deb Size/MD5 checksum:70276 babe9aed7e17f4bfea149f5caf07055c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_amd64.deb Size/MD5 checksum:61180 fee215a88ad56aa4c70178d9a15c2ba4 arm architecture (ARM) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_arm.deb Size/MD5 checksum:60574 c73a4104a545eff1308aa271df02d4df http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch4_arm.deb Size/MD5 checksum:62628 c9d8a757fe8fb002c60726c1984ec441 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch4_arm.deb Size/MD5 checksum:58442 0d8a6b26363ff9a9459f40cb54b9ea57 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4_arm.deb Size/MD5 checksum: 285928 ef4d45b093734a86734031ccf8119a24 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch4_arm.deb Size/MD5 checksum:62830 a889a64793663a3634217a0845e5d34c http
[SECURITY] [DSA 1384-1] New xen-utils packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA 1384-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp October 5th, 2007 http://www.debian.org/security/faq - Package: xen-utils Vulnerability : various Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-4993, CVE-2007-1320 Debian Bug : 30, 444007 Several local vulnerabilities have been discovered in the Xen hypervisor packages which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-4993 By use of a specially crafted grub configuration file a domU user may be able to execute arbitary code upon the dom0 when pygrub is being used. CVE-2007-1320 Multiple heap-based buffer overflows in the Cirrus VGA extension, provided by QEMU, may allow local users to execute arbitrary code via "bitblt" heap overflow. For the stable distribution (etch), these problems have been fixed in version 3.0.3-0-3. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your xen-utils package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - Source archives: http://security.debian.org/pool/updates/main/x/xen-3.0/xen-3.0_3.0.3-0.orig.tar.gz Size/MD5 checksum: 6127238 71257a2d977a601594c70c9eac0a121b http://security.debian.org/pool/updates/main/x/xen-3.0/xen-3.0_3.0.3-0-3.diff.gz Size/MD5 checksum:28697 64f2dd856726a95d88fe48531e987ff4 http://security.debian.org/pool/updates/main/x/xen-3.0/xen-3.0_3.0.3-0-3.dsc Size/MD5 checksum: 1115 d42726f5a374bfb8eb1a6618174ff893 Architecture independent packages: http://security.debian.org/pool/updates/main/x/xen-3.0/xen-docs-3.0_3.0.3-0-3_all.deb Size/MD5 checksum: 533396 b91af7395e7a1169be06ced33ef56daa amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/x/xen-3.0/xen-utils-3.0.3-1_3.0.3-0-3_amd64.deb Size/MD5 checksum: 368012 b4ceb2935cf07339c98b7aa67709a508 http://security.debian.org/pool/updates/main/x/xen-3.0/xen-ioemu-3.0.3-1_3.0.3-0-3_amd64.deb Size/MD5 checksum: 331438 f7f8a51f48c87072fe2c0ffd03e066aa http://security.debian.org/pool/updates/main/x/xen-3.0/xen-hypervisor-3.0.3-1-amd64_3.0.3-0-3_amd64.deb Size/MD5 checksum: 269956 7957630a8fcd612e7492b7d14a36512d i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/x/xen-3.0/xen-hypervisor-3.0.3-1-i386-pae_3.0.3-0-3_i386.deb Size/MD5 checksum: 273756 f36f6d51efa2c545d98275e63965569c http://security.debian.org/pool/updates/main/x/xen-3.0/xen-ioemu-3.0.3-1_3.0.3-0-3_i386.deb Size/MD5 checksum: 326526 b198abda8622589fb4dd0141744dddf0 http://security.debian.org/pool/updates/main/x/xen-3.0/xen-utils-3.0.3-1_3.0.3-0-3_i386.deb Size/MD5 checksum: 347860 954ccb3ddf9aea5fa5a09e08abd6c95c http://security.debian.org/pool/updates/main/x/xen-3.0/xen-hypervisor-3.0.3-1-i386_3.0.3-0-3_i386.deb Size/MD5 checksum: 253984 b92b82d449805ff4a8d8f90b655be600 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHBpFKwM/Gs81MDZ0RAvZsAKCnXLupWqXyaSLVVtQwHmloeFo7lwCfXJGw tM93ku81ukvZcGVP2yG86C4= =NXa2 -END PGP SIGNATURE-
[SECURITY] [DSA 1379-1] New quagga packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA 1379-1 [EMAIL PROTECTED] http://www.debian.org/security/ Florian Weimer October 1st, 2007 http://www.debian.org/security/faq - Package: quagga Vulnerability : null pointer dereference Problem type : remote Debian-specific: no CVE ID : CVE-2007-4826 Debian Bug : 442133 It was discovered that BGP peers can trigger a NULL pointer dereference in the BGP daemon if debug logging is enabled, causing the BGP daemon to crash. For the old stable distribution (sarge), this problem has been fixed in version 0.98.3-7.5. For the stable distribution (etch), this problem has been fixed in version 0.99.5-5etch3. For the unstable distribution (sid), this problem has been fixed in version 0.99.9-1. We recommend that you upgrade your quagga packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz Size/MD5 checksum: 2118348 68be5e911e4d604c0f5959338263356e http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5.diff.gz Size/MD5 checksum:43910 8bfd06c851172358137d7b67d5f90490 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5.dsc Size/MD5 checksum: 1017 69dc4e5de4de00ec723ecaad6f285af8 Architecture independent packages: http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.5_all.deb Size/MD5 checksum: 488996 4f150df3d0d7c1b26d648590ac02541a alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_alpha.deb Size/MD5 checksum: 1613894 c0064c06d8eeed92b7607bc9d1c03c0f amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_amd64.deb Size/MD5 checksum: 1413484 399d4fe967343eb586eb4f17348d2f4b arm architecture (ARM) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_arm.deb Size/MD5 checksum: 1291326 cc876fbb2cf8e3602cde4ea1e93e75e0 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_hppa.deb Size/MD5 checksum: 1447854 ae9502f1d97de52c875f0eb82ab8cf3e i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_i386.deb Size/MD5 checksum: 1192432 e3057ed965a580381e7c15dc430df295 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_ia64.deb Size/MD5 checksum: 1829272 e182c3ae76fe84b9b041498aef8807ee m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_m68k.deb Size/MD5 checksum: 1159818 487dd9883427b87d886674996e6850a1 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_mips.deb Size/MD5 checksum: 1353182 411564875b0ecb39ffd166865392ed7b mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_mipsel.deb Size/MD5 checksum: 1356062 b828e6228e2b8389d61de6b97c1b6b56 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_powerpc.deb Size/MD5 checksum: 1317460 927a1768a1e2449981c0159d974658e8 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_s390.deb Size/MD5 checksum: 1401842 e30e4afa3570324cb913ae0b746f49a3 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_sparc.deb Size/MD5 checksum: 1287860 17ad533f4dfc7b184812ad7634bf215f Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5.orig.tar.gz Size/MD5 checksum: 2311140 3f9c71aca6faa22a889e2f84ecfd0076 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3.dsc Size/MD5 checksum: 1046 3a36e812322157de715626cbe04c519f http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3.diff.gz Size/MD5 checksum:33551 0de3c5021dbed0e4739f88b6f00a9c59 Architec
[SECURITY] [DSA 1380-1] New elinks packages fix information disclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA 1380-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp October 2nd, 2007 http://www.debian.org/security/faq - Package: elinks Vulnerability : programming error Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-5034 Debian Bug : 443891 Kalle Olavi Niemitalo discovered that elinks, an advanced text-mode WWW browser, sent HTTP POST data in cleartext when using an HTTPS proxy server potentially allowing private information to be disclosed. For the stable distribution (etch), this problem has been fixed in version 0.11.1-1.2etch1. For the unstable distribution (sid), this problem has been fixed in version 0.11.1-1.5. We recommend that you upgrade your elinks package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1.orig.tar.gz Size/MD5 checksum: 3863617 dce0fa7cb2b6e7194ddd00e34825218b http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1.diff.gz Size/MD5 checksum:30543 87f297355ad1e6d20bab5569672aad5e http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1.dsc Size/MD5 checksum: 872 a4af1ff56a8d39bdf1a92cedce2f335c alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_alpha.deb Size/MD5 checksum: 497732 f553f66a91b2245cfa42088a2b4d4517 http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_alpha.deb Size/MD5 checksum: 1260704 10b023af79e9d90a7cd664328f5118b5 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_amd64.deb Size/MD5 checksum: 458734 41f1f71a5e3fccf0dde9597bd871cb39 http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_amd64.deb Size/MD5 checksum: 1222408 c3ad38db3fbc3a1c130115ab83506bda arm architecture (ARM) http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_arm.deb Size/MD5 checksum: 416964 f7c68b19da989a205d0aa045c91c87eb http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_arm.deb Size/MD5 checksum: 1179150 c3560026dc7aa46613ddbb2a24f070cb hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_hppa.deb Size/MD5 checksum: 1245642 0a9eb32d625456d171a987d5efe50296 http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_hppa.deb Size/MD5 checksum: 480962 ca0f2c3876e1eb5c1b66f7ce5661cc39 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_i386.deb Size/MD5 checksum: 423676 5e433eb3f0c5f6f004ea2285282a4455 http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_i386.deb Size/MD5 checksum: 1187014 557a2322c1f91a8debb9993cb46a8f51 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_ia64.deb Size/MD5 checksum: 1432774 4a2706c3945ae2fdc842a67b5d25ca10 http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_ia64.deb Size/MD5 checksum: 624134 4c2e59b24b38c3b9fbeb104fb373160b mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_mips.deb Size/MD5 checksum: 1229684 e05d34e21f29f58c93c05c203c448d4b http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_mips.deb Size/MD5 checksum: 470490 a7c54a8151b9b3268e00b3f517f60eb7 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_mipsel.deb Size/MD5 checksum: 466824 53be2f6ef576c97a3aaa01c6af2bb0ac http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_mipsel.deb Size/MD5 checksum: 1223900 a6463ca7afd8ec0781c797c3dfc56e91 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main
[SECURITY] [DSA 1377-2] New fetchmail packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1377-2 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp September 21, 2007http://www.debian.org/security/faq - Package: fetchmail Vulnerability : null pointer dereference Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-4565 Matthias Andree discovered that fetchmail, an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder, can under certain circumstances attempt to dereference a NULL pointer and crash. For the stable distribution (etch), this problem has been fixed in version 6.3.6-1etch1. For the old stable distribution (sarge), this problem was not present. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your fetchmail package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_i386.deb Size/MD5 checksum: 641344 2eadc43a18712b3a1763094f7c837475 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFG8/RowM/Gs81MDZ0RAsV5AJ4zq/rWuYTHRafkjTPp5Eg0cv1teACfQztf 4GE7IYiy9jSuAA5hSvi0ccI= =Qmk2 -END PGP SIGNATURE-
[SECURITY] [DSA 1377-1] New fetchmail packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1377[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp September 21, 2007http://www.debian.org/security/faq - Package: fetchmail Vulnerability : null pointer dereference Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-4565 Matthias Andree discovered that fetchmail, an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder, can under certain circumstances attempt to dereference a NULL pointer and crash. For the stable distribution (etch), this problem has been fixed in version 6.3.6-1etch1. For the old stable distribution (sarge), this problem was not present. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your fetchmail package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1.diff.gz Size/MD5 checksum:44533 19b72a3a0b2cf08f833ea21c3e18902c http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6.orig.tar.gz Size/MD5 checksum: 1680200 04175459cdf32fdb10d9e8fc46b633c3 http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1.dsc Size/MD5 checksum: 874 0aa3d869aba6fdfe87d1c4a626f5380e Architecture independent packages: http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_6.3.6-1etch1_all.deb Size/MD5 checksum:61564 f587ce05ee98694f3bd4db0fa88742f7 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_amd64.deb Size/MD5 checksum: 650278 b00d2237d26d9e588e6c03ad17f79a74 arm architecture (ARM) http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_arm.deb Size/MD5 checksum: 645026 67e5ebf76d55cc857610d3b326784d3c hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_hppa.deb Size/MD5 checksum: 654006 58d5770e497d405c1e2f867add9d6f87 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_ia64.deb Size/MD5 checksum: 700752 df4c57c97970537cb2f6a885bc03e54d mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_mips.deb Size/MD5 checksum: 650540 49b888adc52c5bf8d4be82c4b51d68f5 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_powerpc.deb Size/MD5 checksum: 647060 a278efba96b95e15977628bd85af5c85 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_s390.deb Size/MD5 checksum: 646896 e520c2c6febf1e756a75b75cbc06c723 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_sparc.deb Size/MD5 checksum: 641102 938f11eb5071c7e141c6ff8795af87e7 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFG86n1wM/Gs81MDZ0RAvPVAKC4lgA5aDOauQRj+GuilRf6KQh4awCfRNIO T3VniMNQLomlcq+S3Pv1uyU= =bHlq -END PGP SIGNATURE-
[SECURITY] [DSA 1376-1] New kdebase packages fix authentication bypass
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1376[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp September 21, 2007http://www.debian.org/security/faq - Package: kdebase Vulnerability : programming error Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-4569 iKees Huijgen discovered that under certain circumstances KDM, an X session manage for KDE, it is possible for KDM to be tricked into allowing user logins without a password. For the stable distribution (etch), this problem has been fixed in version 4:3.5.5a.dfsg.1-6etch1. For the old stable distribution (sarge), this problem was not present. We recommend that you upgrade your kdebase package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - Source archives: http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.5a.dfsg.1-6etch1.diff.gz Size/MD5 checksum: 680950 a147755180984a77b3f512da2bd846f8 http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.5a.dfsg.1.orig.tar.gz Size/MD5 checksum: 28613054 72aedf0a7be0ace9363ad0ba9fe89585 http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.5a.dfsg.1-6etch1.dsc Size/MD5 checksum: 2062 7616918057238c96be6994216f549fac Architecture independent packages: http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.5a.dfsg.1-6etch1_all.deb Size/MD5 checksum:41038 a922b0428c8445cde739bf3486a4d898 http://security.debian.org/pool/updates/main/k/kdebase/kdebase-data_3.5.5a.dfsg.1-6etch1_all.deb Size/MD5 checksum: 9763624 da0e01a3a6deac38ce579e38f135f999 http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc-html_3.5.5a.dfsg.1-6etch1_all.deb Size/MD5 checksum: 390408 56eae457d3f49d7fce34b4d4767e9a7d http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc_3.5.5a.dfsg.1-6etch1_all.deb Size/MD5 checksum: 1916664 2ef4c7189a7ac6715e449ca98dda8cd5 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 392430 711d621bb264e30d172958c7cad3c408 http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 496870 7c0c21af47d2926999fccb1bbca6e252 http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 3120190 afaf77e08ca02aeee2b25b9e2979f460 http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 796332 ce50b0bcdd6f85066c4b3a0ec3180d8a http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 412 12b352ec677cc32ba67ae0607ac20433 http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 285008 931b0d4a6cd3a3931570457ae651503a http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 2104618 e4c2604dd98ac111db4e8bc6fb1aab3e http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dbg_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 33814914 98d43406dccc44a4ba8269eb394954d0 http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 665190 eb0417b64bfe2031644d1b70c4f01d97 http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 120178 752be58902a498d7b8a257cfb30649ca http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 722402 63545bb53717729557ca88d6efa8a0a2 http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 286770 3e1a2d8c08861394a2884eda77b40a72 http://security.debian.org/pool/updates/main/k/kdebase/kate_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 813820 27da09d10f164b91840ac0d99469fe29 http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.5.5a.dfsg.1-6etch1_amd64.deb Size/MD5 checksum: 247164 0b7692f4e11a83f99237ed565c5caa2d http
[SECURITY] [DSA 1374-1] New jffnms packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA 1374-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp September 11, 2007http://www.debian.org/security/faq - Package: jffnms Vulnerability : several vulnerabilities Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-3189, CVE-2007-3190, CVE-2007-3191 Several vulnerabilities have been discovered in jffnms, a web-based Network Management System for IP networks. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3189 Cross-site scripting (XSS) vulnerability in auth.php, which allows a remote attacker to inject arbitrary web script or HTML via the user parameter. CVE-2007-3190 Multiple SQL injection vulnerabilities in auth.php, which allow remote attackers to execute arbitrary SQL commands via the user and password parameters. CVE-2007-3192 Direct requests to URLs make it possible for remote attackers to access configuration information, bypassing login restrictions. For the stable distribution (etch), these problems have been fixed in version 0.8.3dfsg.1-2.1etch1 For the unstable distribution (sid), these problems have been fixed in version 0.8.3dfsg.1-4. We recommend that you upgrade your jffnms package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/j/jffnms/jffnms_0.8.3dfsg.1.orig.tar.gz Size/MD5 checksum: 547656 6be7ef656cf0eea1d133a0bc71a4bba2 http://security.debian.org/pool/updates/main/j/jffnms/jffnms_0.8.3dfsg.1-2.1etch1.dsc Size/MD5 checksum: 609 7a46a6cdefe38535235aa87dd8e6279c http://security.debian.org/pool/updates/main/j/jffnms/jffnms_0.8.3dfsg.1-2.1etch1.diff.gz Size/MD5 checksum:76283 cf3fd349e3012b93a4d20711730b26f6 Architecture independent packages: http://security.debian.org/pool/updates/main/j/jffnms/jffnms_0.8.3dfsg.1-2.1etch1_all.deb Size/MD5 checksum: 550292 94ec8551e3eaa20ae277a5aab47043ee These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFG5uT5wM/Gs81MDZ0RAmvgAJ9voKojLJmyMF+VaB1B/aJNbbcTdwCfa/30 75t+GVJbnAqEuMHkj3xYZgQ= =yEl5 -END PGP SIGNATURE-
[SECURITY] [DSA 1372-1] New ktorrent packages fix directory traversal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA 1373-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp September 11th, 2007 http://www.debian.org/security/faq - Package: ktorrent Vulnerability : directory traversal Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-1799 Debian Bug : 432007 It was discovered that ktorrent, a BitTorrent client for KDE, was vulnerable to a directory traversal bug which potentially allowed remote users to overwrite arbitrary files. For the stable distribution (etch), this problem has been fixed in version 2.0.3+dfsg1-2etch1. For the old stable distribution (sarge), this package was not present. For the unstable distribution (sid), this problem was fixed in version 2.2.1.dfsg.1-1. We recommend that you upgrade your ktorrent package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1.dsc Size/MD5 checksum: 663 ec1366a6819ce30b5891b7c4e0e51986 http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1.orig.tar.gz Size/MD5 checksum: 2183095 3aef60283e457b7e13c1719387251612 http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1.diff.gz Size/MD5 checksum:12570 09ef4b627881d0aa29f682dbcf860ae7 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1_alpha.deb Size/MD5 checksum: 1678764 e9fec2e0c67431d8df32f97fd42dd408 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1_amd64.deb Size/MD5 checksum: 1587096 dea2c2add2b28f51c37838104cbacab6 arm architecture (ARM) http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1_arm.deb Size/MD5 checksum: 1676742 4b3494cbabc09ae553459934d3544536 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1_hppa.deb Size/MD5 checksum: 1760846 6f4a58a69b7b61d71f8269c38351d96c i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1_i386.deb Size/MD5 checksum: 1580584 0a98af7db2be8b6a01d4eeb4da3d20ef ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1_ia64.deb Size/MD5 checksum: 1801310 4c336b16545584e3047e5f4ba11a3994 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1_mips.deb Size/MD5 checksum: 1537750 36579943948e4d73039399978fbc138a mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1_mipsel.deb Size/MD5 checksum: 1518836 5d8c0b09e86c98680d083e903c4ca0cc s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1_s390.deb Size/MD5 checksum: 1563558 b4d85977441bd37b7390af3efe924ad4 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1_sparc.deb Size/MD5 checksum: 1553024 cb40c3218f0c300590ea2ae91a577a36 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFG5t/hwM/Gs81MDZ0RAgMVAJ9J9kX6N+2iSLVDUavqnMYeR6IudACgwcGX dfu4uXcxECu8Vue8E9aMpGI= =XXJk -END PGP SIGNATURE-
[SECURITY] [DSA 1362-1] New lighttpd packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1362[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp August 29th, 2007 http://www.debian.org/security/faq - Package: lighttpd Vulnerability : various Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2007-3946 Debian Bug : 434888 Several vulnerabilities were discovered in lighttpd, a fast webserver with minimal memory footprint. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3946 The use of mod_auth could leave to a denial of service attack crashing the webserver CVE-2007-3947 The improper handling of repeated HTTP headers could cause a denial of serve attack crashing the webserver. CVE-2007-3949 A bug in mod_access potentially allows remote users to bypass access restrictions via trailing slash characters. CVE-2007-3950 On 32-bit platforms users may be able to create denial of service attacks, crashing the webserver, via mod_webdav, mod_fastcgi, or mod_scgi. For the stable distribution (etch), these problems have been fixed in version 1.4.13-4etch3. For the unstable distribution (sid), these problems have been fixed in version 1.4.16-1. We recommend that you upgrade your lighttpd package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz Size/MD5 checksum: 793309 3a64323b8482b0e8a6246dbfdb4c39dc http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch3.dsc Size/MD5 checksum: 1098 e759ee83cf22697f62b11df286973b7a http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch3.diff.gz Size/MD5 checksum:33811 259574ed674f31dd8c44dc46809656bb Architecture independent packages: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch3_all.deb Size/MD5 checksum:99376 c4ea0d3adca48f1c749b4c3e49293bba alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch3_alpha.deb Size/MD5 checksum:71460 8b25398ab656e85d82ef611d7110191c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch3_alpha.deb Size/MD5 checksum:64650 d023bc4775d81b0f0be9d56043d2d893 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch3_alpha.deb Size/MD5 checksum: 318496 54eb4b6bdfcf41c72f5d3b2f8f91778d http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch3_alpha.deb Size/MD5 checksum:59244 6098a74659117029c062132179e88a96 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch3_alpha.deb Size/MD5 checksum:60996 2c30d7179beeea97d1e868d34cc314c5 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch3_alpha.deb Size/MD5 checksum:64226 36bdb8c2ecbe874aaec676cd7c3992c9 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch3_amd64.deb Size/MD5 checksum:60664 8b1e4185d6961a8dd6823c90b698d1a0 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch3_amd64.deb Size/MD5 checksum:63542 420d82c389da7a774118495eca87ae76 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch3_amd64.deb Size/MD5 checksum:58986 17e377ca088aaa2f5fcb84902eaa75da http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch3_amd64.deb Size/MD5 checksum:63870 02499705ef7a069be4df2fff55fbfd97 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch3_amd64.deb Size/MD5 checksum: 297416 9931993931036ec2252d39cade28bc09 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch3_amd64.deb Size/MD5 checksum:70150 3665d99b3aa0153ad51168a392e3dbfd arm architecture (ARM) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch3_arm.deb Size/MD5 checksum:62766
[SECURITY] [DSA 1361-1] New postfix-policyd packages fix arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1361[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp August 29th, 2007 http://www.debian.org/security/faq - Package: postfix-policyd Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-3791 Debian Bug : 435735 It was discovered that postfix-policyd, an anti-spam plugin for postfix, didn't correctly bounds-test incoming SMTP commands potentially allowing the remote exploitation of arbitrary code. For the stable distribution (etch), this problem has been fixed in version 1.80-2.1etch1. For the old stable distribution (sarge), this package was not present. For the unstable distribution (sid), this problem was fixed in version 1.80-2.2. We recommend that you upgrade your postfix-policyd package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - Source archives: http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1.diff.gz Size/MD5 checksum:11391 3b110e0653af37a0367abac9a2cc303b http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1.dsc Size/MD5 checksum: 661 1da40619537632f9986db4da5ec1f1bf http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80.orig.tar.gz Size/MD5 checksum:67138 3d6caea3c5ef4a1b97816180a21a94f3 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_alpha.deb Size/MD5 checksum:77270 07b5622f7801eb74ec409337f49581b9 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_amd64.deb Size/MD5 checksum:74814 4aae549d216b8653e0817ed7368ed70a arm architecture (ARM) http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_arm.deb Size/MD5 checksum:74760 0eee0050d13f6aa3a41a52764fca3bce hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_hppa.deb Size/MD5 checksum:76708 52fad04d43236faf0617d1585bff6632 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_i386.deb Size/MD5 checksum:69196 be22b73cc4c4d9d050ba55170f161dc5 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_ia64.deb Size/MD5 checksum:90026 9b788319cb954d7cf687c3eb0b410eef mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_mips.deb Size/MD5 checksum:75046 26f79e015c2d4df43d0fe96e9a128416 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_mipsel.deb Size/MD5 checksum:75056 ec377db9df88eb197355451879f1c28b s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_s390.deb Size/MD5 checksum:72406 53f9a23da464947ccd421ae5e1af99a8 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_sparc.deb Size/MD5 checksum:71428 548b97ce3a610f011f4e4c48d4f48dd0 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFG1dotwM/Gs81MDZ0RAjzsAJ0U0GU5iQY6IbFDOTtRFPsBMq1VZQCgk5kW f2oDHJ+WAH2CRzZAp+ZP5/4= =MdGa -END PGP SIGNATURE-
[SECURITY] [DSA 1360-1] New rsync packages fix arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1360[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp August 28th, 2007 http://www.debian.org/security/faq - Package: rsync Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-4091 Sebastian Krahmer discovered that rsync, a fast remote file copy program, contains an off-by-one error which might allow remote attackers to execute arbitary code via long directory names. For the stable distribution (etch), this problem has been fixed in version 2.6.9-2etch1. For the old stable distribution (sarge), this problem is not presnt. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your rsync package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9.orig.tar.gz Size/MD5 checksum: 811841 996d8d8831dbca17910094e56dcb5942 http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1.dsc Size/MD5 checksum: 566 88e831455ff40fb1304f9b24b172b4e8 http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1.diff.gz Size/MD5 checksum:50070 acd89cbfb221bff96ca9732332e4ae43 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_alpha.deb Size/MD5 checksum: 294200 a2ddf8c18592ca6e20fa33663d08dad6 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_amd64.deb Size/MD5 checksum: 272024 3677f9d2cc84052aca640abdaeec1441 arm architecture (ARM) http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_arm.deb Size/MD5 checksum: 266872 188297b61849dc0b14d84efc90f686e3 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_hppa.deb Size/MD5 checksum: 282476 1acb103997507f90c21fb2dce5b7acd8 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_i386.deb Size/MD5 checksum: 261328 44920a341f482f28adc30822490d3478 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_ia64.deb Size/MD5 checksum: 356938 dcbf3146f1e5957ff77485d56ba54443 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_mips.deb Size/MD5 checksum: 286592 13ce6e1a92a2ef6936f7895afadd2c4f mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_mipsel.deb Size/MD5 checksum: 287174 fae85198a3dc65d38fe5a9d2d10eb860 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_s390.deb Size/MD5 checksum: 278758 4d4d7e358e75cead3bc9b627efca35b6 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_sparc.deb Size/MD5 checksum: 264106 3e645f1c1563c4ed1f449daf3b48a658 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFG1GQwwM/Gs81MDZ0RAjhuAJ4s0btmOFWqXbz4I2hpnKMCMRk/MQCghAFZ k9FyN9EoJEBLAfakZiHpY4I= =HChL -END PGP SIGNATURE-
[SECURITY] [DSA 1359-1] New dovecot packages fix directory traversal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA 1359-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp August 28th, 2007 http://www.debian.org/security/faq - Package: dovecot Vulnerability : directory traversal Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-2231 It was discovered that dovecot, a secure mail server that supports mbox and maildir mailboxes, when configured to use non-system-user spools and compressed folders, may allow directory traversal in mailbox names. For the stable distribution (etch), this problem has been fixed in version 1.0.rc15-2etch1. For the old stable distribution (sarge), this problem was not present. For the unstable distribution this problem with be fixed soon. We recommend that you upgrade your dovecot package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch1.dsc Size/MD5 checksum: 1007 cde4bffef0b1c78324bc8adc6354eaa4 http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15.orig.tar.gz Size/MD5 checksum: 1463069 26f3d2b075856b1b1d180146363819e6 http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch1.diff.gz Size/MD5 checksum:94823 fbf56611ccca44cee2a4663c8fbb56c0 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch1_alpha.deb Size/MD5 checksum: 618818 3b125c8d36e45fede3d73464a5e7f12a http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch1_alpha.deb Size/MD5 checksum: 1373836 97c909a2774519f3d04a33c74212cb05 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch1_alpha.deb Size/MD5 checksum: 580708 d840ccd638850f72014e89641fbe9569 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch1_amd64.deb Size/MD5 checksum: 534118 8869870afff4eb25559457faece371d4 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch1_amd64.deb Size/MD5 checksum: 568180 ebf3cfcb5343f48379ef14989a9482ef http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch1_amd64.deb Size/MD5 checksum: 1224650 79fbf3019551461c68197a5e5f6a6620 arm architecture (ARM) http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch1_arm.deb Size/MD5 checksum: 1116470 a3774a96d2daf2534613cd75e9044726 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch1_arm.deb Size/MD5 checksum: 503858 45c610525a211f80462ee8a30b997b98 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch1_arm.deb Size/MD5 checksum: 534534 e7af01554616f50b38b63e76a0035402 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch1_hppa.deb Size/MD5 checksum: 1293812 b77e446a414f88c05aa073c663e1aff3 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch1_hppa.deb Size/MD5 checksum: 596290 207bcda07cad9d263b4543c87788553d http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch1_hppa.deb Size/MD5 checksum: 559686 bab920cd7543cfaea2a76e03cc087d51 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch1_i386.deb Size/MD5 checksum: 1127680 80fab6db53d353058b801e5ad42cd305 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch1_i386.deb Size/MD5 checksum: 511940 b773c45daa6483d02af9f4f702a538f7 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch1_i386.deb Size/MD5 checksum: 544082 d4685011b8c8359f849a2fc3f65cb0b3 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch1_ia64.deb Size/MD5 checksum: 789702 84fb674f3f568db180c41cfb21088d5f http://security.debian.org/pool
[SECURITY] [DSA 1334-1] New freetype packages fix arbitary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1334[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp July 18th, 2007 - Package: freetype Vulnerability : integer overflow Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-2754 Debian Bug : 425625 A problem was discovered with freetype, a FreeType2 font engine, which could allow the execution of arbitary code via an integer overflow in specially crafted TTF files. For the old stable distribution (sarge), this problem has been fixed in version 2.1.7-8. We recommend that you upgrade your freetype package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-8.diff.gz Size/MD5 checksum:57953 d94a3a7e7575ab5c5aa67d5fc630077d http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-8.dsc Size/MD5 checksum: 754 f04967ca8fffb4340fd8ef716d8fbfb5 http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7.orig.tar.gz Size/MD5 checksum: 1245623 991ff86e88b075ba363e876f4ea58680 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_amd64.deb Size/MD5 checksum:76244 53d4356cfbea6313e1ee0990d2d83b49 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_amd64.udeb Size/MD5 checksum: 238290 afadfd7dd3c2a2063826e1116740f04e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_amd64.deb Size/MD5 checksum: 390326 6ed30e4b053950c321e4c2010a8265cc http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_amd64.deb Size/MD5 checksum: 723758 231145ee63a527899fea4d049e95b58d arm architecture (ARM) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_arm.deb Size/MD5 checksum: 714504 dbe9287cce58eea37c754e8d0a3e7e41 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_arm.udeb Size/MD5 checksum: 201950 a7811a90eefb9d9e468ab7e93327bcc2 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_arm.deb Size/MD5 checksum: 352948 b3a8d18cde53bee6b5b6840541b999f4 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_arm.deb Size/MD5 checksum:58750 9bea9b63383a79219152946274113d80 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_hppa.deb Size/MD5 checksum:80764 f2233eae737a535cbd3a30093d89bde6 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_hppa.udeb Size/MD5 checksum: 256256 45ad964f89b8d1d51e5bca8a446e40c1 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_hppa.deb Size/MD5 checksum: 734426 9a831f2c775dd9dae5a237681dedfffb http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_hppa.deb Size/MD5 checksum: 407518 659cedf86f7e23bbc492bab1049783a3 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_i386.udeb Size/MD5 checksum: 212968 df44023a71960bb13e8cbc868a99805c http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_i386.deb Size/MD5 checksum: 695068 7e558fc40413ac96d54a6e187619923a http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_i386.deb Size/MD5 checksum: 364974 7abd8cdd3d0b864b0f593eb391e95dc8 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_i386.deb Size/MD5 checksum:63184 e6c2ceadaa8a74247d1fe3eb4eead534 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_ia64.deb Size/MD5 checksum: 493880 945ff8b8ae11ce35e6dbf53c0068eec7 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_ia64.deb Size/MD5 checksum: 843972 e7838653f9bbc9cf243e00f26d435ff6 http://security.debian.org/pool/updates/main/f/freetype
[SECURITY] [DSA 1333-1] New libcurl3-gnutls packages fix certificate handling
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1333[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp July 18th, 2007 - Package: libcurl3-gnutls Vulnerability : input validation Problem type : local and remote Debian-specific: no CVE Id(s) : CVE-2007-3564 It has been discovered that the GnuTLS certificate verification methods implemented in libcurl-gnutls, a solid, usable, and portable multi-protocol file transfer library, did not check for expired or invalid dates. For the stable distribution (etch), this problem has been fixed in version 7.15.5-1etch1. We recommend that you upgrade your libcurl3-gnutls package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1.dsc Size/MD5 checksum: 948 1eacdb0c127ad12b860033f743563df8 http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5.orig.tar.gz Size/MD5 checksum: 1897973 61997c0d852d38c3a85b445f4fc02892 http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1.diff.gz Size/MD5 checksum:19029 cbd30d40f3026e020182e665a7f5d5be Architecture independent packages: http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.15.5-1etch1_all.deb Size/MD5 checksum:22198 b6b9a429b9ae513c5e0c8472c6509907 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_alpha.deb Size/MD5 checksum: 811542 dbc6cd819cff1b717c46e11caa1dd331 http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_alpha.deb Size/MD5 checksum: 815608 03e1eb1961a7e58e82e4ac2380aa8c8a http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_alpha.deb Size/MD5 checksum: 181660 30c703c8b17a42b63d2fbe575bafe562 http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_alpha.deb Size/MD5 checksum: 823850 23eb2600b1da596a04bfd5043effc13d http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_alpha.deb Size/MD5 checksum: 166814 7a9f90444bd58d38c9452a44ff71ea98 http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_alpha.deb Size/MD5 checksum: 175316 0167fc5805b8f8c363165dff64dafe98 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_amd64.deb Size/MD5 checksum: 772978 675235b32ac91f3b91f86ee28e70d1e2 http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_amd64.deb Size/MD5 checksum: 824246 a0547976a45ee4d4be2c43b179459404 http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_amd64.deb Size/MD5 checksum: 767648 4852d415582c564eb50cb9f8cbc677f7 http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_amd64.deb Size/MD5 checksum: 170008 ff8b0b14022f291265324243579abf2d http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_amd64.deb Size/MD5 checksum: 164638 ae44174a768af4786637cb6292800b21 http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_amd64.deb Size/MD5 checksum: 163440 c7410d7b8efc16abf1e138c1bb7a5712 arm architecture (ARM) http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_arm.deb Size/MD5 checksum: 162094 001980ca743312ca37513877ad7d19f6 http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_arm.deb Size/MD5 checksum: 164634 436490a717543532135cfaafb4fb4a99 http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_arm.deb Size/MD5 checksum: 757356 3a74f9c27504a758b95dfb6ba5fb96a3 http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_arm.deb Size/MD5 checksum: 782328 40e1890d559f3efb927af1d0bc0c8c6e http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_arm.deb Size/MD5 checksum: 750218 82456f7c8a985993fd50eb482f715a70 http://security.debian.org/pool/updates/main/c/curl/libcurl3
[SECURITY] [DSA 1329-1] New gfax packages fix privilege escalation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1329-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp July 05, 2007 - Package: gfax Vulnerability : insecure temporary files Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-2839 Debian Bug : 431893 Steve Kemp from the Debian Security Audit project discovered that gfax, a GHOME frontend for fax programs, uses temporary files in an unsafe manner which may be exploited to execute arbitary commands with the privileges of the root user. For the old stable distribution (sarge) this problem has been fixed in version 0.4.2-11sarge1. The stable distribution (etch) is not affected by this problem. The unstable distribution (sid) is not affected by this problem. We recommend that you upgrade your gfax package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2.orig.tar.gz Size/MD5 checksum: 396636 815523780287a97133e85585f0319a20 http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1.diff.gz Size/MD5 checksum:14946 7393373a40448daf52e4b64ff1d4f6a7 http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1.dsc Size/MD5 checksum: 632 ed841ab6349ff80527cb49fb1fc6595f alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_alpha.deb Size/MD5 checksum: 125376 57c5e15d94699b99fabbf4f692df667e amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_amd64.deb Size/MD5 checksum: 123102 9926dfcd4d62b4407f58f34e31a069c3 arm architecture (ARM) http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_arm.deb Size/MD5 checksum: 118812 57168963066d0f0473ea9e34f8d208ef i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_i386.deb Size/MD5 checksum: 122306 1e13b2d599ca2e0a2a63bda455ab13ab ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_ia64.deb Size/MD5 checksum: 133284 c87980b9a8895817fce94c40b20f52f7 m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_m68k.deb Size/MD5 checksum: 117290 8f7352fcec87f588168777690c081f99 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_s390.deb Size/MD5 checksum: 122588 e23038de978cf94e5d1a710a406797f6 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_sparc.deb Size/MD5 checksum: 118830 2ed8af350418bdfaebea02e318c1e0f3 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGjVBXwM/Gs81MDZ0RAptCAJ97uSQPp1gEQnKFKFlaj2xR0v0MUQCgiGdq PjQGwmV9iE3+1gCLtlJxGfk= =YgPj -END PGP SIGNATURE-
[SECURITY] [DSA 1328-1] New unicon-imc2 packages fix buffer overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1328[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp July 01, 2007 - Package: unicon-imc2 Vulnerability : buffer overflow Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-2835 Steve Kemp from the Debian Security Audit project discovered that unicon-imc2, a Chinese input method library, makes unsafe use of an environmental variable, which may be exploited to execute arbitary code. For the stable distribution (etch) this problem has been fixed in version 3.0.4-11etch1. For the unstable distribution (sid) this problem will be fixed shortly. We recommend that you upgrade your unicon-imc2 package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/u/unicon/unicon_3.0.4-11etch1.diff.gz Size/MD5 checksum:14966 c3a081d69f9f81055de331690bf85e70 http://security.debian.org/pool/updates/main/u/unicon/unicon_3.0.4.orig.tar.gz Size/MD5 checksum: 5704272 dfb8650debe038f85270b4ad60ad313b http://security.debian.org/pool/updates/main/u/unicon/unicon_3.0.4-11etch1.dsc Size/MD5 checksum: 603 711b8ba2894e03f257f7d6a74f526563 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_alpha.deb Size/MD5 checksum: 4376642 8cfd1066d51dc11862115179be4ce4e4 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_amd64.deb Size/MD5 checksum: 4362080 bad015c61850c9a4fe5d85edc77073fd arm architecture (ARM) http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_arm.deb Size/MD5 checksum: 4152566 0d8b6a4a3bab316d49eea2211affea61 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_hppa.deb Size/MD5 checksum: 4546634 dbdc37a0fb794ac2d806a1c960ff7c43 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_i386.deb Size/MD5 checksum: 4153202 24ddede20e4b9ad3b15694275ad9d597 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_ia64.deb Size/MD5 checksum: 4387184 c9494e9f38687b4cafb6b291942ddf6a mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_mipsel.deb Size/MD5 checksum: 4159956 05c58cfe2805a3cd5a20171943e241c4 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_powerpc.deb Size/MD5 checksum: 4516520 cb01b1bbc9bf724b7c6e97231945a964 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_s390.deb Size/MD5 checksum: 4544838 7c2e4aa746330e0d94417a7254f03714 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_sparc.deb Size/MD5 checksum: 4501702 246893314e59799c4cabc3353fa8998f These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGh/x0wM/Gs81MDZ0RAhBEAKCTnKdYgVekvJvX8B9cz2r++tdoowCgsjNn x0APOWgiDchUvmcOce+s4Hc= =6JOd -END PGP SIGNATURE-
[SECURITY] [DSA 1327-1] New gsambad packages fix unsafe temporary files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1327[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp July 01, 2007 - Package: gsambad Vulnerability : insecurity temporary files Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-2838 Steve Kemp from the Debian Security Audit project discovered that gsambad, a GTK+ configuration tool for samba, uses temporary files in an unsafe manner which may be exploited to truncate arbitary files from the local system. For the stable distribution (etch) this problem has been fixed in version 0.1.4-2etch1. For the unstable distribution (sid) this problem will be fixed shortly. We recommend that you upgrade your gsambad package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1.diff.gz Size/MD5 checksum:24766 8ac63c3ecf53c7243f6f8675d3e2bb48 http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1.dsc Size/MD5 checksum: 609 35dc69c7f48b6b327b782d310037eac6 http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4.orig.tar.gz Size/MD5 checksum: 385776 ced255218e024b43de6d42c9fc1653d2 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_alpha.deb Size/MD5 checksum: 109878 5aadc8c608d516df18c4bffb0cee70a9 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_amd64.deb Size/MD5 checksum:92416 9f332e4530c72917193402535c9f83e4 arm architecture (ARM) http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_arm.deb Size/MD5 checksum:88570 7f540eb27987fe1d8130279f1a3f41e1 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_i386.deb Size/MD5 checksum:93918 4f47a220caba72b7daadf205545dd214 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_ia64.deb Size/MD5 checksum: 120170 68f5483b3c10a787b7d8c6f3a7a39a34 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_mipsel.deb Size/MD5 checksum:87426 7f4408ddd5cb502067dcea364344cfe8 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_powerpc.deb Size/MD5 checksum:92822 4995be1a528256e86bb254dee1b0cc0f s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_s390.deb Size/MD5 checksum:85148 8ad37130b346472026e0171d09036729 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_sparc.deb Size/MD5 checksum:87174 b4a354e57e38c7dcaad14bff8a183975 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGh/dAwM/Gs81MDZ0RAmahAKDiHd4jeEEP7/2szSHWbjEe0XWKzQCfZq9F J2BGQIUY5fRnFXthRMTUQv8= =i6Ld -END PGP SIGNATURE-
[SECURITY] [DSA 1326-1] New fireflier-server packages fix unsafe temporary files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1326[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp July 01, 2007 - Package: fireflier-server Vulnerability : insecure temporary files Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-2837 Steve Kemp from the Debian Security Audit project discovered that fireflier-server, an interactive firewall rule creation tool, uses temporary files in an unsafe manner which may be exploited to remove arbitary files from the local system. For the old stable distribution (sarge) this problem has been fixed in version 1.1.5-1sarge1. For the stable distribution (etch) this problem has been fixed in version 1.1.6-3etch1. For the unstable distribution (sid) this problem will be fixed shortly. We recommend that you upgrade your fireflier-server package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GN/Linux 3.1 alias sarge - --- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/f/fireflier/fireflier_1.1.5-1sarge1.dsc Size/MD5 checksum: 754 fd653a7d7e2c4475d1a2c2640b3e142a http://security.debian.org/pool/updates/main/f/fireflier/fireflier_1.1.5-1sarge1.tar.gz Size/MD5 checksum: 499949 4ae52e40866c6ca977ddcbf8a8b5fd65 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_alpha.deb Size/MD5 checksum:75194 8c878fe74627e6a6246333d5b14c228f http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_alpha.deb Size/MD5 checksum: 177850 027ca26aabb6aafae2acdc748d3f4050 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_alpha.deb Size/MD5 checksum:74840 d5a498e131e51d76f4044218f9298e24 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_alpha.deb Size/MD5 checksum:51402 84350d096372ab3f0aa41608adf3772f amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_amd64.deb Size/MD5 checksum:66538 34a5b65429e8ebdf4646d93ae8fc37c7 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_amd64.deb Size/MD5 checksum:66370 6f3614d84a690531039e5b7b0adc2b6b http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_amd64.deb Size/MD5 checksum:47130 68d9276db6afc61f3eec2091c6e57634 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_amd64.deb Size/MD5 checksum: 147046 d0aafacb99d698957a91df99ff6eddd5 arm architecture (ARM) http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_arm.deb Size/MD5 checksum:61610 ad9b1e6b0d0532a3494f22e6811798a9 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_arm.deb Size/MD5 checksum:64002 50b762fe9a28aa55bda45d134de95a5e http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_arm.deb Size/MD5 checksum:46878 dc55fb97f5d9a4bf8fc192d7f1f22620 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_arm.deb Size/MD5 checksum: 163486 70254f114e19769e74a02f977e70856c i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_i386.deb Size/MD5 checksum:66070 f65bbd16b3b9349271dd643b67fe5fe6 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_i386.deb Size/MD5 checksum:45686 d43fa251a29fde160e5be343ac18a5e8 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_i386.deb Size/MD5 checksum: 145080 803aa15f76f167ec61751ab4d4726011 http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_i386.deb Size/MD5 checksum:63804 8935c1620e21f806b72ac23567cfde7b ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_ia64
[SECURITY] [DSA 1324-1] New hiki packages fix missing input sanitising
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1324[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp June 28, 2007 - Package: hiki Vulnerability : missing input sanitising Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-2836 Debian Bug : 430691 Kazuhiro Nishiyama found a vulnerability in hiki, a Wiki engine written in Ruby, which could allow a remote attacker to delete arbitary files which are writable to the Hiki user, via a specially crafted session parameter. For the stable distribution (etch), this problem has been fixed in version 0.8.6-1etch1. For the unstable distribution (sid) this problem has been fixed in version 0.8.7-1. We recommend that you upgrade your hiki (0.8.6-1etch1) package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian (stable) - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/h/hiki/hiki_0.8.6-1etch1.diff.gz Size/MD5 checksum: 5418 b57f6debe38f903c7615d738f5030060 http://security.debian.org/pool/updates/main/h/hiki/hiki_0.8.6-1etch1.dsc Size/MD5 checksum: 571 22358a8449ae12c19fe6a80f8607a82f http://security.debian.org/pool/updates/main/h/hiki/hiki_0.8.6.orig.tar.gz Size/MD5 checksum: 244885 990212929cabf29e72df10a5b76ff27d Architecture independent packages: http://security.debian.org/pool/updates/main/h/hiki/hiki_0.8.6-1etch1_all.deb Size/MD5 checksum: 228092 fdbc68fca2b4939ceace21f282b0c2fb These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGhCIiwM/Gs81MDZ0RAqHyAKCux4dbxMkR5+uTsXopaovpCdvMdgCgkeCY Jm5WtleaZ53cBKoLOSXSyb0= =4Ool -END PGP SIGNATURE-
[SECURITY] [DSA 1317-1] New tinymux packages fix buffer overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA 1317-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp June 23, 2007 - Package: tinymux Vulnerability : buffer overflow Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-1655 BugTraq ID : 23292 Debian Bug : 417539 duskwave discovered that tinymux, a text-based multi-user virtual world server, performs insufficient boundary checks when working with user-supplied data, which might lead to the execution of arbitary code. For the stable distribution (etch), this problem has been fixed in version 2.4.3.31-1etch1. We recommend that you upgrade your tinymux package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1.diff.gz Size/MD5 checksum:25768 5561f8f373ba594299fb08935d0d28b8 http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31.orig.tar.gz Size/MD5 checksum: 925630 7b149de6a1ef5c26b989f05f7f894ba0 http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1.dsc Size/MD5 checksum: 609 43a81f38076f544c7d5dcee9b4805082 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_alpha.deb Size/MD5 checksum: 660202 f789e47d312651b2acdfec1bd62f35f7 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_amd64.deb Size/MD5 checksum: 646318 a715fedaa66a6656d413086c0c349c84 arm architecture (ARM) http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_arm.deb Size/MD5 checksum: 613350 546c1d9f0346a649104a32fce0ee5501 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_hppa.deb Size/MD5 checksum: 690748 2c15696925b7ea1e2c60f56613f3477e i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_i386.deb Size/MD5 checksum: 610106 82526fb744024fb62dc3db8eebe58f14 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_ia64.deb Size/MD5 checksum: 790390 77d75edb1dc316e0f6943ebb9005d7f0 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_mips.deb Size/MD5 checksum: 681474 8342b25f33cab216dbb7b2fdef538daa mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_mipsel.deb Size/MD5 checksum: 683480 28543164a051516b60abd88f6d008a72 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_powerpc.deb Size/MD5 checksum: 626322 6d66856f933ebc1771116dbe75a4f445 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_s390.deb Size/MD5 checksum: 635518 86dfa4021ef7ed8834d2e4005c7b95c4 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_sparc.deb Size/MD5 checksum: 622104 574396c035379caed5d0997f491518fb These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGfHK4wM/Gs81MDZ0RAuhqAKClWULI5wj6HNemXeQ4fvtu3sJWNwCfU6DH Z6zl2q7oKeV6U+zEpgWYBz8= =KGoY -END PGP SIGNATURE-
[SECURITY] [DSA 1316-1] New emacs21 packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory dsa-1316[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp June 21, 2007 - Package: emacs21 (21.4a+1-3etch1) Vulnerability : denial of service Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-2833 Debian Bug : 408929 It has been discovered that emacs, the GNU Emacs editor, will crash when processing certain types of images. For the stable distribution (etch), this problem has been fixed in version XXX We recommend that you upgrade your emacs21 (21.4a+1-3etch1) package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian (stable) - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1.orig.tar.gz Size/MD5 checksum: 15188829 2614ad1ce5c547e682e76049717a704d http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1.diff.gz Size/MD5 checksum: 189123 efad0ca53f0dbddb93b2cbef0edb350d http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1.dsc Size/MD5 checksum: 893 01f93796b7e4cbfb0c07fc211b49ebfa Architecture independent packages: http://security.debian.org/pool/updates/main/e/emacs21/emacs21-common_21.4a+1-3etch1_all.deb Size/MD5 checksum: 9450540 eb73296f7683a65384cd41905f6dc39c http://security.debian.org/pool/updates/main/e/emacs21/emacs21-el_21.4a+1-3etch1_all.deb Size/MD5 checksum: 7218194 cac7a6629afe81db77af34e344194852 http://security.debian.org/pool/updates/main/e/emacs21/emacs_21.4a+1-3etch1_all.deb Size/MD5 checksum:23846 b8675a67384a58f59befec0577eca744 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_alpha.deb Size/MD5 checksum: 2329172 9468d7d11509518ec4d6e97caf26cc86 http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_alpha.deb Size/MD5 checksum: 2085080 6576dd8ef28a1055cb1017ffcc9aad74 http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_alpha.deb Size/MD5 checksum: 182974 565e5a66ab03c426078faa70c3305349 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_amd64.deb Size/MD5 checksum: 1969826 691f4641f9c3e3fd37b149ae5478d65d http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_amd64.deb Size/MD5 checksum: 2187854 9fcfd83efc6ce06c675e68fa43b8fded http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_amd64.deb Size/MD5 checksum: 162136 1973e185e0c221c03dbf77df2e460df7 arm architecture (ARM) http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_arm.deb Size/MD5 checksum: 1828924 f6bce578f44fb1f1a1ab31217f926708 http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_arm.deb Size/MD5 checksum: 2030164 e3991619fdb58d75d95ab480fb191c79 http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_arm.deb Size/MD5 checksum: 147964 84453604acd1f52971da2bdd785fad17 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_hppa.deb Size/MD5 checksum: 1961192 f169821c8a1f27c44c3a2f41ca2f3651 http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_hppa.deb Size/MD5 checksum: 2187120 37e9cc501a0ed894506700f3979a9cc0 http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_hppa.deb Size/MD5 checksum: 162908 be7bc21995279915d27c5755904373d5 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_i386.deb Size/MD5 checksum: 146884 f295798eef85bf559ca830f0a87de5c1 http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_i386.deb Size/MD5 checksum: 2029074 0ad01edbae57f38fd98b7e166363c15d http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_i386.deb Size/MD5 checksum: 1837132 3228c6d0f29ef3367c962893e6ea7325 ia64 architecture (Intel ia64) http
[SECURITY] [DSA 1310-1] New libexif packages fix integer overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1310-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp June 16, 2007 - Package: libexif (0.6.13-5etch1) Vulnerability : integer overflow Problem type : local Debian-specific: no CVE Id(s) : CVE-2006-4168 Debian Bug : 424775 A vulnerability has been discovered in libexif, a library to parse EXIF files, which allows denial of service and possible execution of arbitary code via malformed EXIF data. For the stable distribution (etch), this problem has been fixed in version 0.6.13-5etch1. We recommend that you upgrade your libexif (0.6.13-5etch1) package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian (stable) - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13-5etch1.dsc Size/MD5 checksum: 611 1ef82262d96e0b157f7ee74bfad7cf1f http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13.orig.tar.gz Size/MD5 checksum: 727418 e5ad93c170bfb4fed6dc3e1c7a7948cb http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13-5etch1.diff.gz Size/MD5 checksum: 9163 476ae8f1ef4103144ca0f3ea59e88ca4 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_alpha.deb Size/MD5 checksum: 1067984 e5c33b25fd459761ea2d19d9142b5cdf http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_alpha.deb Size/MD5 checksum: 148336 88bc8cc66ad78ddf4b096015148dba82 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_amd64.deb Size/MD5 checksum: 142954 ceeccbe1112250949070f1c06b78536c http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_amd64.deb Size/MD5 checksum: 1044550 b55daeeb41735e7f3024d68186643805 arm architecture (ARM) http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_arm.deb Size/MD5 checksum: 997646 18411c1a63d5d4e537992140cbdf7721 http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_arm.deb Size/MD5 checksum: 135988 1195dbf898c9550590a2a76b327a4eb4 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_hppa.deb Size/MD5 checksum: 147200 dece4fe67839197f3f4cbac78aec2a43 http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_hppa.deb Size/MD5 checksum: 1013194 6de2cec24dffdeffa1abf69175d48962 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_i386.deb Size/MD5 checksum: 998686 19d1987a4222f5da26521ba96dbf20cf http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_i386.deb Size/MD5 checksum: 139954 73713093a5b8e423284e7bc5bd55a120 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_ia64.deb Size/MD5 checksum: 159424 f1a821774f55ffc4e1aa1238d05835e3 http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_ia64.deb Size/MD5 checksum: 1028554 c599bc392ff53a2f1b8da9d0270dd6b1 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_mips.deb Size/MD5 checksum: 13 42403f5fe88c1608fbd99e24b0fba51a http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_mips.deb Size/MD5 checksum: 1008580 24c2d6980675f456a8771b665ea43b75 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_mipsel.deb Size/MD5 checksum: 136120 fea308e90afe74d83dbc00d800d08a3d http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_mipsel.deb Size/MD5 checksum: 1008154 6c88505ee31716eb604d1d1ccdbf33f0 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_powerpc.deb Size/MD5 checksum: 1005486 997bbd5a30ba6012c8394df7bd95d095
[SECURITY] [DSA 1309-1] New libexif packages fix integer overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1309-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp June 16, 2007 - Package: libexif (0.6.9-6sarge1) Vulnerability : integer overflow Problem type : local Debian-specific: no CVE Id(s) : CVE-2006-4168 Debian Bug : 424775 A vulnerability has been discovered in libexif, a library to parse EXIF files, which allows denial of service and possible execution of arbitary code via malformed EXIF data. For the old-stable distribution (sarge), this problem has been fixed in version 0.6.9-6sarge1. We recommend that you upgrade your libexif (0.6.9-6sarge1) package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 3.1 (oldstable) - -- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9-6sarge1.diff.gz Size/MD5 checksum: 4786 7f1c3acc1bd7a5cbba3d5902243641f3 http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9-6sarge1.dsc Size/MD5 checksum: 591 42d25baee97586f3ea1498a8f48ccf4a http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9.orig.tar.gz Size/MD5 checksum: 520956 0aa142335a8a00c32bb6c7dbfe95fc24 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_alpha.deb Size/MD5 checksum:87472 b89fd309bcdbffe922868fdc94ae3995 http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_alpha.deb Size/MD5 checksum:87512 dfe1e955fa930314229d7bb60e3ff836 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_amd64.deb Size/MD5 checksum:82032 4c5f701021eb2000bc3ef6f883567ce2 http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_amd64.deb Size/MD5 checksum:67686 16b056d71ca768c86008dcee30866f60 arm architecture (ARM) http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_arm.deb Size/MD5 checksum:77166 2aa58aba802cace8d19c69bde064353f http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_arm.deb Size/MD5 checksum:63856 c4d53b9592202e1fdd33488fd60c6d34 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_hppa.deb Size/MD5 checksum:72520 ee8e668619021e6b7835008ff995b7d9 http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_hppa.deb Size/MD5 checksum:87552 98de1cc25069f89469b2d27163f5899b i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_i386.deb Size/MD5 checksum:81852 c160054570be46b37aea3eab9b4eaccb http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_i386.deb Size/MD5 checksum:67106 d068596d9648d1ce07eab1cc960cc64c ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_ia64.deb Size/MD5 checksum:84206 0246ab59dabd154efd976ff66bc92f41 http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_ia64.deb Size/MD5 checksum:95380 154b1660da3aa9de555d2a01771069f6 m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_m68k.deb Size/MD5 checksum:79144 d4efcd6b0d598fbdb5f63a8737f49964 http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_m68k.deb Size/MD5 checksum:57968 d746fafbc55a58c83920a6630b416365 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_mips.deb Size/MD5 checksum:68116 231d9384f29995322dca3d138aa0bd41 http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_mips.deb Size/MD5 checksum:77876 d245ced8cef61e9b29c01891fb28be83 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_mipsel.deb Size/MD5 checksum:77066
[SECURITY] [DSA 1303-1] New lighttpd packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1303-1[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp June 10, 2007 http://www.debian.org/security/faq - -- Package: lighttpd Vulnerability : denial of service Problem-Type : local & remote Debian-specific: no CVE ID : CVE-2007-1870 CVE-2007-1869 Debian Bug : 422254 Two problems were discovered with lighttpd, a fast webserver with minimal memory footprint, which could allow denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1869 Remote attackers could cause denial of service by disconnecting partway through making a request. CVE-2007-1870 A NULL pointer dereference could cause a crash when serving files with a mtime of 0. For the stable distribution (etch) these problems have been fixed in version 1.4.13-4etch1. For the unstable distribution (sid) these problems have been fixed in version 1.4.14-1. We recommend that you upgrade your lighttpd package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Source archives: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1.dsc Size/MD5 checksum: 1098 ef3730d86ea77e526e66127d934f03c6 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1.diff.gz Size/MD5 checksum:15173 411d82d078a5303943389fc3521e7fba http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz Size/MD5 checksum: 793309 3a64323b8482b0e8a6246dbfdb4c39dc Architecture independent components: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch1_all.deb Size/MD5 checksum:99474 8a94fa9556f1429528319f1a1fa568f1 Alpha architecture: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_alpha.deb Size/MD5 checksum: 318162 283fd8d6c7c27f4bd61898247da07db9 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_alpha.deb Size/MD5 checksum:64510 d0944bbc86a22daa45999afd00676920 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_alpha.deb Size/MD5 checksum:64070 d685ea88c4b629bab5771d08621aa81c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_alpha.deb Size/MD5 checksum:59074 aad74a6b17e86c8c68b63717b4448e22 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_alpha.deb Size/MD5 checksum:60828 c136287cae4f4cea113657ea6b01ce41 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_alpha.deb Size/MD5 checksum:71320 bc0aa14a9955e2f386fbb43c6061ff8b AMD64 architecture: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_amd64.deb Size/MD5 checksum: 296426 7cbf0ee2b5a3c27b3478ae096419beef http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_amd64.deb Size/MD5 checksum:63922 981c2f63505bd5394c639a1aa93fa25a http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_amd64.deb Size/MD5 checksum:63646 d4ec90dda80422e47115faf57396bb05 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_amd64.deb Size/MD5 checksum:59132 a6cc6145c017eae377b20887dae4618c http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_amd64.deb Size/MD5 checksum:60724 6a6af3f67680ea042ea5e8a6d2170139 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_amd64.deb Size/MD5 checksum:69976 739708ec1200c70a6cc4b468080b49ae ARM architecture: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_arm.deb Size/MD5 checksum: 288014 1114e00e94dc60364fa9aaad59183836 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_arm.deb Size/MD5 checksum:62602 9947d36ac758e7d7cd78064c147ddbe2 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_arm
[SECURITY] [DSA 1302-1] New freetype packages fix integer overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1302-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp June 10, 2007 - Package: freetype (2.2.1-5+etch1) Vulnerability : integer overflow Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-2754 Debian Bug : 425625 A problem was discovered with freetype, a FreeTyp2 font engine, which could allow the execution of arbitary code via an integer overflow in specially crafted TTF files. For the stable distribution (etch), this problem has been fixed in version 2.2.1-5+etch1. For the unstable distribution (sid), this problem has been fixed in version 2.2.1-6. We recommend that you upgrade your freetype (2.2.1-5+etch1) package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian (stable) - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch1.dsc Size/MD5 checksum: 798 187a09fa137f44644a826cc561851023 http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1.orig.tar.gz Size/MD5 checksum: 1451392 a584e84d617c6e7919b4aef9b5106cf4 http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch1.diff.gz Size/MD5 checksum:30963 83f454db44bdb8929e0f0381143dc5db alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_alpha.deb Size/MD5 checksum: 385008 7d52ba8722e4b357f68abb578b60a52a http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_alpha.deb Size/MD5 checksum: 170448 7f2728c29efd7ca024531d8ebf88addc http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_alpha.deb Size/MD5 checksum: 732032 116feac33169db3e45c3dc53e4f3157b http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_alpha.udeb Size/MD5 checksum: 279204 e62e7644d9d1e22b23e81c6fda87b6d1 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_amd64.deb Size/MD5 checksum: 353436 afa12b9f6f0e6bda42de60aa1e019b50 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_amd64.deb Size/MD5 checksum: 150526 825c996331a2c0cd274e2b15a8fee7d4 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_amd64.udeb Size/MD5 checksum: 248150 f8b87164256e2c6670ab72c07700dbd8 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_amd64.deb Size/MD5 checksum: 668724 77394a0182401d64247d41e5877cbe9b arm architecture (ARM) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_arm.deb Size/MD5 checksum: 64 0d7346c0579975150072ce120d99c304 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_arm.deb Size/MD5 checksum: 641304 4bb19236147b7dcc902d12ca757d6473 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_arm.deb Size/MD5 checksum: 134424 6ea68e623f447fddc5f8cb70a24d6859 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_arm.udeb Size/MD5 checksum: 227222 ecc5609d412cf0c093ff11ad678bd5b8 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_hppa.deb Size/MD5 checksum: 680184 7e3cb9e8883b4d1f867ca4a540ce809f http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_hppa.deb Size/MD5 checksum: 150926 461bcc2b91d791e5f53d0ad9e7f9dbec http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_hppa.udeb Size/MD5 checksum: 260406 058fbb02c754707bd01a37bbb0de5a35 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_hppa.deb Size/MD5 checksum: 366546 5a6c3b19844f9b1d0275ffae21c87871 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_i386.deb Size/MD5 checksum: 341778 f800ba2ee94137591a764136ec71cbd9 http
[SECURITY] [DSA 1251-1] New netrik packages fix arbitary shell command execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1251-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp January 21, 2007 - Package: netrik Vulnerability : insufficient escaping Problem type : remote Debian-specific: no CVE Id(s) : CVE-2006-6678 Debian Bug : 404233 It has been discovered that netrik, a text mode WWW browser with vi like keybindings, doesn't properly sanitize temporary filenames when editing textareas which could allow attackers to execute arbitrary commands via shell metacharacters. For the stable distribution (sarge), this problem has been fixed in version 1.15.4-1sarge1. For the upcoming stable distribution (etch) this problem has been fixed in version 1.15.3-1.1. For the unstable distribution (sid) this problem has been fixed in version 1.15.3-1.1. We recommend that you upgrade your netrik package. Upgrade instructions - Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1.dsc Size/MD5 checksum: 620 31e1673b4ac99919469faf3dc9c54a08 http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1.diff.gz Size/MD5 checksum:22821 7a55e2a9d74a24cb891afd4e9a44c703 http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3.orig.tar.gz Size/MD5 checksum: 216160 1d0a41153b93b07b8cdaa9e7e9556848 Alpha architecture: http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_alpha.deb Size/MD5 checksum: 278212 a6b2f7f278cfe2f30d3f0fd954ad3e53 AMD64 architecture: http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_amd64.deb Size/MD5 checksum: 273334 b6b7826f7d876a963ce423bee53121b3 ARM architecture: http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_arm.deb Size/MD5 checksum: 270014 dc2dfdb7e203515859391e57207a224c HP Precision architecture: http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_hppa.deb Size/MD5 checksum: 275476 8184e4e6ea4f08cb6ce7d9a2350860af Intel IA-32 architecture: http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_i386.deb Size/MD5 checksum: 276780 a8ed3c443444e5090d58c7d422825381 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_ia64.deb Size/MD5 checksum: 292688 7efd26ab39d1056f6c520498fdf352a1 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_m68k.deb Size/MD5 checksum: 264084 2ebb4ec950c7bb92fe8c257f70905ba0 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_mips.deb Size/MD5 checksum: 272624 9764fbbb151dcd282582c163c2457aeb Little endian MIPS architecture: http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_mipsel.deb Size/MD5 checksum: 272788 9007ba43c4539f3620509a51889729c8 PowerPC architecture: http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_powerpc.deb Size/MD5 checksum: 272240 4700e9b69cd678582ccfc29e5ab05633 IBM S/390 architecture: http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_s390.deb Size/MD5 checksum: 271492 dd41604dce1d89ec3b3dfec99a56a5b2 Sun Sparc architecture: http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_sparc.deb Size/MD5 checksum: 269562 bb4650deeda9ee6089bc9021e54a3e86 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFFs2U8wM/Gs81MDZ0RAmPwAJsHMHzDBpZjY1yR4jN0Th7VkpccPQCg3+hF k00YfNiLWl2CGCWK3pHvwvI= =SsA
[SECURITY] [DSA-1240-1] New links2 packages fix arbitrary shell command execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1240-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp December 21, 2006 - Package: links2 Vulnerability : insufficient escaping Problem type : remote Debian-specific: no CVE Id(s) : CVE-2006-5925 Debian Bug : 400718 Teemu Salmela discovered that the links2 character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands. For the stable distribution (sarge) this problem has been fixed in version 2.1pre16-1sarge1. For the upcoming stable distribution (etch) this problem has been fixed in version 2.1pre26-1. For the unstable distribution (sid) this problem has been fixed in version 2.1pre26-1. We recommend that you upgrade your links2 package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 3.1 (stable) - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1.diff.gz Size/MD5 checksum:28658 a83c79990bbfb6f9ec26d737f767ee90 http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16.orig.tar.gz Size/MD5 checksum: 4217483 7baf4fc20cc244d80ead21cebff07d89 http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1.dsc Size/MD5 checksum: 841 ed4853334b7eebef055271df06cdcd7a alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_alpha.deb Size/MD5 checksum: 2110324 b3633fddb199c45339d3837bb0a519a0 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_amd64.deb Size/MD5 checksum: 2040922 5fb402e6a833709741d20238346c7597 arm architecture (ARM) http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_arm.deb Size/MD5 checksum: 1996004 c7c79ddcb82d5758668ed71d74b9685f i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_i386.deb Size/MD5 checksum: 1997426 4c1ef611e31c57583f7471653962a84a m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_m68k.deb Size/MD5 checksum: 1904084 e5c777a07eaa88f4367b51d88c556a14 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_mips.deb Size/MD5 checksum: 2034596 22854de6eaf3aa1e392291760e85e5e8 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFFil26wM/Gs81MDZ0RAvPPAJ9cxthVIvv2w2UmXuzhiiPR21aOjgCgo7J8 vA5Gql5VNhz4zm/QV5K4pig= =JT/Q -END PGP SIGNATURE-
[SECURITY] [DSA-1236-1] New enemies-of-carlotta package fix missing sanity checks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1236-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp December 13, 2006 - Package: enemies-of-carlotta Vulnerability : missing sanity checks Problem type : remote Debian-specific: no CVE Id(s) : CVE-2006-5875 Antti-Juhani Kaijanaho discovered that enemies-of-carlotta, a simple manager for mailing lists, does not properly sanitise email addresses before passing them through to the system shell. For the stable distribution (sarge), this problem has been fixed in version 1.0.3-1sarge1 We recommend that you upgrade your enemies-of-carlotta package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 3.1 (stable) - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3.orig.tar.gz Size/MD5 checksum:50970 c128776396562ef1c678e438422d11fb http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1.dsc Size/MD5 checksum: 615 15c19c6a0ba8b3350f7ada9074713d12 http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1.diff.gz Size/MD5 checksum: 3587 c5e36788f3e1375c1f97533f1692de4a Architecture independent packages: http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1_all.deb Size/MD5 checksum:42722 d78136bff713315256626eec51521c83 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFFf/GVwM/Gs81MDZ0RAn4jAKCix0rudNOKLzx7KVBq8xxtU0wryACfS2PN HRjdDPz/0i1ssaEXt00F+Ag= =rmMW -END PGP SIGNATURE-
[SECURITY] [DSA-1235-1] New ruby1.8 package fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1235-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp December 13, 2006 - Package: ruby1.8 Vulnerability : Denial of service Problem type : remote Debian-specific: no CVE Id(s) : CVE-2006-5467 Debian Bug : 398457 A denial of service vulnerability has been discovered in the CGI library included with Ruby, the intepreted scripting langauge for quick and easy object-orientated programming. For the stable distribution (sarge), this problem has been fixed in version 1.8.2-7sarge5. We recommend that you upgrade your ruby1.8 package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 3.1 (stable) - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge5.dsc Size/MD5 checksum: 1024 912f2bb9a68ba4c1dcad47ebded0946f http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2.orig.tar.gz Size/MD5 checksum: 3623780 4bc5254bec262d18cf1ceef03aae8bdf http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge5.diff.gz Size/MD5 checksum: 537107 452d8fc55dd8b09fcce1fa843146316e Architecture independent packages: http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.2-7sarge5_all.deb Size/MD5 checksum: 234904 3c678d4f692f0a815f8e123ce1ec5cbc http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.2-7sarge5_all.deb Size/MD5 checksum: 142342 8aa7ade9e0b3af75caf49850d61188f8 http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.2-7sarge5_all.deb Size/MD5 checksum: 166572 9d149f07d1d580561c8fd139b2505806 http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.2-7sarge5_all.deb Size/MD5 checksum: 721046 ca07956a53ad6032c5770d36f6b83be6 http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.2-7sarge5_all.deb Size/MD5 checksum: 219032 4a2eec33f380b225db9c3b73d4925872 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge5_alpha.deb Size/MD5 checksum: 796230 c83c345488cb4d6073af0094e3343657 http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge5_alpha.deb Size/MD5 checksum: 237746 b57a4a2a3d3029098e5ec51456dfbf96 http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge5_alpha.deb Size/MD5 checksum: 133570 d59fed9aabc5fd7bd85e52a5994885ee http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge5_alpha.deb Size/MD5 checksum: 1468624 30354f8ce99453f748a2b73c0ecbe35d http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge5_alpha.deb Size/MD5 checksum: 137664 598deb2773a96cc9a3d6c6aa50d41970 http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge5_alpha.deb Size/MD5 checksum: 1450302 90a592d6acc3c433e3055b7d48d72619 http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge5_alpha.deb Size/MD5 checksum: 152112 30df21197d9c6f4f79173d4010bececa http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge5_alpha.deb Size/MD5 checksum: 136106 7bfe56ddd935299f5725d391c7d87c29 http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge5_alpha.deb Size/MD5 checksum: 827214 cea044e68e0b5c823d99a675c2382e0a amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge5_amd64.deb Size/MD5 checksum: 234196 3c6eeabc8701ba4362f4688b2806e08d http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge5_amd64.deb Size/MD5 checksum: 1392588 c04ec457b39ebeca3a657b89be94be10 http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge5_amd64.deb Size/MD5 checksum: 151770 d04f1108db6e218b5ec17f1f63433aa3 http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge5_amd64.deb Size/MD5 checksum: 780908 efe048b111da22bc9fa7d0272e9f0e73 http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline
[SECURITY] [DSA-1234-1] New ruby1.6 package fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1234-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp December 13, 2006 - Package: ruby1.6 (1.6.8-12sarge3) Vulnerability : Denial of service Problem type : remote Debian-specific: no CVE Id(s) : CVE-2006-5467 Debian Bug : 398457 A denial of service vulnerability has been discovered in the CGI library included with Ruby, the intepreted scripting langauge for quick and easy object-orientated programming. For the stable distribution (sarge), this problem has been fixed in version 1.6.8-12sarge3. We recommend that you upgrade your ruby1.6 package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 3.1 (stable) - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge3.dsc Size/MD5 checksum: 995 afe54a8363d4d14b066f32b07b095dde http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge3.diff.gz Size/MD5 checksum:78860 73e5ba7c3a427ceb1bf4926cf9e440a9 http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8.orig.tar.gz Size/MD5 checksum: 1022364 aa1e272added83a5206c565d62c9c8ed Architecture independent packages: http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-elisp_1.6.8-12sarge3_all.deb Size/MD5 checksum: 152700 0086c6b5b4d81a689ec8ab938e495e33 http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-examples_1.6.8-12sarge3_all.deb Size/MD5 checksum: 160374 ad819f654e8b072a38ebbf2e6aa24fd5 http://security.debian.org/pool/updates/main/r/ruby1.6/irb1.6_1.6.8-12sarge3_all.deb Size/MD5 checksum: 174876 7518ee339c9c8450d13097c25d1ab034 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge3_alpha.deb Size/MD5 checksum: 178640 225d0be161efb37087a2ce9de3b37566 http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge3_alpha.deb Size/MD5 checksum: 688428 154f8e9a83bd637ff39df9023fad0bbb http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge3_alpha.deb Size/MD5 checksum: 145022 cba2af385573937052fe3f00664841d3 http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge3_alpha.deb Size/MD5 checksum: 146562 eabbf08274f6cce027ace854627157cb http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge3_alpha.deb Size/MD5 checksum: 146560 5e49af7b3cbb7a60cf6d8ab3c453c1f2 http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge3_alpha.deb Size/MD5 checksum: 149118 dfcee284ca8d7e913b264f12de7d260f http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge3_alpha.deb Size/MD5 checksum: 145046 5dd5914d57db7623cc2e25e4c0a7287a http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge3_alpha.deb Size/MD5 checksum: 144908 d088c80629003bd8a800b2b8da360b11 http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge3_alpha.deb Size/MD5 checksum: 726692 a1d9bcf1e1c34576113b7c65a57f0576 http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge3_alpha.deb Size/MD5 checksum: 700268 f0097fe8617fa00e30bfe746eb13706b http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge3_alpha.deb Size/MD5 checksum: 165542 13bf6ffc763f2ca0d9af8522e2638dfd http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge3_alpha.deb Size/MD5 checksum: 148628 940fbeb69ccec2ab3b4956511642dccc http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge3_alpha.deb Size/MD5 checksum: 159290 b403a9bb1d6e5c3007b4d283620c0302 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge3_amd64.deb Size/MD5 checksum: 164818 aff47f4b190bf00d9b8e9903373c6333 http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge3_amd64.deb Size/MD5 checksum: 148026 21e694282148b8631aee26ca6b2ad9b8 http
[SECURITY] [DSA-1230-1] new l2tpns packages fix buffer overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1230-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp December 08, 2006 - Package: l2tpns (2.0.14-1sarge1) Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE Id(s) : CVE-2006-5873 Debian Bug : 401742 Rhys Kidd discovered a vulnerability in l2tpns, a layer 2 tunnelling protocol network server, which could be triggered by a remote user to execute arbitary code. For the stable distribution (sarge), this problem has been fixed in version 2.0.14-1sarge1. For the unstable distribution (sid) this problem has been fixed in version 2.1.21-1 We recommend that you upgrade your l2tpns package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 3.1 (stable) - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14.orig.tar.gz Size/MD5 checksum: 149672 462bca675b5e27f40f5e5f92918911cb http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1.diff.gz Size/MD5 checksum: 2760 21dd07043e996a6deb282ad9318ff523 http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1.dsc Size/MD5 checksum: 585 16faad913601881770b688f2fc8e8357 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_alpha.deb Size/MD5 checksum: 195906 4d8481e9bf411cd71b3439fba8c65f4d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_amd64.deb Size/MD5 checksum: 152440 164d2205b4cd8fc99bc4763fb7ac9b38 arm architecture (ARM) http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_arm.deb Size/MD5 checksum: 151706 317794e1cbd89bf03a5276a5e0e6e946 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_hppa.deb Size/MD5 checksum: 169062 80e4b651500315e6cfeae09cbd990cca i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_i386.deb Size/MD5 checksum: 144584 4a447fcc5dae3781f84f21bc8a262937 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_ia64.deb Size/MD5 checksum: 227898 e14fc8e036271566d4a9178e10650ad3 m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_m68k.deb Size/MD5 checksum: 128076 e30c757e00a9914890caeab4da5e364d mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_mips.deb Size/MD5 checksum: 165256 c5eadfb746ff587e557241fcea756011 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_mipsel.deb Size/MD5 checksum: 168406 b11641d83e799878de35512edb09dbfa powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_powerpc.deb Size/MD5 checksum: 168706 9b4038dbfaa5fe14ac7df25857cc0e7f s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_s390.deb Size/MD5 checksum: 155020 d4a196ecf8b13ae8d0830e45571cc29d sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_sparc.deb Size/MD5 checksum: 160188 ab36083d96a6d5ca028d93032eccdec0 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFFeYTewM/Gs81MDZ0RAiNuAJ4o30KstSFj0X5GrshuYyqA9ZQD+ACg0Sra sYfycLstw+C/fh2GUnJDBdM= =zQOG -END PGP SIGNATURE-
[SECURITY] [DSA 1205-2] New thttpd packages fix insecure temporary file creation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1205-2[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp December 1sd, 2006 http://www.debian.org/security/faq - -- Package: thttpd Vulnerability : insecure temporary files Problem-Type : local Debian-specific: yes CVE ID : CVE-2006-4248 Debian Bug : 396277 Marco d'Itri discovered that thttpd, a small, fast and secure webserver, makes use of insecure temporary files when its logfiles are rotated, which might lead to a denial of service through a symlink attack. The original advisory for this issue didn't contain fixed packages for all supported architectures which are corrected in this update. For the stable distribution (sarge) this problem has been fixed in version 2.23beta1-3sarge2 For the unstable distribution (sid) this problem has been fixed in version 2.23beta1-5 We recommend that you upgrade your thttpd package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2.dsc Size/MD5 checksum: 614 0f9a3730f341fa0151596a3b9f20764d http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2.diff.gz Size/MD5 checksum:14313 8545dd3d0f7a2083ecca36e53e72bd6b http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1.orig.tar.gz Size/MD5 checksum: 128712 d3d91f6596f53d5e2b27cea8607d5bba Alpha architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_alpha.deb Size/MD5 checksum:59270 d4076615e782deb79cabae37733de534 http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_alpha.deb Size/MD5 checksum:28056 ee6e6b7619755da6478e349d03fd AMD64 architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_amd64.deb Size/MD5 checksum:56090 59ab35cd4a12c7a010229e793d3d031b http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_amd64.deb Size/MD5 checksum:26518 76286320653018389937886b1e6b2cfa ARM architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_arm.deb Size/MD5 checksum:53230 cf8a02a2f0f3bd64522f79111f079642 http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_arm.deb Size/MD5 checksum:24694 88d75dcab4fa8bca63f48afb04ded258 HP Precision architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_hppa.deb Size/MD5 checksum:57420 0104f76c6a50be56598ecb7ebb6317a4 http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_hppa.deb Size/MD5 checksum:26984 46a6908e5e1a0c02bb6b065ed6fab80d Intel IA-32 architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_i386.deb Size/MD5 checksum:51180 991b1072ebd903b6a9ee316b1bfdc8c6 http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_i386.deb Size/MD5 checksum:24776 fd3dddb60d160a6245da4c7efd5dcfe4 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_ia64.deb Size/MD5 checksum:71992 3ae1510acb0dad29743795678058e467 http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_ia64.deb Size/MD5 checksum:30360 d1b09a54ddb43b6cf5b080e59dbb9792 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_m68k.deb Size/MD5 checksum:50170 58f820e0cc1ff0921d641fc4f340d4ae http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_m68k.deb Size/MD5 checksum:24834 fd383afb658a319f594056f14107c6f7 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_mips.deb Size/MD5 checksum:57060 d42bd66e806d204f9b01559148cbbbea http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_mips.deb Size/MD5 checksum
[SECURITY] [DSA-1205-1] New thttpd packages fix insecure temporary file creation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1205-1[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp November 2rd, 2006 http://www.debian.org/security/faq - -- Package: thttpd Vulnerability : insecure temporary files Problem-Type : local Debian-specific: yes CVE ID : CVE-2006-4248 Debian Bug : 396277 Marco d'Itri discovered that thttpd, a small, fast and secure webserver, makes use of insecure temporary files when its logfiles are rotated, which might lead to a denial of service through a symlink attack. For the stable distribution (sarge) this problem has been fixed in version 2.23beta1-3sarge2 For the unstable distribution (sid) this problem has been fixed in version 2.23beta1-5 We recommend that you upgrade your thttpd package. Upgrade Instructions - - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - - Source archives: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2.dsc Size/MD5 checksum: 614 0f9a3730f341fa0151596a3b9f20764d http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2.diff.gz Size/MD5 checksum:14313 8545dd3d0f7a2083ecca36e53e72bd6b http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1.orig.tar.gz Size/MD5 checksum: 128712 d3d91f6596f53d5e2b27cea8607d5bba Alpha architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_alpha.deb Size/MD5 checksum:59240 f6854853b290fe2ce1a925cbbea3856a http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_alpha.deb Size/MD5 checksum:27978 6b4680363644b459e0e47222985f749f AMD64 architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_amd64.deb Size/MD5 checksum:56034 9848065d7700f2f6e0a036ee76e8fcf7 http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_amd64.deb Size/MD5 checksum:26456 befb78e032aa654e5fcfcc7c9fdff21b ARM architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_arm.deb Size/MD5 checksum:53198 6a9c1e8afaa60a7b4b7787729dd97b9b http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_arm.deb Size/MD5 checksum:24610 f35f8b0a749694fea536296d2a41e1f0 HP Precision architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_hppa.deb Size/MD5 checksum:57374 4755b42efc9a48b59b1e745862e01098 http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_hppa.deb Size/MD5 checksum:26912 557472d5a3e182b86999baa0b89846ba Intel IA-32 architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_i386.deb Size/MD5 checksum:51180 991b1072ebd903b6a9ee316b1bfdc8c6 http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_i386.deb Size/MD5 checksum:24776 fd3dddb60d160a6245da4c7efd5dcfe4 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_ia64.deb Size/MD5 checksum:71954 924db7bf3beb5ce3c0e5018759aef3d6 http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_ia64.deb Size/MD5 checksum:30276 530abc02e3c392a91bff06fe1d8ce7af Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_m68k.deb Size/MD5 checksum:50132 bcb24b62afb868c5e04b8c1db66e6cc3 http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_m68k.deb Size/MD5 checksum:24756 4b30d87639b3d6b7ca58537cf16c6953 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_mips.deb Size/MD5 checksum:57044 410e480e061a3876b7ff01beaffb571e http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_mips.deb Size/MD5 checksum:30980 2cda342ba6a04fdbe0a938359eeff813 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/t/t
[SECURITY] [DSA 1166-2] New cheesetraceker packages fix buffer overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1166-2 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp October 13, 2006 - Package: cheesetracker (0.9.9-1sarge1) Vulnerability : buffer overflow Problem-Type : local Debian-specific: no CVE ID : CVE-2006-3814 BugTraq ID : 20060723 Debian Bug : 380364 This update to DSA-1166 adds the architectures which were missing from the previous advisory. Luigi Auriemma discovered a buffer overflow in the loading component of cheesetracker, a sound module tracking program, which could allow a maliciously constructed input file to execute arbitary code. For the stable distribution (sarge) this problem has been fixed in version 0.9.9-1sarge1. For the unstable distribution (sid) this problem has been fixed in version 0.9.9-6. We recommend that you upgrade your cheesetracker package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 3.1 (stable) - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_mips.deb Size/MD5 checksum: 1050496 e5a01ae14aa451723afad8e18bbe748f mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_mipsel.deb Size/MD5 checksum: 1043988 0e4a9ee9244b41311eea39b2f90528c9 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFFL5f5wM/Gs81MDZ0RAp1TAJ9uSR+XWiU/HAEKgGREFQe/U+RmHgCdFOqU ZjgRra+RqfGfMy90mAtHXso= =VhBo -END PGP SIGNATURE-
[SECURITY] [DSA 1167-1] New apache packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1167-1[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp September 4th, 2005 http://www.debian.org/security/faq - -- Package: apache Vulnerability : missing input sanitising Problem-Type : remote Debian-specific: no CVE ID : CVE-2006-3918 CVE-2005-3352 Debian Bug : 381381 343466 Several remote vulnerabilities have been discovered in the Apache, the worlds most popular webserver, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3352 A cross-site scripting (XSS) flaw exists in the mod_imap component of the Apache server. CVE-2006-3918 Apache does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks. For the stable distribution (sarge) these problems have been fixed in version 1.3.33-6sarge3. For the unstable distribution (sid) these problems have been fixed in version 1.3.34-3. We recommend that you upgrade your apache package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3.dsc Size/MD5 checksum: 1119 38df6fe54a784dfcbf3e1510e099865e http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3.diff.gz Size/MD5 checksum: 373584 2af62cfb3d6523134bf52d32567d396a http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33.orig.tar.gz Size/MD5 checksum: 3105683 1a34f13302878a8713a2ac760d9b6da8 Architecture independent components: http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.33-6sarge3_all.deb Size/MD5 checksum: 334696 494bae0fb839c498146119864a215a45 http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.33-6sarge3_all.deb Size/MD5 checksum: 1333060 d580b14b6d0dcd625d2e5d8cd052e172 http://security.debian.org/pool/updates/main/a/apache/apache-utils_1.3.33-6sarge3_all.deb Size/MD5 checksum: 212750 62b603132ddffa8f1d209e25efaf710b Alpha architecture: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_alpha.deb Size/MD5 checksum: 428394 f046f50e83b2001911b075426a00496e http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_alpha.deb Size/MD5 checksum: 904410 11ab4e174f28b2ad55a4b8fe9164ec70 http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_alpha.deb Size/MD5 checksum: 9223374 18af7b52030a8235808f758c9adc2233 http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_alpha.deb Size/MD5 checksum: 569796 3df0cdde9f4293b732b00535e288638d http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_alpha.deb Size/MD5 checksum: 542832 a76d1fe52c6c7b604a4406b09b553dfb http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_alpha.deb Size/MD5 checksum: 505212 cd448b4a36c588e832fb3450ee568383 AMD64 architecture: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_amd64.deb Size/MD5 checksum: 401596 25172b26459154f43f6d6a30ca984223 http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_amd64.deb Size/MD5 checksum: 876800 90566c369fb5bd3aef95cb1a982c4673 http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_amd64.deb Size/MD5 checksum: 9163050 0039650aceb91734f4d28d71ed03b0b7 http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_amd64.deb Size/MD5 checksum: 524552 974a82bc6cad36fceca1beb7e6e8a751 http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_amd64.deb Size/MD5 checksum: 513922 cee41d6c34a440aa2641c6298afaec78 http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_amd64.deb Size/MD5 checksum: 492634 a42522ddd4b1b0df67c214fe8fe30702 ARM architecture: http
[SECURITY] [DSA 1166-1] New cheesetraceker packages fix buffer overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1166-1[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp September 3rd, 2006 http://www.debian.org/security/faq - -- Package: cheesetracker Vulnerability : buffer overflow Problem-Type : local Debian-specific: no CVE ID : CVE-2006-3814 BugTraq ID : 20060723 Debian Bug : 380364 Luigi Auriemma discovered a buffer overflow in the loading component of cheesetracker, a sound module tracking program, which could allow a maliciously constructed input file to execute arbitary code. For the stable distribution (sarge) this problem has been fixed in version 0.9.9-1sarge1. For the unstable distribution (sid) this problem has been fixed in version 0.9.9-6. We recommend that you upgrade your cheesetracker package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1.dsc Size/MD5 checksum: 659 94fe4cfb651e3fd373a79d8928b7c24c http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1.diff.gz Size/MD5 checksum:14286 c3e831161af73cb234e5ccee329e90ae http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9.orig.tar.gz Size/MD5 checksum: 842246 d2cb55cd35eaaaef48454a5aad41a08d Alpha architecture: http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_alpha.deb Size/MD5 checksum: 1138458 aa9cab8b149d4824c4f19ef8f89f2200 AMD64 architecture: http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_amd64.deb Size/MD5 checksum: 929228 67b42bf5ca9b7b7c230bb21a5ec3942d ARM architecture: http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_arm.deb Size/MD5 checksum: 1159110 04e55102d781a572aa1e091a75c7c615 HP Precision architecture: http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_hppa.deb Size/MD5 checksum: 1248130 547aa7324369bb2572d28558a418bd6f Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_i386.deb Size/MD5 checksum: 904204 286d04ae0c9893c894b67d2336e9aae9 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_ia64.deb Size/MD5 checksum: 1292230 d6e5e7d89f45509cccb1a51498629bdf Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_m68k.deb Size/MD5 checksum: 977470 6287cf1f532affc53921547dd9b9a6a4 PowerPC architecture: http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_powerpc.deb Size/MD5 checksum: 968684 839f5a35fe36eb2f12627d5b9e6bbd8b IBM S/390 architecture: http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_s390.deb Size/MD5 checksum: 871530 9b6f802a60f568a537d7f6e40f15e4da Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_sparc.deb Size/MD5 checksum: 975272 c0cc12c0095961806788d1871acbbf54 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFE+ssowM/Gs81MDZ0RAu/EAJ44jroCmofByWjRsIWvZvD64hofSgCglyET egUPEuZnuJ9jAtrdAIikfhE= =xuCl -END PGP SIGNATURE-
[SECURITY] [DSA 1131-1] New apache package fix buffer overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1131-1[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp Aug 1st, 2006 http://www.debian.org/security/faq - -- Package: apache Vulnerability : buffer overflow Problem-Type : remote Debian-specific: no CVE ID : CVE-2006-3747 CERT advisory : VU#395412 Debian Bug : 380231 Mark Dowd discovered a buffer overflow in the mod_rewrite component of apache, a versatile high-performance HTTP server. In some situations a remote attacker could exploit this to execute arbitary code. For the stable distribution (sarge) this problem has been fixed in version 1.3.33-6sarge2. For the unstable distribution (sid) this problems will be fixed shortly. We recommend that you upgrade your apache package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2.dsc Size/MD5 checksum: 1119 8188c2fe660d475970139af295b07b86 http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2.diff.gz Size/MD5 checksum: 372930 40c5ca3d91d1307a191915459bc94237 http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33.orig.tar.gz Size/MD5 checksum: 3105683 1a34f13302878a8713a2ac760d9b6da8 Architecture independent components: http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.33-6sarge2_all.deb Size/MD5 checksum: 334562 a6a506713c09c27143feffe738aed3f9 http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.33-6sarge2_all.deb Size/MD5 checksum: 1332888 f24fa9421e8dc9acec2467b58468f2dd http://security.debian.org/pool/updates/main/a/apache/apache-utils_1.3.33-6sarge2_all.deb Size/MD5 checksum: 212626 b9a5198ee442212cdd248be8827400a1 Alpha architecture: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_alpha.deb Size/MD5 checksum: 428152 a58caae837e1025d97cf44bf8fb23f0f http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_alpha.deb Size/MD5 checksum: 904242 ce2a0e4b97c1926dafdf31e589883995 http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_alpha.deb Size/MD5 checksum: 9223072 182f1789104e294f72fede75dc13b875 http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_alpha.deb Size/MD5 checksum: 569406 185346b21b2adbc248a06f689f094b97 http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_alpha.deb Size/MD5 checksum: 542576 dfe389cdb48d38ee2a27a3a622a6c6e0 http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_alpha.deb Size/MD5 checksum: 505050 36759af8debeceeebdd083a337e590cb AMD64 architecture: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_amd64.deb Size/MD5 checksum: 401466 6d45b8e9a23382f6b2eadc28af28e4a4 http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_amd64.deb Size/MD5 checksum: 876652 7474a08ccd74235787761b8e1ffe8c0e http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_amd64.deb Size/MD5 checksum: 9162572 b55d8df232edbd900372fe339a065fd1 http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_amd64.deb Size/MD5 checksum: 524410 41142b30d22c99476977c339cf071504 http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_amd64.deb Size/MD5 checksum: 513708 5377d3aa2ad92e07db2654d3fd3761d1 http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_amd64.deb Size/MD5 checksum: 492544 2d15619f2db2d39d6abdaf25574fbf4c ARM architecture: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_arm.deb Size/MD5 checksum: 384260 7785f5fa4d814bd1a1ec946fe007ec53 http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_arm.deb Size/MD5 checksum: 841372 83ed59ba296d64b5b6731c3a57902810 http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33
[SECURITY] [DSA 1132-1] New apache2 packages fix buffer overflow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1132-1[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp Aug 1st, 2005 http://www.debian.org/security/faq - -- Package: apache2 Vulnerability : buffer overflow Problem-Type : remote Debian-specific: no CVE ID : CVE-2006-3747 CERT advisory : VU#395412 Debian Bug : 380182 Mark Dowd discovered a buffer overflow in the mod_rewrite component of apache, a versatile high-performance HTTP server. In some situations a remote attacker could exploit this to execute arbitary code. For the stable distribution (sarge) this problem has been fixed in version 2.0.54-5sarge1. For the unstable distribution (sid) this problem will be fixed shortly. We recommend that you upgrade your apache2 package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5sarge1.dsc Size/MD5 checksum: 1153 4b2aeab1c5578a6879c1d036487c75a2 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5sarge1.diff.gz Size/MD5 checksum: 110080 57c824fbbbae3fa68d504797fa8e6341 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54.orig.tar.gz Size/MD5 checksum: 7493636 37d0d0a3e25ad93d37f0483021e70409 Architecture independent components: http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.0.54-5sarge1_all.deb Size/MD5 checksum: 3891046 f860e8207364bbbf05cfd81fa281508e http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-threadpool_2.0.54-5sarge1_all.deb Size/MD5 checksum:33564 7d974c7e0f38c6e31017e712f15214fd Alpha architecture: http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5sarge1_alpha.deb Size/MD5 checksum:33488 f36f397f92e8946d342d8b939a8e1f41 http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5sarge1_alpha.deb Size/MD5 checksum: 865320 82e919111eccc60ed021aa196cc3cb00 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5sarge1_alpha.deb Size/MD5 checksum: 246374 e6d9e455161bad25b178992b109c9375 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5sarge1_alpha.deb Size/MD5 checksum: 241488 80524503bc76924132c26df38c61e5ad http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5sarge1_alpha.deb Size/MD5 checksum: 245676 91eab40f8da34595f1a96c1b3c2254a3 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5sarge1_alpha.deb Size/MD5 checksum: 167694 81b924d7aca297e86e600a3439d31d4a http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5sarge1_alpha.deb Size/MD5 checksum: 168422 fa3bf3865b48d5a8324a6e6135ffaab1 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5sarge1_alpha.deb Size/MD5 checksum:97552 67c989219009488916ba16f399fa33fb http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5sarge1_alpha.deb Size/MD5 checksum: 155792 ff3355874d8b7fa7c6ad1c55f8eabb8c http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5sarge1_alpha.deb Size/MD5 checksum: 315260 ed3c2bc91b3be333c535aae01959f5f0 AMD64 architecture: http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5sarge1_amd64.deb Size/MD5 checksum:33482 431da06ae2973e4ab7e6195652b4f8b6 http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5sarge1_amd64.deb Size/MD5 checksum: 826686 3e2d13f95a82053ec6afa782ae62ffec http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5sarge1_amd64.deb Size/MD5 checksum: 221350 7f3384834425befc9437ff16795fe827 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5sarge1_amd64.deb Size/MD5 checksum: 216820 76034c08d148bf01b7eb72f5156fe2bc http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5sarge1_amd64.deb Size/MD5 checksum: 220588 382bd5f3a47262c68c72566ae45aa005
[SECURITY] [DSA 1102-1] New pinball packages fix privilege escalation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1102-1[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp June 26th, 2006 http://www.debian.org/security/faq - -- Package: pinball Vulnerability : design error Problem type : local Debian-specific: no CVE ID : CVE-2006-2196 Steve Kemp from the Debian Security Audit project discovered that pinball, a pinball simulator, can be tricked into loading level plugins from user-controlled directories without dropping privileges. The old stable distribution (woody) does not contain this package. For the stable distribution (sarge) this problem has been fixed in version 0.3.1-3sarge1. For the unstable distribution (sid) this problem has been fixed in version 0.3.1-6. We recommend that you upgrade your pinball package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1.dsc Size/MD5 checksum: 811 17ac5604e5bb7e13b938d84012c6ea7c http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1.diff.gz Size/MD5 checksum: 320626 5473ae87027018899b08f12c34ddd538 http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1.orig.tar.gz Size/MD5 checksum: 6082982 f28e8f49e0db8e9491e4d9f0c13c36c6 Architecture independent components: http://security.debian.org/pool/updates/main/p/pinball/pinball-data_0.3.1-3sarge1_all.deb Size/MD5 checksum: 5542524 c586ed47103f89443cf32f57984ac95c Alpha architecture: http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_alpha.deb Size/MD5 checksum: 189898 6168d325d265c72da1007aaa83c7b9bd http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_alpha.deb Size/MD5 checksum: 325654 caeae82e416a40ad943ff38ce8c5eb98 AMD64 architecture: http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_amd64.deb Size/MD5 checksum: 167050 af8664da7ef5e0d1fd1e1eb86e2a7fc1 http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_amd64.deb Size/MD5 checksum: 242432 36c44eed9de2d48089e7c396e270c98e ARM architecture: http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_arm.deb Size/MD5 checksum: 193056 52d5e3fb06e529326ae361f739915169 http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_arm.deb Size/MD5 checksum: 294198 4bc5b7e9d5b1cc0f0b90f91290cf0999 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_i386.deb Size/MD5 checksum: 159576 b7fcaf42621d2c356de66c90ea19fab0 http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_i386.deb Size/MD5 checksum: 219780 7a4877a175b976ca20d25040e0fcab11 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_ia64.deb Size/MD5 checksum: 221146 717fb85a21f4bd4a535200a7420e16b9 http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_ia64.deb Size/MD5 checksum: 315856 a9a8496a1d029a0d64afb00b0c5fd116 HP Precision architecture: http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_hppa.deb Size/MD5 checksum: 191708 e97c652fb430dbaeb5d367f196ea1ba0 http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_hppa.deb Size/MD5 checksum: 300260 606404a0da99b9884229bee10849413e Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_m68k.deb Size/MD5 checksum: 160442 1ff1dd9d285de6e7300f8e7eb027c766 http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_m68k.deb Size/MD5 checksum: 223038 a7a4a5a997a05cf929b45529cd81942f Big endian MIPS architecture: http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_mips.deb Size/MD5 checksum: 166400 05f3ea274037ffb1a2b76fa5a802ff87 http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1
[SECURITY] [DSA 1084-1] New typespeed packages fix arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1084-1[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp May 31st, 2006 http://www.debian.org/security/faq - -- Package: typespeed Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2006-1515 Niko Tyni discovered a buffer overflow in the processing of network data in typespeed, a game for testing and improving typing speed, which could lead to the execution of arbitrary code. For the old stable distribution (woody) this problem has been fixed in version 0.4.1-2.4. For the stable distribution (sarge) this problem has been fixed in version 0.4.4-8sarge1. For the unstable distribution (sid) this problem has been fixed in version 0.4.4-10. We recommend that you upgrade your typespeed packages. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4.dsc Size/MD5 checksum: 575 dde5c050b1e67ffe4514b9dedce6b7fc http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4.diff.gz Size/MD5 checksum: 8612 c431a405c883545c348dad82ff0c5128 http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1.orig.tar.gz Size/MD5 checksum:35492 0af9809cd20bd9010732ced930090f32 Alpha architecture: http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_alpha.deb Size/MD5 checksum:44616 e12714bb06b857244da1dd39bdb17a6e ARM architecture: http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_arm.deb Size/MD5 checksum:39268 e6652cd262056a06c92c9a6715033ec5 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_i386.deb Size/MD5 checksum:39006 e69aa8f0bad65aa5f8b85792b5ea63be Intel IA-64 architecture: http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_ia64.deb Size/MD5 checksum:50214 d09c640908ada757a3d37980ea80d6fd HP Precision architecture: http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_hppa.deb Size/MD5 checksum:42168 2b14f1071f09ec1a8a20f1cd62a17654 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_m68k.deb Size/MD5 checksum:37690 79068703c63e95c32d0e9a732065a42b Big endian MIPS architecture: http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_mips.deb Size/MD5 checksum:41270 222ba830c5e6d37ee7a9458a84a52074 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_mipsel.deb Size/MD5 checksum:41324 e229b337a3d761192afc307931d6310e PowerPC architecture: http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_powerpc.deb Size/MD5 checksum:41550 02b214201c33b7f678749f56414f6853 IBM S/390 architecture: http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_s390.deb Size/MD5 checksum:39120 9d72d98cd5b59e79dc71f5cdd5bffa00 Sun Sparc architecture: http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_sparc.deb Size/MD5 checksum:43222 1091af6dcd4e56c43a8b981ed2668105 Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.4-8sarge1.dsc Size/MD5 checksum: 596 6e67253c4c56b5709eb5829cf4a632c8 http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.4-8sarge1.diff.gz Size/MD5 checksum: 6758 6a41c5d37ffca328987e7197adad8e4a http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.4.orig.tar.gz Size/MD5 checksum:38526 97ca3e3d0323c41ecc4f453f557287ea Alpha architecture: http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.4-8sarge1_alpha.deb Size/MD5 checksum:48440 6ff82fd7eedb568a2be2f5c4700684d1 AMD64 architecture: http://security.debian.org/pool
[SECURITY] [DSA 1080-1] New dovecot packages fix directory traversal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1080-1[EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp May 29th, 2006 http://www.debian.org/security/faq - -- Package: dovecot Vulnerability : programming error Problem type : remote Debian-specific: no CVE ID : CVE-2006-2414 A problem has been discovered in the IMAP component of Dovecot, a secure mail server that supports mbox and maildir mailboxes, which can lead to information disclosure via directory traversal by authenticated users. The old stable distribution (woody) is not affected by this problem. For the stable distribution (sarge) this problem has been fixed in version 0.99.14-1sarge0. For the unstable distribution (sid) this problem has been fixed in version 1.0beta8-1. We recommend that you upgrade your dovecot-imapd package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/d/dovecot/dovecot_0.99.14-1sarge0.dsc Size/MD5 checksum: 760 5365f712ee15d1c3b825af2ef95f583e http://security.debian.org/pool/updates/main/d/dovecot/dovecot_0.99.14-1sarge0.diff.gz Size/MD5 checksum:26557 e30859421db7ebe8478dacb02110f3f0 http://security.debian.org/pool/updates/main/d/dovecot/dovecot_0.99.14.orig.tar.gz Size/MD5 checksum: 871285 a12e26fd378a46c31ec3a81ab7b55b5b Architecture independent components: http://security.debian.org/pool/updates/main/d/dovecot/dovecot_0.99.14-1sarge0_all.deb Size/MD5 checksum: 7516 b6813e75e60e5094ac114fcc198d2ea2 Alpha architecture: http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_alpha.deb Size/MD5 checksum: 283796 06751f47fe61b4f9fd410cd055288be2 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_alpha.deb Size/MD5 checksum: 364838 e6e564cf60e92b4bd12f5209f56ed4c1 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_alpha.deb Size/MD5 checksum: 331290 e6bf35a49d23636b53378e996ce9c1d2 AMD64 architecture: http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_amd64.deb Size/MD5 checksum: 258846 990b811364af83c3223e6a733fb6856b http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_amd64.deb Size/MD5 checksum: 311520 642e17490997baa93857b282c4b13f7a http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_amd64.deb Size/MD5 checksum: 285308 6ea57ba9b419b77964812a93f959b98c ARM architecture: http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_arm.deb Size/MD5 checksum: 244796 64574178089a5c8ee75912adbe0aaf33 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_arm.deb Size/MD5 checksum: 289624 5d4b172a52f4f23d9702348d03b35ff3 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_arm.deb Size/MD5 checksum: 265496 3284fc52fd054f5545e8327cc0d39e7a Intel IA-32 architecture: http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_i386.deb Size/MD5 checksum: 245230 ba2e1bccd3d12180c2ec50d41102dde7 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_i386.deb Size/MD5 checksum: 292656 00c0245e231a07bc05104c2b3113951b http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_i386.deb Size/MD5 checksum: 268158 9c061cc01ca82178530b6c47aad1120c Intel IA-64 architecture: http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_ia64.deb Size/MD5 checksum: 308824 fab290d2d317aa96a029214cf05e http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_ia64.deb Size/MD5 checksum: 429626 287f26ebef5de68a0867ef38fcba4aa0 http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_ia64.deb Size/MD5 checksum: 389276 f4cc53876bae4f3780eeb89465700c8f HP Precision architecture: http