[Full-disclosure] remember password manager..
http://secunia.com/advisories/23046/ Solution Status: Unpatched The vulnerability is caused due to the Password Manager not properly checking the URL before automatically filling in saved user credentials into forms. This may be exploited to steal user credentials via malicious forms in the same domain. (or if the site has any xss) And i can confirm it's still unfixed in 2.0.0.12.. do you guys keep saving your passwords? :P Kevin ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] eeye diffing suite?
Hi All, I am just wondering if anyone has used eeye's open source diffing suite(http://research.eeye.com/html/tools/RT20060801-1.html) if yes then what is your experiance compared to bindiff or i am comparing the two wrong products? -- advertise on secgeeks? http://secgeeks.com/Advertising_on_Secgeeks.com http://newskicks.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] raidsonic nas-4220 crypt disk key leak (stored in plain on unencrypted partition)
Manufacturer: RaidSonic (www.raidsonic.de) Device: NAS-4220-B Firmware: 2.6.0-n(2007-10-11) Device Type: end user grade NAS box OS: Linux 2.6.15 Architecture: ARM Designed by: Storm Semiconductor Inc (www.storlinksemi.com) Problem: Hard disk encryption key stored in plain on unencrypted partition. Time line: Found: 09. March 2008 Reported: 09. March 2008 Disclosed: 16. March 2008 Summary: The NAS-4220-B offers disk encryption through it's web interface. The key used for encrypting the disk(s) is stored on a unencrypted partition. Therefore one can extract the encryption key by removing the disk from the NAS and reading the value from the unencrypted partition. The key itself is stored in a file in plain (base64 encoded). Therefore the NAS-4220 crypt disk support can not be considered secure. Details: The NAS-4220-B can hold two SATA disks. Disk are encrypted through a loop back device using AES128. The problem came to my attention when I could access the NAS after reboot without suppling the hard disk key. The key is stored in /system/.crypt, /system is a small configuration partition on the same disk that holds the encrypted partition. The system partition is created by the system software running on the NAS-4220. The configuration partition of the second hard disk is not mounted by default but also contains the .crypt file holding the key for the encrypted partition on the same disk. Accessing the key (key value is the example I used): $ cat /system/.crypt MTIzNDU2Nzg5MDEyMzQ1Njc4OTA= key in plain key in base64 12345678901234567890 MTIzNDU2Nzg5MDEyMzQ1Njc4OTA= Base64 decode: #!/usr/bin/python from base64 import * print b64decode(MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=) Reported by: Collin Mulliner collin(AT)betaversion.net Collin's Advisories: http://www.mulliner.org/security/advisories/ -- Collin R. Mulliner [EMAIL PROTECTED] BETAVERSiON Systems [www.betaversion.net] info/pgp: finger [EMAIL PROTECTED] If you have to run heating in winter, you don't own enough computers. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1521-1] New lighttpd packages fix arbitrary file disclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1521-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp March 16, 2008http://www.debian.org/security/faq - Package: lighttpd Vulnerability : file disclosure Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-1270 Julien Cayzac discovered that under certain circumstances lighttpd, a fast webserver with minimal memory footprint, might allow the reading of arbitrary files from the system. This problem could only occur with a non-standard configuration. For the stable distribution (etch), this problem has been fixed in version 1.4.13-4etch6. We recommend that you upgrade your lighttpd package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch6.dsc Size/MD5 checksum: 1098 3e5a62a7162734998177e8707d2dba02 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch6.diff.gz Size/MD5 checksum:37066 853e653e4b56e0065b7d072bfdb038b9 Architecture independent packages: http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch6_all.deb Size/MD5 checksum:99510 38af003d4b49531a371c58eec8c92797 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch6_alpha.deb Size/MD5 checksum:61252 f9a572ac4ece6cda80883e9ece59cf99 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch6_alpha.deb Size/MD5 checksum:64492 6d0802043b33391abf217b605ade53c6 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch6_alpha.deb Size/MD5 checksum: 318848 64225fd5e10a77386763b28a3fa6b310 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch6_alpha.deb Size/MD5 checksum:71726 8797d97bd147f2f502741d790d42781e http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch6_alpha.deb Size/MD5 checksum:59494 5537c07a1bf16c607d42cbb24af35b0e http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch6_alpha.deb Size/MD5 checksum:64924 e179a9988bc2b04a0188301040f7eb02 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch6_amd64.deb Size/MD5 checksum:60662 281bac93cddf6ed6fcd907dac5eb0720 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch6_amd64.deb Size/MD5 checksum:69818 74394f7d4528636f962133efa4a738da http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch6_amd64.deb Size/MD5 checksum:63506 b336b9d3d1836d2d06c5feaaefb8366e http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch6_amd64.deb Size/MD5 checksum:63806 6613f85008260c83222a2b5a8d183d50 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch6_amd64.deb Size/MD5 checksum: 297130 9a00e9837f11cb5647491e28bf8da877 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch6_amd64.deb Size/MD5 checksum:59060 1b1864819d7892f9dc1834ece83ba39f arm architecture (ARM) http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch6_arm.deb Size/MD5 checksum:62786 e91afeac0b95ae32d9c346bf8b56ff2b http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch6_arm.deb Size/MD5 checksum:69506 928bd56baa76d302d2637c3edafa966a http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch6_arm.deb Size/MD5 checksum:58604 e060ddc287c0f62485c3b450f781a9c5 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch6_arm.deb Size/MD5 checksum: 286248 6915b4c299334a0aa608e69016579947 http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch6_arm.deb Size/MD5 checksum:60736 c1dba99fad76965ea148addcedbe8d1e
[Full-disclosure] We've shut down the Exploit Acquisition Program
If you're interested you can read about it here: http://snosoft.blogspot.com/2008/03/exploit-acquisition-program-shut-down.html -- - simon -- http://www.snosoft.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] We've shut down the Exploit Acquisition Program
Simon Smith wrote: If you're interested you can read about it here: http://snosoft.blogspot.com/2008/03/exploit-acquisition-program-shut-down.html Ya, I'll second that one. The market turned out to be uglier than expected for a lot of reasons including this one. Jared ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1517-1] New ldapscripts packages fix information disclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1517-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst March 15, 2008http://www.debian.org/security/faq - Package: ldapscripts Vulnerability : programming error Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-5373 Debian Bug : 445582 Don Armstrong discovered that ldapscripts, a suite of tools to manipulate user accounts in LDAP, sends the password as a command line argument when calling LDAP programs, which may allow a local attacker to read this password from the process listing. For the stable distribution (etch), this problem has been fixed in version 1.4-2etch1. The old stable distribution (sarge) does not contain an ldapscripts package. For the unstable distribution (sid), this problem has been fixed in version 1.7.1-2. We recommend that you upgrade your ldapscripts package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/l/ldapscripts/ldapscripts_1.4.orig.tar.gz Size/MD5 checksum:18812 3e063297a5188922803a451cdbf7dd61 http://security.debian.org/pool/updates/main/l/ldapscripts/ldapscripts_1.4-2etch1.diff.gz Size/MD5 checksum: 8429 4d4fd01f12940bf2272cf9b2a27e34c5 http://security.debian.org/pool/updates/main/l/ldapscripts/ldapscripts_1.4-2etch1.dsc Size/MD5 checksum: 883 dabe3144f01910f1f055a2a6d9b63148 Architecture independent packages: http://security.debian.org/pool/updates/main/l/ldapscripts/ldapscripts_1.4-2etch1_all.deb Size/MD5 checksum:28482 52a069bdb720fb9d9897f96dbc150c8a These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR9xJ6Wz0hbPcukPfAQJcQgf/UMOVzEg7shvl7kFjE0NmKhbnr+E2Zt1s ys0fcA4gz1kT1nDyYDleCmdpfkL7fll5xzVvhyJWc/4ZjWaBQLP9eLUMPzbLZf9v Zbnua0sAcJoYw3Cra6ZKZWlybjlzFE/O0HXy8MUAA0cyGsBigDE8bg6G8GWYLN39 B3DCJ3DiYmzWAwQ2dGonO28/j/y8WuLRWXfvLd9LdBC+mlI/qTj2Jqf78iwAAwn7 ZvFKMMAWWt37Q2msQ2L+noFkZXA9K2podUUP0eOaU/eX0Tk5Re2r5OXowMZDr9Zj g+kSV39SzLW7wHTruy1xZPRKsyovyBPm0CXi8LT/KQ42Rvg0QJ+ygw== =ZWaH -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1518-1] New backup-manager packages fix information disclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1518-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst March 15, 2008http://www.debian.org/security/faq - Package: backup-manager Vulnerability : programming error Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-4656 Debian Bug : 439392 Micha Lenk discovered that backup-manager, a command-line backup tool, sends the password as a command line argument when calling a FTP client, which may allow a local attacker to read this password (which provides access to all backed-up files) from the process listing. For the stable distribution (etch), this problem has been fixed in version 0.7.5-4. For the old stable distribution (sarge), this problem has been fixed in version 0.5.7-1sarge2. For the unstable distribution (sid), this problem has been fixed in version 0.7.6-3. We recommend that you upgrade your backup-manager package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7-1sarge2.dsc Size/MD5 checksum: 923 fad99430055e40413827e477768dd077 http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7.orig.tar.gz Size/MD5 checksum:35661 a97a66d03c4a05072924998f48f7b5d6 http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7-1sarge2.diff.gz Size/MD5 checksum:18510 4c33c9b8711ca3da4eb7f8f77214c26a Architecture independent packages: http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7-1sarge2_all.deb Size/MD5 checksum:30740 05b3fbc927d4ca0e7823a5dca7a1b9b0 Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.7.5-4.dsc Size/MD5 checksum: 1036 e63192d8ad7753a47baaae9c9df26f25 http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.7.5.orig.tar.gz Size/MD5 checksum: 159855 76e1c9cea0b8fb210d3862fd89e09c08 http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.7.5-4.diff.gz Size/MD5 checksum:98048 4c4e6282b938b98e9488d44243d7bb96 Architecture independent packages: http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager-doc_0.7.5-4_all.deb Size/MD5 checksum: 219546 d97a5222cf45f9feb451ffb9c0c66164 http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.7.5-4_all.deb Size/MD5 checksum: 109278 bcb8c5d8902e36ac0348c94a84cf04cb These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR9xJ7mz0hbPcukPfAQJrtQgAmwTWjmqoD4C8gr1DhGu6wXrzKU63tXr+ LEkAEb6HP394M+p7mu8V11JtqsyA2btxMqZD9lpqbNQ0b2JrZH9qHq1SZ5sO/mN4 VM++xZ+TYMVFaP15dbAZCcHNYKfPS9HGUQJngl5c5Xpsb+zMxuH2l3qlLfBXWcl5 Jc1NiiHPpF1QcjqO4+S7fYk8bagQXtjPUDalePh3aAeswnCJbd8iSqZDKULYB/qZ 2xpaXhP9h1BN3Xb1lLtkSIzvjfQDzO6NW8D9o3FHSinCYgBBf0ZQSfIWpCSx8Ymk jnRWw6U0+WrGoBkSoE2934b5l28EtbDgjEBLQseHx7Taj6yyCPDDJA== =VPx5 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1519-1] New horde3 packages fix information disclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1519-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst March 15, 2008http://www.debian.org/security/faq - Package: horde3 Vulnerability : insufficient input sanitising Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-1284 Debian Bug : 470640 It was discovered that the Horde web application framework permits arbitrary file inclusion by a remote attacker through the theme preference parameter. The old stable distribution (sarge) this problem has been fixed in version 3.0.4-4sarge7. For the stable distribution (etch) this problem has been fixed in version 3.1.3-4etch3. For the unstable distribution (sid) this problem has been fixed in version 3.1.7-1. We recommend that you upgrade your horde3 package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge7.dsc Size/MD5 checksum: 920 b3374347290398c40e95d94ca72f089c http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4.orig.tar.gz Size/MD5 checksum: 3378143 e2221d409ba1c8841ce4ecee981d7b61 http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge7.diff.gz Size/MD5 checksum:14280 01c1df81c247bf310367f50859ebb2ff Architecture independent packages: http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge7_all.deb Size/MD5 checksum: 3437956 4c4fa0aa9f5347785ca74f414165f934 Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch3.diff.gz Size/MD5 checksum:13100 d79fbe74794a4f6c70f208ba3a55bebc http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch3.dsc Size/MD5 checksum: 974 f8929682acb675550e4235c62a99cbe6 http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3.orig.tar.gz Size/MD5 checksum: 5232958 fbc56c608ac81474b846b1b4b7bb5ee7 Architecture independent packages: http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch3_all.deb Size/MD5 checksum: 5270328 d4a9a4db3744a2cd496ed499c39ec6b3 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR9xcEWz0hbPcukPfAQJ1Fwf7BNqYgPzAk4NwoZEcuum64NWdrXb7gzCc qfs+NIuGVbDBeSB7aQkvxeYvwKg7MJpAYo06/vDM+5NbHgDylfUw1AyyD96b9PrJ hFOtF2cHt3kpmq1zjnC8rqW9ULyk3fPDTRtbZizBoFZcpk5mjJQ23BsG9BFAT+Gs ORdNIw1qFnjfvLwtAJmUAe/aOGuN8DSd+S2+FdR6RmvHDsWulBoQMaqi3eI7M7I5 76CVv72rK0a2LikZUJpV/XG/3weZzixIYVTn6gDpj6pRmsPCD9vgEt/EBaBPN2Yp 59synQ1Iu8YfUsHlePpf9Xv0/ddNDkHZtuoRdqJuz+kPvkV2N8DQ5Q== =sl4d -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1520-1] New smarty packages fix arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1520-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst March 16, 2008http://www.debian.org/security/faq - Package: smarty Vulnerability : insufficient input sanitising Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-1066 Debian Bug : 469492 It was discovered that the regex module in Smarty, a PHP templating engine, allows attackers to call arbitrary PHP functions via templates using the regex_replace plugin by a specially crafted search string. For the stable distribution (etch), this problem has been fixed in version 2.6.14-1etch1. For the old stable distribution (sarge), this problem has been fixed in version 2.6.9-1sarge1. For the unstable distribution (sid), this problem has been fixed in version 2.6.18-1.1. We recommend that you upgrade your smarty package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.9-1sarge1.dsc Size/MD5 checksum: 870 3c1955d0151a53532dab661fb9a9b7b3 http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.9.orig.tar.gz Size/MD5 checksum: 141694 4ee0048de6a9b35f1b11b458493327f2 http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.9-1sarge1.diff.gz Size/MD5 checksum: 3502 b1835fb9b611eb5ef3f26f23c21fbdbb Architecture independent packages: http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.9-1sarge1_all.deb Size/MD5 checksum: 177048 39408bb8ec42a25956990f2e81bd2d7e Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14-1etch1.dsc Size/MD5 checksum: 950 fa71b68819fe520b5616eec683276fdf http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14.orig.tar.gz Size/MD5 checksum: 144986 9186796ddbc29191306338dea9d632a0 http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14-1etch1.diff.gz Size/MD5 checksum: 3814 8544db24358f72e091898f45c9fbc961 Architecture independent packages: http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14-1etch1_all.deb Size/MD5 checksum: 184654 d2c9b4a558a052ab1c96bbdadfedafa5 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR90FHmz0hbPcukPfAQLweQgAmRduFuq43IcPo6RV2RRdVvlHgZzE4/qZ Uvo0O8j6jmu6w4bxfxaMWOEZvIpNO+T9FRhPhmCW3mulip1htaKCeVNaY54w9NCV C+5j3kiPFINyZPTDsOmL8vS5RrpCmA/9G1MiT2KHflbDObbDf86cqQ+/fxDBmz2V mgPLh3nm5ZC3lwXB+hySbMBuJY2EkOEzY4bF6lqoD5oxtjzBi9uuWSETTknpgnLB aPQgBMehy3yt8zMO55Po9jTXJ7Hnmqx1HsgsP0HZmd4LtdyBAg3h/kPDyVU5IDfr EUX+eKT2jpgj5PutxG4zHRU/xS5M/VIgFHdMCk1JylFKfzaFUCHwug== =Pb7P -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1493-2] New sdl-image1.2 packages fix arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1493-2 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst March 16, 2008http://www.debian.org/security/faq - Package: sdl-image1.2 Vulnerability : buffer overflows Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2007-6697 CVE-2008-0554 An oversight led to the version number of the Debian 4.0 `Etch' update for advisory DSA 1493-1 being lower than the version in the main archive, making it uninstallable. This update corrects the version number. For reference the full advisory is quoted below: Several local/remote vulnerabilities have been discovered in the image loading library for the Simple DirectMedia Layer 1.2. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-6697 Gynvael Coldwind discovered a buffer overflow in GIF image parsing, which could result in denial of service and potentially the execution of arbitrary code. CVE-2008-0544 It was discovered that a buffer overflow in IFF ILBM image parsing could result in denial of service and potentially the execution of arbitrary code. For the stable distribution (etch), these problems have been fixed in version 1.2.5-2+etch1. For the old stable distribution (sarge), these problems have been fixed in version 1.2.4-1etch1. Due to a copy paste error etch1 was appended to the version number instead of sarge1. Since the update is otherwise technically correct, the update was not rebuilt to the buildd network. We recommend that you upgrade your sdl-image1.2 packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 3.1 (oldstable) - -- Source archives: http://security.debian.org/pool/updates/main/s/sdl-image1.2/sdl-image1.2_1.2.4-1etch1.diff.gz Size/MD5 checksum:27202 0b364f0ccd1b55de86b64beafbebff7f http://security.debian.org/pool/updates/main/s/sdl-image1.2/sdl-image1.2_1.2.4-1etch1.dsc Size/MD5 checksum: 695 6dfd0ce5e3c53237b0b25e4dd269a11a http://security.debian.org/pool/updates/main/s/sdl-image1.2/sdl-image1.2_1.2.4.orig.tar.gz Size/MD5 checksum: 841885 70bf617f99e51a2c94550fc79d542f0b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_alpha.deb Size/MD5 checksum:33742 ea1ed76178284a1c6db541c965da37e4 http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_alpha.deb Size/MD5 checksum:43496 f545cac9be83710d7a9fa10b9a6aa3e6 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_amd64.deb Size/MD5 checksum:28126 42037dac0e93f401ac8dbbd7eb28db3f http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_amd64.deb Size/MD5 checksum:33870 742423cedbaf791e44b9038cf55fb12f arm architecture (ARM) http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_arm.deb Size/MD5 checksum:26854 6329107849651e11c8d4e4f556083d87 http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_arm.deb Size/MD5 checksum:32982 e94d20a7159fb861d46ebf3b4eeb1a3e hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_hppa.deb Size/MD5 checksum:32766 ea20750007fc127575c809c3c5120670 http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_hppa.deb Size/MD5 checksum:37850 28508c01a54dbcdfcbc5976fb39d4e4e i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_i386.deb Size/MD5 checksum:31678 e4f87b2d32187aea3e3106acffba5110 http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_i386.deb Size/MD5 checksum:27288 edea4b5cee15f1541affd374d5fdc304 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_ia64.deb Size/MD5 checksum:39306 71a0facbdffabd3fc3a2020441cdc77b